 Zonealarm Sec Alert Selfextr Mfc App Trying To Launch..., do not know what this extractor will extract... |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post. - BleepingComputer Management |
  |
  Apr 8 2007, 12:58 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 2 Joined: 19-January 07 Member No.: 107,124  |
up today, sunday, 4.8.07. I HAVE HAD A COUPLE OF "CHANGED" SYSTEM 32 FILES show up when i run avg, so it may be related or not. i simply cannot find information on any of this zonealarm security alert, what it pertains to, what it does, etc. i am the wireless home administrator of two computers and a printer, with file and printer sharing. i run windows xp pro SP2 on the desktop, and the laptop runs windows xp home SP2. both have zone alarm and avg (free) antivirus loaded. i use mozilla firefox as a browser. i have a few toolbars installed onto my own admin account, but not all on the limited user account. the ones that i use are: firefox microsoft custom links yahoo stumbleupon the google search and a search here does not reveal what this means: (a red zonealarm alert upon reboot): SUSPICIOUS BEHAVIOR selfextr MFC Application is trying to launch C:\WINDOWS\system32\extrac32.exe, or use another program to gain access to privileged resources. Application: RELEASE_01_3062.EXE Properties: version 1.0.1.11 description: selfextr MFC application copyright: 2006 Gteko Ltd. is this a part of the google desktop application? is it part of google? google search did not return anything. i am going to DENY it access as of now, but i need to know what it is in trying to fix a problem with RAM memory that shows up on my limited user (patti, my assistant) account, yet, it has a green dot within the zonealarm program list! this is what i see on patti's limited logon, even if i shut down my own google desktop: Google desktop problem. could not update database. there may not be enough free space on the drive or another program may be locking up the database. free up disk space or try uninstalling and reinstalling google desktop. D 800700 20 5.1.10634 (showing on the desktop only). after i had installed firefox and the google desktop bar that i use, i noticed, upon running an antivirus scan using AVG free antivirus (the best), that two files are now CHANGED: FILE: user32.dll and FILE: ntoskrnl.exe they just are CHANGED, and AVG does not show them as infected, so i don't understand what "changed" refers to. they are both inside of this path: C:\WINDOWS\system32\filename above i didn't find anything to help me figure out why these system32 files are showing up as changed when i performed google search. it just doesn't make any sense to me. i have to do an introduction, sorry. please, please, please help me! Because i DARE NOT reconfigure the wireless laptop until i know what this means and how it affects the WINDOWS registry. i do not use any registry cleaner and don't trust them at all. i do not know how to fix my own registry and am scared to do anything with it. PLEASE HELP ME!!! sincerely, kikki  i am just rebooting today on the desktop |
 |
 
|
|
Apr 16 2007, 02:40 PM
Post
#2
|
|
|
New Member Group: Members Posts: 2 Joined: 16-April 07 Member No.: 125,022 |
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GTek\GTUpdate\AUpdate\Channels\ch2\CIP\RELEASE_01_3062.EXE
seems to be a possible install directory. Searching for Gtek online gets me: http://www.gtek.com/products.html If you've installed anything like that recently, denying it might stop whatever you installed from functioning correctly. Other than that, I don't see anything wrong with the course of action you took. Note also that the program does not seem to demand network connectivity in any way. Seeing as you're a wireless home administrator, and many of Gtek's products have to do with wireless functions, I would look for any new additions from their product lines. |
|
|
|
|
Apr 22 2007, 01:31 AM
Post
#3
|
|
|
New Member Group: Members Posts: 2 Joined: 19-January 07 Member No.: 107,124 |
QUOTE(isuelde @ Apr 16 2007, 02:40 PM)  C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GTek\GTUpdate\AUpdate\Channels\ch2\CIP\RELEASE_01_3062.EXE seems to be a possible install directory. Searching for Gtek online gets me: http://www.gtek.com/products.html If you've installed anything like that recently, denying it might stop whatever you installed from functioning correctly. Other than that, I don't see anything wrong with the course of action you took. Note also that the program does not seem to demand network connectivity in any way. Seeing as you're a wireless home administrator, and many of Gtek's products have to do with wireless functions, I would look for any new additions from their product lines. thank you very much. i am not getting THAT issue anymore. NOW, still, when i run AVG antivirus i STILL see that two files have been "changed," but not that they are infected at all. no antiviral, even if i turn off avg and do an online scan, shows that i am infected. but these two files are "changed:" ntoskrnl.exe and user32.dll. do you know why they are "changed?" would they have been changed by adding firefox or by using the website called www.stumbleupon.com? on top of that, i did some research at microsoft about the first changed filename, but it was not pertinent to my particular situation. however the kb article pointed to a trojan worm. but no antiviral can find one! so NOW, whenever i try to install a plugin to firefox, i get an error that says that it will not install (it gets stopped towards the end of the install) due to a 203 error. it says to look at the "error console" to find the 203 error. i have no idea where the error console is. MS does not refer to an error console. do you know anything whatsoever, or have any idea, what this could be? THANK YOU FOR YOUR ANSWER TO MY QUESTION!!! kikki |
|
|
|
|
Apr 22 2007, 06:44 AM
Post
#4
|
|
|
Forum Addict Group: Members Posts: 3,306 Joined: 14-April 06 Member No.: 64,042 |
I don't have 2.0 but in 1.5 the Java Script console (called error console in 2.0) is accessed from the tools drop down menu.
|
|
|
|
|
Apr 22 2007, 11:07 AM
Post
#5
|
|
 Member Group: Members Posts: 79 Joined: 20-April 07 Member No.: 125,921 |
Hi, Kikki.
"after i had installed firefox and the google desktop bar that i use, i noticed, upon running an antivirus scan using AVG free antivirus (the best), that two files are now CHANGED: FILE: user32.dll and FILE: ntoskrnl.exe they just are CHANGED, and AVG does not show them as infected, so i don't understand what "changed" refers to." Don't worry about the above two changes. I bet you have recently downloaded and installed some Windows Updates. Such things make updates and changes to your registry, and AVG (being diligent about sniffing around in the registry) detects these changes and reports them, but if you look at the report it has a blue icon with an "I" in it, meaning "information". These are not nasties, in fact after I download my Windows patches and run AVG, I would be worried if I take not get that info report. If you want to stop AVG making that report, open up the Test Center scan findings box, press key F3 and a dialogue will open in which you can delete the report and tell AVG to ignore such items in future. I, however, like to see that report as it is a useful confirmation that the Windows patch has "taken". |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 22nd November 2008 - 12:11 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.