Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Xp Registry


  • Please log in to reply
4 replies to this topic

#1 rhstarr

rhstarr

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 11 June 2008 - 06:10 PM

Has anybody seen a registry change similar to the one below. My McAfee Security Center warned me of a possible unwanted registry change (text of warning below), and I cannot find anything on the web about that "rbSolnUpdateENU.2.8.1.exe". I can find info on that "wextract_cleanup" process, and it seems to be an Ok process.

Process: C:\Documents and Settings\Roland\Local Settings\Temp\rbSolnUpdateENU.2.8.1.exe
Process Name: Win32 Cabinet Self-Extractor
Process Publisher: Microsoft Corporation
Affected Items: rundll32.exe, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 11 June 2008 - 06:18 PM

Hello.

rbSolnUpdateENU.2.8.1.exe was an installer or update for some program. When you downloaded the file, you had probably selected Run instead of Save so the installer ran from your temporary folder.

Do you remember anything that you had tried to download and install?

wextract_cleanup0 is a process used to cleanup the file used for an installation in the temporary directory.

This is nothing to worry about :thumbsup: .

With Regards,
The Panda

#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:47 PM

Posted 12 June 2008 - 09:08 AM

According to this ( http://www.prevx.com/filenames/X6130373090....2.8.1.EXE.html ) it's a suspicious file. Some references are made to malware - but others are to HP printer software.

I'd suggest a free, online scan to ensure that nothing has snuck by your current protection.
(Be advised that some of these scanners will pickup things in "quarantine" from other anti-virus programs - so review the results carefully)

http://housecall.trendmicro.com
http://www.pandasecurity.com/homeusers/solutions/activescan/
http://www.kaspersky.com/virusscanner Scan Only - no removal
http://www.bitdefender.com/scan8/ie.html
http://support.f-secure.com/enu/home/ols.shtml
http://us.mcafee.com/root/mfs/default.asp
http://onlinescan.avast.com/
http://ca.com/us/securityadvisor/virusinfo/scan.aspx
http://www.eset.com/onlinescan/

<links compiled on 02/14/2008>
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 rhstarr

rhstarr
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 12 June 2008 - 11:43 AM

Thanks for the responses. The date the file was created was back in Nov 2007, so I don't recall what I may have installed back then. However, I do have an HP Printer, for which at times my system gets updates from HP. It might be related to that. I have McAfee Security Center installed on that machine, and it does weekly scans, and hadn't flagged that file as a problem. However, it was the same McAfee Security Center that gave me the warning yesterday about that file interacting with the registry.

Thanks again

#5 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:47 PM

Posted 12 June 2008 - 02:45 PM

That's the reason I suggested another scan - as a double check on your McAfee.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users