Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown File Found


  • Please log in to reply
11 replies to this topic

#1 TexasAngel67

TexasAngel67

    Bleeping Helper


  • Members
  • 1,551 posts
  • OFFLINE
  •  
  • Location:Fort Worth
  • Local time:03:34 AM

Posted 15 August 2004 - 10:38 PM

Could someone please help me figure out what this path means?

c:\program files\support.com\client\backup\RU

Under Run, Search, Files or Folders and entering Rundll32.exe, it found 2 items.
The first appears legitimate with Windows logo and appropriate location.
The second is a manilla folder. When I click on properties, it shows that (above) as the location and in the window it is called 24576_5b1361b85_ and that is also shown as the 'Description'. It's 3,022 bites and was created on Monday, January 8, 2001 and modified the same date one second later.
I'm having problems with Rundll32.exe and popups, VX2, and ads1.revenue, and no telling what else. I have posts in the HJT forum also but this file/path is new info and I'm not sure what it means.
Any ideas???

~67~

BC AdBot (Login to Remove)

 


m

#2 Guest_brunt_*

Guest_brunt_*

  • Guests
  • OFFLINE
  •  

Posted 15 August 2004 - 10:53 PM

From what I am reading it looks like an automated backup of some sort. Does not look dangerous. But looks can be decieveing I will look into it a little more. I never ran windows me :thumbsup: ... LOL.. RunDLL erors? what kind of video card do you have? Also download shoot the messenger from my signature (hijack this and other programs) And unplug and pray. They keep "WINDOWS" messegner closed and off (not to be mistaken with msn messenger. Post back about the video card. Some vid cards have rundll.32.exe running You can download a free trail of this program! Its great I just bought it and it will tell you everything that is running even the hidden crud!!


http://nct.digitalriver.com/fulfill/0138.002

#3 TexasAngel67

TexasAngel67

    Bleeping Helper

  • Topic Starter

  • Members
  • 1,551 posts
  • OFFLINE
  •  
  • Location:Fort Worth

Posted 15 August 2004 - 11:40 PM

brunt-

Yes i know. Windows ME has few fans, lol. I appreciate you looking into the path/file, and hopefully you'll have more luck than i did.
As for STM, I had it for three days and it did nothing. As it turns out the website states that it ONLY works with XP and newer versions of windows, it doesn't work with ME.
You asked about the video card and i hoped this is the info you're looking for: 4X AGP nVIDIA GeForce2 MX with DVI interface 16MB VRAM.
I had to give my e-mail address for the trial version of what you told me to get. I'll go now and check it.
Thanks a million.


~67~

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:34 AM

Posted 15 August 2004 - 11:50 PM

I believe those files are support files for the various vendors, such as your internet provider, to be able to remotely get diagnostics etc.

#5 Guest_brunt_*

Guest_brunt_*

  • Guests
  • OFFLINE
  •  

Posted 15 August 2004 - 11:56 PM

but for the rundll.exe probs shouldnt they just do there thing and then go? When you bring up taks manager how many rundll's are there in there?

#6 TexasAngel67

TexasAngel67

    Bleeping Helper

  • Topic Starter

  • Members
  • 1,551 posts
  • OFFLINE
  •  
  • Location:Fort Worth
  • Local time:02:34 AM

Posted 16 August 2004 - 12:09 AM

Okay, 99% of the time, only one Rundll32 is listed under Task Manager. Only a time or two I saw it there twice.
I got the program WinTasks. I'm really sorry but it's late and the brain isn't working fully anymore and I am not sure how to use it. But when it came up, it listed all the things currently running which is 21. All look good but 3 have no descriptions available. Two are my ISP so those are fine. The other one is STMGR.EXE and it's found in SYSTEM\RESTORE.
Let me know what else I need to do and how to use WinTasks, please.
Thanks so much. I'll look for your replies first thing in the morning.
~67~

#7 Guest_brunt_*

Guest_brunt_*

  • Guests
  • OFFLINE
  •  

Posted 16 August 2004 - 01:11 AM

Here is what stmgr.exe is


Microsoft’s PC State Manager.  While STATEMGR is a startup item only, this task, STMGR, is the memory resident part of the PC State Manager.  Both STATEMGR and STMGR are part of the Windows ME’s System Restore feature.  STATEMGR checks on boot-up how much time has elapsed since the last automatic or manual Restore Point and, if necessary, creates a new Restore Point.  Once Windows has started, STMGR takes over and checks whether vital Windows system files were overwritten by older files by a recent installation of 3rd party software, and restores them to their previous level when necessary.  Later during the same session, if the PC has been running for a number of days, or if a program being installed requests a Restore Point to be created prior to the installation, then STMGR is invoked and creates a Restore Point.  Finally, STMGR also monitors various other aspects of your system as you are running it.


Brain is also going in circles :flowers: ... Will let you know what to do in the A.M.


Brunt


Also what I would like you to do.. Is run wintask's and then take a screenshot of it. You can do this by pressing the printscreen button in the uppper right hand of your keyboard. Next open paint...and press edit..then click on paste..now you will see what your screen looked like when you did this. Now save as a GIF not bitmap. then go to this site Image Shack... And upload the picture and copy the third line and paste it back here this way I can see all running processes! here is what it will look like!


screenshot


And finally :thumbsup: Here is what the old Micro$oft has to say about Rundll's

RUNDLL>EXE

#8 TexasAngel67

TexasAngel67

    Bleeping Helper

  • Topic Starter

  • Members
  • 1,551 posts
  • OFFLINE
  •  
  • Location:Fort Worth

Posted 16 August 2004 - 02:56 PM

brunt-
You are so nice to stay up late and work so hard on this for me. :thumbsup: Trust me, I am very grateful! I did as you said (how neat since my PaintShopPro disk is ruined) and here is the 3rd line you requested:

http://img64.exs.cx/my.php?loc=img64&image=untitled26.gif

I cannot possibly thank you enough for all this. You are wonderful and a true asset to this site!

I await your reply.

~67~

#9 Guest_brunt_*

Guest_brunt_*

  • Guests
  • OFFLINE
  •  

Posted 16 August 2004 - 03:55 PM

Well does not look like anything out of sorts! Looks like the run dll.exe is for your vid card. Also Im sorry about STM here is how you disable it in ME.

Under Control Panel, select Add/Remove.
Select Windows Setup.
Select System Tools.
Click Details.
Uncheck WinPopUp.
Click OK.

If you want to see if it has stopped do this

Click Start and Run
Type cmd
Type.....Net Send Hello, this is a messenger service popup for test only!
And dang I need some glasses, I was looking al over for webskanks.exe lol have now seen many sites :thumbsup: .. Come to find out it is webscanx.exe which a good process!

Also you might want to right click on ddhelp.exe and click decrease priority! Seems taking allot of your CPU cycles.

If you want to see what it does go ahead and close the run dll.exe app. If nothing has detected it as a virus then it should be kosher. Allot of vid cards use that.. Let me know what happens after you runt it off..eg..like something does not work until reboot etc..

And your welcome. Anything for our members well almost anything don't want to go looking for webskanks again lol jk :flowers:

#10 TexasAngel67

TexasAngel67

    Bleeping Helper

  • Topic Starter

  • Members
  • 1,551 posts
  • OFFLINE
  •  
  • Location:Fort Worth
  • Local time:03:34 AM

Posted 16 August 2004 - 04:45 PM

brunt,
I have smiled so much that my cheeks hurt :thumbsup: . Webskanks.exe? :trumpet: You went far beyond the call of duty and I thank you. And I welcome the giggle too! lol
Okay, I've done everything you said. Does this mean we are done here and it's time to return to the HJT and other forum? The popups are still coming and ads1revenue and VX2 remain on my personal peeve list.
I'm lost and need your guidance still. Hopefully we can tackle this and win.
~67~

P.S. I don't think you need glasses dear, but perhaps an earlier bedtime. :flowers:

#11 Guest_brunt_*

Guest_brunt_*

  • Guests
  • OFFLINE
  •  

Posted 16 August 2004 - 04:46 PM

Yes please post another hijack this log in the forums! We will get you fixed up :thumbsup:

Edit: Just found that maybe VX 2 is part of better internet. Do you have betterinternet on your pc? funny name dont ya think "better internet" Also Lava soft has issued a plugin for the removal of vx2

http://www.lavasoft.de/

Navigate to vx2 removal tool!!

Wonderous what you can do when your awake lol. No no I like going to bed late. Half pc tech's are insomniacs anyway lol!

#12 TexasAngel67

TexasAngel67

    Bleeping Helper

  • Topic Starter

  • Members
  • 1,551 posts
  • OFFLINE
  •  
  • Location:Fort Worth

Posted 16 August 2004 - 05:23 PM

brunt -
Yes, a funny name 'ABetterInternet' but I don't want it and whoever thought I did needs a lobotomy. lol
Let me post the VX2 log and see what y'all think.
~67~




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users