Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

curiouse what these 2 files are


  • Please log in to reply
6 replies to this topic

#1 bignight2

bignight2

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:10:46 AM

Posted 26 March 2009 - 10:25 AM

Windows XP Media Center Edition Service Pack 3 (build 2600)

was just browsing hd and noticed these 2 files no clue what they are of ir ir was from a old scan

they are first 2 in c: folder

7e3560f9eabcf42c2dc46b83081759

a6dcb67336c01a3a63232eb201a0ae, seems its like this msxml4-KB927978-enu

thanks

BC AdBot (Login to Remove)

 


#2 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 26 March 2009 - 06:48 PM

The first one looks like it might be malware. The only thing a Google search turned up was on the Hijack This forum of Bleeping Computer.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 AM

Posted 26 March 2009 - 07:01 PM

Hello.

Those does not look malware related. This file "msxml4-KB927978-enu" is legit and can be deleted if you want.

The other two folders seems to be related to Windows Update rather than malware. Just curious, what is in those folders? I believe there is nothing in those folders.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:10:46 AM

Posted 26 March 2009 - 09:14 PM

in the second its stuff like this

== Verbose logging started: 11/16/2006 11:04:40 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===
MSI © (08:CC) [11:04:40:531]: Resetting cached policy values
MSI © (08:CC) [11:04:40:531]: Machine policy value 'Debug' is 0
MSI © (08:CC) [11:04:40:531]: ******* RunEngine:
******* Product: c:\a6dcb67336c01a3a63232eb201a0ae\msxml.msi
******* Action:
******* CommandLine: **********
MSI © (08:CC) [11:04:40:531]: Client-side and UI is none or basic: Running entire install on the server.
MSI © (08:CC) [11:04:40:531]: Grabbed execution mutex.
MSI © (08:CC) [11:04:40:593]: Cloaking enabled.
MSI © (08:CC) [11:04:40:593]: Attempting to enable all disabled priveleges before calling Install on Server
MSI © (08:CC) [11:04:40:593]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (50:C0) [11:04:40:609]: Grabbed execution mutex.
MSI (s) (50:B4) [11:04:40:609]: Resetting cached policy values
MSI (s) (50:B4) [11:04:40:609]: Machine policy value 'Debug' is 0
MSI (s) (50:B4) [11:04:40:609]: ******* RunEngine:
******* Product: c:\a6dcb67336c01a3a63232eb201a0ae\msxml.msi
******* Action:
******* CommandLine: **********
MSI (s) (50:B4) [11:04:40:609]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (50:B4) [11:04:40:625]: File will have security applied from OpCode.
MSI (s) (50:B4) [11:04:40:640]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'c:\a6dcb67336c01a3a63232eb201a0ae\msxml.msi' against software restriction policy
MSI (s) (50:B4) [11:04:40:640]: SOFTWARE RESTRICTION POLICY: c:\a6dcb67336c01a3a63232eb201a0ae\msxml.msi has a digital signature
MSI (s) (50:B4) [11:04:40:843]: SOFTWARE RESTRICTION POLICY: c:\a6dcb67336c01a3a63232eb201a0ae\msxml.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (50:B4) [11:04:40:843]: End dialog not enabled
MSI (s) (50:B4) [11:04:40:843]: Original package ==> c:\a6dcb67336c01a3a63232eb201a0ae\msxml.msi
MSI (s) (50:B4) [11:04:40:843]: Package we're running from ==> c:\WINDOWS\Installer\119870b.msi
MSI (s) (50:B4) [11:04:40:859]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (50:B4) [11:04:40:875]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (50:B4) [11:04:40:875]: MSCOREE not loaded loading copy from system32
MSI (s) (50:B4) [11:04:40:875]: Machine policy value 'TransformsSecure' is 0
MSI (s) (50:B4) [11:04:40:875]: User policy value 'TransformsAtSource' is 0
MSI (s) (50:B4) [11:04:40:875]: Machine policy value 'DisablePatch' is 0
MSI (s) (50:B4) [11:04:40:875]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (50:B4) [11:04:40:875]: Machine policy value 'DisableLUAPatc

#5 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:46 AM

Posted 26 March 2009 - 09:21 PM

That one looks like a windows security update log

Edited by Stang777, 26 March 2009 - 09:22 PM.


#6 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:10:46 AM

Posted 27 March 2009 - 05:56 AM

ok thanks alot, the other was amd64 and i386 stuff just like 6mb of stuff, thanks for answers

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 AM

Posted 27 March 2009 - 02:26 PM

Hello.

Yes, those are legit no need to worry. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users