Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What is ir3524.exe


  • Please log in to reply
7 replies to this topic

#1 coffeeaholic

coffeeaholic

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 12 May 2009 - 03:37 PM

I have no idea where I got the file, searches only turn up as spyware or malware but I'm not totally convinced it is such. If it is then could someone tell me how I got it? I'm going to reinstall xp for other reasons but I'd still like to know where it comes from and why it keeps getting on my computer. I usually do not click bad links or install downloaded software unless I know it is safe. BTW I have an AV from sympatico (canadian) that does not detect it as a virus or spyware.

BC AdBot (Login to Remove)

 


#2 o_rly

o_rly

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:An unclean desk
  • Local time:09:52 PM

Posted 12 May 2009 - 04:53 PM

After doing some searching, it might be related to Vundo.
Don't mind me, I'm just lurking.

#3 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:52 PM

Posted 12 May 2009 - 04:55 PM

I found one reference to a file IR3524 that was malware. Vundo was diagnosed.

Two programs that will find and remove Vundo and its related malware are in post #4 in link below
which includes instructions and download links for both.
http://www.bleepingcomputer.com/forums/ind...t&p=1087935

Allow Secunia to scan your computer programs for missing security updates. It only takes a minute or so. Old Java programs are exploited by Vundo. After updating Java, go to Add/Remove and remove ALL old Java programs.
http://secunia.com/vulnerability_scanning/online/

Edited by buddy215, 12 May 2009 - 05:02 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#4 coffeeaholic

coffeeaholic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 12 May 2009 - 05:18 PM

Forgot to say, as I haven't started to reinstall xp yet, the icon in c:/windows/system32/ir3524.exe is a barcode

#5 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:52 PM

Posted 12 May 2009 - 05:56 PM

You can also submit the file to VirusTotal and they will scan it with multiple security programs.
http://www.virustotal.com/

Have you looked in your program files to see if one has the same icon?

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 coffeeaholic

coffeeaholic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 12 May 2009 - 06:05 PM

File IR3524.exe received on 10.15.2008 23:52:08 (CET)
Current status: finished
Result: 1/36 (2.78%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32 - - -
Norman - - -
Panda - - Suspicious file
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Additional information
MD5: f9e5b017085612da7f189cfa34ab71de
SHA1: aada69f15e54bb7298965de3639cc8822750e86b
SHA256: 21ca862dac4ffc9de7e3f0c298c7f3e3e35c50a472d3774820ebda8ba41116e5
SHA512: 263c03997ac0b41024ebce72b574b9beab5b4e65f13c6ce7105c9630abfd22d66afd243f8bc911233a026f2ebfa1c228f27af5f60736e405992ab46b9d0fe266



Panda says its suspicious but thats it, I don't trust pandas :thumbsup:

2nd time through and nothing, hmmm, still no idea what it is. I removed it from startup and also removed it from its location and put it on the desktop. I'll keep it there till I find out what it is

Edited by coffeeaholic, 12 May 2009 - 06:08 PM.


#7 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:52 PM

Posted 12 May 2009 - 06:14 PM

Was that the first time that file had been scanned by VirusTotal?

What info if any do you get when right clicking on the file and click on properties?

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 coffeeaholic

coffeeaholic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 18 May 2009 - 01:08 PM

I found out what the file is. It is a file needed to run my TV Tuner, found this out when I reinstalled and it did not show up untill I installed the tuner drivers




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users