Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gibberish on boot then hang (NPSWF32_FlashUtil?)


  • Please log in to reply
3 replies to this topic

#1 tadburn

tadburn

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 25 February 2010 - 02:02 PM

This may be a self inflected wound.

Windows XP Pro Version 2002 SP2, Core Duo. I noticed that occasionally on boot a message from Flash would pop up offering a new version. I don't like things running on my computer without knowing how they got started. After checking the usual places I found the offending program was /windows/system32/Macromed/Flash/NPSWF32_FlashUtil.exe but was not able to determine how it got started. As a test I changed the ending of the program from exe to xex (have done this for years, maybe just lucky up to now) to see if the message would go away and rebooted. On reboot the system spouted unintelligible characters on the screen and hung. Rebooting in safe mode I found that NPSWF32_FlashUtil.exe had been replaced in the directory along with my renamed copy. I used (in the same directory) uninstall_plugin.exe go get rid of the plugin, rebooted, uninstalled Flash, reinstalled Flash and thought things were OK.

After a similar hang this a.m. I did the uninstall again but the system still hung on rebooot. Used regedit to remove HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/ThreatFire (some have had problems with this prog) from the registry and successfully rebooted. The Flash player was reinstalled and the \Windows\system32\Macromed\Flash directory looks normal again but i am not sure things will boot up properly. Thought I would post this before trying. Last time I have had 5-10 reboots before the problem cropped up again so one reboot won't necessarily prove everything is OK.

The system has been running slower recently so the possibility of a virus is present. I use MalwareBytes, Avast, ZoneAlarm, and a firewall router to try to keep things safe.

Does any one have any thoughts on this or what to do next to assure that all is well?

Many Thanks.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,244 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:25 PM

Posted 25 February 2010 - 02:31 PM

I think that's malware.

http://www.prevx.com/filenames/96842980491...SHUTIL.EXE.html

I have Flash Player installed...the file at the path you listed...indicates the version of Flash Player installed. In my case, the file is named FlashUtil10e.exe.

Close is not good.

Louis

#3 tadburn

tadburn
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 25 February 2010 - 03:03 PM

Thanks hamlouis for the reply.

I ran a standard uninstall from the control panel and the file went away and did not reappear on reboot. I also looked in a few places suggested by the site you referenced and could not find anything. MalwareBytes and Avast checked my install_flash_player.exe prog and found nothing.

I've been able to reboot about 10 times OK since making the last changes, not sure what the deal is.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:25 PM

Posted 25 February 2010 - 03:13 PM

Here is a bit more information as well: http://www.threatexpert.com/files/npswf32_flashutil.exe.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users