Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure if I have a problem


  • Please log in to reply
5 replies to this topic

#1 RhonB

RhonB

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:09:00 AM

Posted 27 April 2010 - 04:59 PM

I might need some help...not sure, something strange happened today...

My WinPatrol came up saying that a dll wanted to be changed, the name had Java in it so I allowed it, right after that I was unable to open my IE or Outlook.....kept bringing up error messages about dll's...(didn't write them down) the "dll" in the messages made me think it was because of the change I had just allowed so I went to the Winpatrol recent tab and took the info down on any recent changes, the following is what I found on all changes this morning at the same time 11:25AM..

the following are all listed as "Company" Microsoft, with "type" as STARTUP:
crypt32.dll (program is: crypt32chain)
cryptnet.dll (program is: cryptnet)
wlnotify.dll (program is: scertprop)
wlnotify.dll (program is: schedule)
sclgntfy.dll (program is: sclgntfy)
wlnotify.dll (program is: senslogin) had the winpatrol icon in front of it
wlnotify.dll (program is: trmsrv) had the winpatrol icon in front of it
wlnotify.dll (program is: wballoon) had the winpatrol icon in front of it

This one is listed as "Company" Apple Inc "Type" SERVICES
Applemobiledeviceservices (program is: Apple Mobile Device)

These next ones are the ones I am concerned about, all showing the "Company" as blank and the "type" as hidden and all changed this morning at the same time as the others:

Z@R2A5.tmp (Program is: Z@R2A5)
Z@R2A7.tmp (Program is: Z@R2A7)
Z@S2A6.tnp (Program is: Z@S2A5)
Z@S2A8.tmp (program is: Z@S2A8)

I ran an MBAM Scan and a PrevX scan, both found nothing. I re-started and the machine seems to be working ok...IE & Outlook are opening now...but....I am still concerned that I may have allowed something I shouldn't have...but I only said yes because it said JAVA!! I tried to google these file names (Z@) but found nothing.

So what do you think? Did I do something I shouldn't have??

Let me know....

Thanks

RhonB

BC AdBot (Login to Remove)

 


#2 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:00 AM

Posted 27 April 2010 - 05:26 PM

well I would say it was a java update so I don't think it is anything to be to worried about but just in case: I suggest that you Please post a Posted Image in the Am I infected? What do I do? sub-forum with a description of your problem, the steps taken so far, and a link back to this topic (they will want to know why you suspect malware).

Please note: the Malware Response team are always overwhelmed, and it could take a few days to get your first reply. Just be patient and don't "bump" your topic by replying to it.

If you still have problems after being declared clean, they'll send you back here.

Good luck. :thumbsup:
sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |

#3 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:09:00 AM

Posted 27 April 2010 - 07:17 PM

Hi Computerxpds,

I already spoke with a malware specialist and he suggested I post here to get the opinion of an xp specialist.

Just not sure what those Z@ changes are...and why is the company blank and the type "hidden"?
I tried googling them and there was no info at all.

Like I said, the computer is working ok now, so I guess I won't worry but just wanted to be sure.

Is that normal for other programs to behave funny and not open after doing such an update, before rebooting?
If so, I won't worry about it because did MBAM and found nothing.

#4 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:00 AM

Posted 27 April 2010 - 07:19 PM

Some times it can happen but like I said if a restart fixed it I wouldn't worry to much.
sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:00 AM

Posted 27 April 2010 - 07:37 PM

It's sometimes difficult to tell what .tmp files might be linked to...any application may create such in the course of doing whatever that program does. Since such files disappear with a reboot, I would not worry about them if the system is performing normally.

As for needing to reboot after making changes to a program...this is not uncommon, since the files may not be properly registered until a reboot occurs. A good example is some XP critical updates.

Louis

#6 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:09:00 AM

Posted 27 April 2010 - 07:47 PM

K, I feel better now...thank guys!

Have a good evening! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users