Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange programs, orphans, illegitimate, okay?


  • Please log in to reply
6 replies to this topic

#1 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:08:04 PM

Posted 08 July 2010 - 06:15 PM

I was helping a friend with some issues last night, and strange things showed up. She allowed me to access her computer through something called JAWS Tandum, a feature of the primary screen reader we use that allows people to give remote support or training with permission from the user who's computer is being accessed. well, her computer wasn't updating, so I wanted to check some things out for her since she is less savvy on computers than I am. She had some questions about a bunch of programs in her computer, so I looked through them. I found a few things that seem a little strange to me. Some of the names include, update cleaner, windows install cleaner, and LXCJ. Anyone recognize them? I left everything alone as I didn't recognize them, but ther'es more. I also found some things that I believe are orphans, but there's no way to be sure. Or is there? I found the folder for comoto, not sure which product from them it was, but it's kind of odd to me as she has never told any of us about Comoto. The folder from the pro version of Avast was still there, though I'm pretty sure that it's just a left over from an uninstall that was done only using the normal add or remove programs API. There were also some log files I found strangely hanging out in the root of her C: drive. they were namely lxcjscan.log and NtdClient.log. Again, Anyone recognize them? The other thing that concerns me is the number of realtime scanners she has on her computer. I spotted MBAM pro and SAS pro both running at the same time, with MSE also there (that being the program that won't update). I begin to wonder if the member of her family that claims to give her administrative access, yet hides more than fifty percent of the control pannel from her in a way that none of us can see, searches her drive at unknown intervals, controls the installations to her computer, and probably does more, really knows what he is doing. I'm not judging anyone, this is just my thoughts. any input would be great.

Many thanks,
Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:04 PM

Posted 11 July 2010 - 12:12 PM

I am pretty sure LXCJ is related to a lexmark printer. Does she have that type or printer or even a dell printer which are oemed by Lexmark?

NtdClient.log i am pretty sure is legit. I forget from what though. Have you opened it in notepad to see what it is?

Windows installer may actually be the legitimate windows installer from microsoft.

#3 chromebuster

chromebuster
  • Topic Starter

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:08:04 PM

Posted 11 July 2010 - 02:34 PM

Hi again,
Thanks for the quick reply. And yes she does have a Lexmark printer connected to her computer. I was able to see it clearly when I opened My computer (for she is using XP). I was nervous to delete the Comodo and Avast folders since with her, it is always hard to tell what is running and what isn't, considering half of her stuff is hidden. I didn't touch them as a result. But any thoughts on that thing called update cleaner? To me it sounds like something that was put in place by the family member who acts as the technician to keep her updates from flowing through like they're supposed to be. Because now that you mention it, I remember one time when this same issue was occurring, and I looked at her update.log file, and more than half of the updates that were due to come in, were stopped somehow. And yes I most certainly did open up both of the log files. The lexmark log looked like pure gibberish to me simply because I do not own one, and in the NTDClient.log file, I found what looked like a lot of failures. It just concerns me that her microsoft Security Essentials will not update, and I'm trying to figure out if these failures in the logs have anything to do with it. And not to mention her Java also causing issues, slowness from the multiple realtime monitors she unfortunately has running, and not to mention the strangeness of the files and folders she has. What do you suggest I have her do next? I basically told her to leave things running the way they are till I could get some info from you folks.

Thanks so much for your help,
Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:04 PM

Posted 12 July 2010 - 12:43 PM

I would run some alternate av scans such as malware bytes or super antispyware. Also try uninstall microsoft security essentials and reinstalling.

#5 chromebuster

chromebuster
  • Topic Starter

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:08:04 PM

Posted 12 July 2010 - 01:45 PM

I think I'll do that. But I'm just curious why someone would buy both MBAM and SAS pro for her and instruct her to keep them running at all times? You guys always tell us that having too many realtime monitors is not good, don't you? And not to mention when I installed Eset online Scanner for her and had run it hoping that it would have found the file that was stopping her updates, it found something very peculiar. It found Win32/AskToolBar application, or that's what it looked like when the scan was running, but then afterward, when I showed her how to find the log, I looked at it, and the filepath was at E:\computer archives\Nero\Nero 7.0 or something like that. She has never used Nero in her life I don't think. in fact, I doubt she is even savvy enough to even know what that program does. So, since Eset only found a toolbar, I had her uninstall it herself, which she did I think. But my real question is, what does that path belong to? That sounds like an imaging program that would make a folder called computer archives, doesn't it? And if she doesn't use Nero, and neither do any other members of her family who use that computer, who would have installed it on there? Strange, isn't it?

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:04 PM

Posted 12 July 2010 - 02:51 PM

I can't answer that. I dont think there is anything wrong with owning both programs, but I agree you should not have 3 real-time scanners running at the same time. An av and an anti-malware is fine, but not 2 anti-malwares.

I honestly do not know and its impossible to analyze these things without a deeper look. You may want to refer your friend to this guide to check for malware:

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

#7 chromebuster

chromebuster
  • Topic Starter

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:08:04 PM

Posted 17 July 2010 - 02:58 PM

Thanks a million. I made sure to send it to her. I sent her the link over MSN, so I hope she was able to see it when she looked at her logs.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users