Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nav Not Scanning Rar File


  • Please log in to reply
17 replies to this topic

#1 monsato

monsato

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 16 February 2006 - 09:08 PM

I have Symantec Antivirus with Autoprotect set up on my computer. It automatically downloads updates, then scans the computer for threats in the wee hours of the morning. Lately, the scan has been omitting a rar file, C:\WINDOWS\system32\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}.{21EC2020-3AEA-1069-A2DD-08002B30309D}\Big.Mommas.House.2.TS.SVCD-SCREeEeEeEeECH\CD2\scrh-bmh2b.part23.rar, to be exact. It says that it can not scan it due to extraction errors. This has been going on for a couple of weeks now.

And as for some background info, I recently got rid of Spy Sheriff about two months ago using the instructions from this site (thank you so much!)

Is this something I should be worried about, or am I being paranoid in my post-Spy Sheriff state?

Thanks.

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:06:47 PM

Posted 16 February 2006 - 10:47 PM

RAR files are compressed, and most anti-viruses cannot scan compressed (zipped) files until they are opened (extracted).
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 monsato

monsato
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 16 February 2006 - 11:59 PM

Would you suggest I try to open it so that it can be scanned, or just leave it be? Thanks again for your help.

#4 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:06:47 PM

Posted 17 February 2006 - 12:07 AM

With a title like "big mama's house" I would just quickly delete the zipped file.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#5 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:47 PM

Posted 23 February 2006 - 04:14 PM

Is it really paranoia if they are trying to get you? Delete it and scan your system just to be sure.

FWIW - Several years ago there was a "hole" in Norton/Symantec products. They would only scan compressed files to a depth of 3 layers. The virus writers knew this, and started burying their payload 4 or more layers deep.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#6 monsato

monsato
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 25 March 2006 - 12:36 AM

Hey guys, thank you for the help so far. I apologize for dropping off the planet; my work took me away from my lowlevel comp problems since last I've written anything. I hope I didn't offend anyone. :thumbsup: I should've said something and I didn't. For that, I apologize.

As for the computer, when I do a search in windows I can't find the "big momma's house" rar file, and I can't do anything except export it when I try to access it in the NAV log. (As I understand it, exporting would create a copy, so I'd have 2 files to try to delete instead of 1).

The comment regarding virus writers burying codes more than 3 levels deep is intriguing, and I found in the configure portion of the NAV that it is only set to 3. It does go up to 10, however. Should I try resetting the NAV to a higher level and do a manual scan? Will this affect the computer in any way? Thanks.

P.S...This file doesn't seem to be doing anything malicious (I can find) on my comp. I'm sure there are people posting with much bigger problems than mine. Just get to mine whenever you can. Thanks again for all your help.

#7 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:07:47 PM

Posted 25 March 2006 - 05:14 PM

When Norton finds it, doesn't it show the path to where it is? That might give you a clue. If it's in System Restore, for instance, it's not going to hurt anything unless you do a system restore.

#8 monsato

monsato
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 25 March 2006 - 11:04 PM

When I try to find it using Windows Explorer, I can only get to C:\WINDOWS\system32\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}. I can't find the rest of the pathname. I have also tried using keywords in the Windows Search and that hasn't come up with anything either. Is there any other way to look for it? Thanks again for your help.

#9 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:07:47 PM

Posted 26 March 2006 - 12:26 PM

When I try to find it using Windows Explorer, I can only get to C:\WINDOWS\system32\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}. I can't find the rest of the pathname. I have also tried using keywords in the Windows Search and that hasn't come up with anything either. Is there any other way to look for it? Thanks again for your help

I'm not quite sure what you mean, do you mean when you try to find it with the 'search' feature of Windows?

Try this: Start > My Computer > C: > Windows > System32 Do you see it in that folder? If not it may be hidden. To see hidden files, while in Windows Explorer: Tools > Folder Options > View tab click "show hidden files and folders".

If you find the file in question and want to delete it, right click on the file and choose 'delete'. This will move it into your recycle bin. If after a time you want to permanently delete this file from your computer simply empty your recycle bin.

You may also find it in your start menu by right clicking on the Start button > Open.

It appears that this files creators are trying to hide it, or at least hide it's true purpose by using the name for it that they did. That particular name is used to hide the file, or at least disguise it.

Edited by Albert Frankenstein, 26 March 2006 - 12:45 PM.

ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#10 monsato

monsato
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 26 March 2006 - 03:25 PM

Thank you for the suggestion but I still can't find it.

Here's what I've tried so far:

1-Using Windows Explorer, with the instructions Albert Frankenstein gave, showing hidden files. I couldn't find it, so I went back into the View tab of the Folder Options and changed it to show "protected operating files" and "contents of system folders". I still couldn't find it.

2-Used a keyword search of "big momma's house" in the Windows Search using the same Folder Options. Nothing came up.

3-Per usasma's post, I got inspired to go into my NAV configuration, changed the scan option for compressed files from 3 layers to 10 layers deep, and scanned in Safe Mode. Nothing came up again.

I am officially scratching my head here. Any other suggestions?

P.S..Thank you guys for your suggestons so far; I'm really grateful. This is a great place. :thumbsup:

#11 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:06:47 PM

Posted 26 March 2006 - 04:56 PM

Do a search for *.rar
start>search>files and folders>"*.rar" (without the quote marks)

When you find it delete it.
That isn't a file that belongs in Windows system files whatever it is.

#12 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:07:47 PM

Posted 26 March 2006 - 05:08 PM

I searched my registry for the first key showing [21EC2020-3AEA-1069-A2DD-08002B30309D] and found it in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons.

I'm wondering if this isn't a false positive of some kind. In my Windows\System32 folder, I do not have a folder called "Control Panel" but I do have an executable file for it. It appears to be labeled as "Control" but hovering the mouse over it shows it to actually be "Control Panel" and when I double-click it, my Control Panel opens. When I show hidden and system folders, there is nothing in there but the usual stuff.

#13 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:07:47 PM

Posted 26 March 2006 - 05:24 PM

To further add to your confusion: CLICK
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#14 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:07:47 PM

Posted 26 March 2006 - 10:35 PM

So . . . theoretically, you could open this file with Notepad, delete the contents, and it would just remain an empty file. It would seem that browsing through \System32 you should be able to actually find this and delete it.

#15 monsato

monsato
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 26 March 2006 - 10:49 PM

Again, thank you guys for the help.

Per Enthusiast's suggestion, I tried to search the file with *.rar, and nothing came up.

I read the info on Frankenstein's hyperlink, and perhaps this is what is going on, but I can' be certain because, quite honestly, I wasn't completely sure what I was reading. (This problem is going way beyond the sliver of expertise I have with computers). But from what I could understand, this CLSID appending thing seems to be correct. The exact CLSID described in that hyperlink is a part of my control panel. Also, after Herk's latest response, I inspected the system32 files (not changing anything, of course) and saw that while the other files and folders have short names like "Cat Root" or "Direct X" or "ipv6.exe", the control panel is actually named Control Panel {21EC2020-3AEA-1069-A2DD-08002B30309D}. Am I on the right track when I say that it looks like something has been added to my control panel?

So if this is the case, (here comes the $64,000 question) how do I get rid of it? Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users