Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rouge Start-up Program?


  • Please log in to reply
46 replies to this topic

#1 thomcats

thomcats

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 12 December 2014 - 02:42 PM

Since a couple of days my faithful "watchdog" Win Patrol has reported that a new start-up program wants to run once. Each time I open the computer the warning is there, but the program has now a slightly different name. The name consists of a row of figures and the only thing the different versions have in common is the first 5 digits - 14183. You can view a sample of Win Patrols messages below in the Photobucket images.

 

I have tried to open its folder, but that has not been possible; neither can I watch its properties. The only thing Win Patrol can do is to disable it. Not much good though, since the program appears with a new set of figures next time I open up the computer.

 

I've scanned the registry but the only entry where I can see it is in Win Patrol Detected. I've run several anti malware programs such as: Hitman Pro, Adwcleaner, ERARemover and MBAM. My main anti malware is Bitdefender Internet Security 2015. None of these programs can find that I'm infected with anything. Yet, this is all new and I find it annoying and alarming and would like to know what it is at least.

 

My computer is fitted with Windows 7 Ultimate 64-bit SP1.

 

Thanks in advance!

:rolleyes:

 

 

141.jpg

141-2.jpg

141-3.jpg



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:18 AM

Posted 12 December 2014 - 03:00 PM

Hello -

Have you had any calls from people with "Indian" sounding type of accents recently  ??

 

If so did you give them access to your computer to "Fix any problems" they claim existed ??

 

All of these numbers convert to running "Indian" cell phone groups (Scotty has done a great job again)

 

Thank You -



#3 thomcats

thomcats
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 12 December 2014 - 03:49 PM

Hello -

Have you had any calls from people with "Indian" sounding type of accents recently  ??

 

If so did you give them access to your computer to "Fix any problems" they claim existed ??

 

All of these numbers convert to running "Indian" cell phone groups (Scotty has done a great job again)

 

Thank You -

Hello,

 

I often get pestered by this scums, and the minute I hear their accent in the first "Hello", I slam the phone down not even bothering to answer. So, no, I have never done that.

 

Thank you.


Edited by thomcats, 12 December 2014 - 03:49 PM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:18 AM

Posted 12 December 2014 - 04:26 PM

As said above -

Little Scotty is doing exactly what you asked him to do, so make sure you keep him updated.

 

All I can say, is make sure everything is Password Protected, and keep rejecting them when they call.

Also keep your Antivirus updated, and make sure you have an AntiMalware program like Malwarebytes Anti-Malware Free installed and updated (weekly scans usually pick up any minor items)

 

These people will stop after a while, but I do know they can be a pest.

 

Regards -



#5 thomcats

thomcats
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 12 December 2014 - 04:43 PM

As said above -

Little Scotty is doing exactly what you asked him to do, so make sure you keep him updated.

 

All I can say, is make sure everything is Password Protected, and keep rejecting them when they call.

Also keep your Antivirus updated, and make sure you have an AntiMalware program like Malwarebytes Anti-Malware Free installed and updated (weekly scans usually pick up any minor items)

 

These people will stop after a while, but I do know they can be a pest.

 

Regards -

I know that they are trying to reach me over the phone - standard and mobile - but I've never seen anyone trying to "phone" my computer. How does that work?

 

Regards



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:18 AM

Posted 12 December 2014 - 05:18 PM

Quite simple.

It may not be exactly a phone call, but it means they have seen you as a decent target.

 

The "phone number" is simply their office (a.k.a. blowers) base from where they work. Like I am hooked to a phone line from here in Australia :hello: )

 

Hope this helps .....................



#7 thomcats

thomcats
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 12 December 2014 - 06:26 PM

Quite simple.

It may not be exactly a phone call, but it means they have seen you as a decent target.

 

The "phone number" is simply their office (a.k.a. blowers) base from where they work. Like I am hooked to a phone line from here in Australia :hello: )

 

Hope this helps .....................

Hmmm..... I understand the idea behind it, but not how it works. However, the threat seems real enough. I'm glad of course that Win Patrol works but the next question must be: Is there anything I can do to keep it from happening in the first place? Is there anything I can to do block this procedure from repeating itself every time I start the computer?

:(  



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:18 AM

Posted 12 December 2014 - 06:51 PM

Hi -

Yes, but not for free that I do know of ......... Others may know, but I put up  Malwarebytes Pro Anti-Malware, or paid version.

 

This is only because my main background is from there, and I have followed its growth and the programs development.

 

Thanks -



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:18 AM

Posted 12 December 2014 - 07:14 PM

Windows Program Automatic Startup Locations

RunOnce Local Machine Key - These keys are designed to be used primarily by Setup programs. Entries in these keys are started once and then are deleted from the key. If there is an- exclamation point preceding the value of the key, the entry will not be deleted until after the program completes, otherwise it will be deleted before the program runs...

What is runonce.exe?
What is runonce.exe doing on my computer?

WinPatrol's main feature is how it monitors and allows you to review programs that automatically launch when Windows starts including those which add a RunOnce key in the registry. You may be able to find more information under Options > WinPatrol Log or View History. If you have WinPatrol PLUS...it will provide additional information.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:18 AM

Posted 12 December 2014 - 07:25 PM

Hi -

Just as a minor extra and I hope a bit of a help, please download and run this every week

 

Please download Temp File Cleaner by Old Timer and save the file on your desktop.
1 .Download TFC from the download link above
2 .Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
3 .Double-click on the TFC icon.
4 .When the program opens, click on the Start button. TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
5 .When done, press OK > Exit, and reboot your computer and finish the cleanup
No log is produced or expected.
Note: After removing temp files, the computer may show to be slow than usual, but it will improve once the cache is rebuild.

 

 

Note that Temp Files are just things like, when you visit here, you "basically" create a Temporary File of the download (or visit).

 

 

Thank You -



#11 thomcats

thomcats
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 12 December 2014 - 07:50 PM

Hi -

Yes, but not for free that I do know of ......... Others may know, but I put up  Malwarebytes Pro Anti-Malware, or paid version.

 

This is only because my main background is from there, and I have followed its growth and the programs development.

 

Thanks -

Thank you, I already have Malwarebytes Pro Anti-Malware.

 

Regards



#12 thomcats

thomcats
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 12 December 2014 - 07:53 PM

Hi -

Just as a minor extra and I hope a bit of a help, please download and run this every week

 

Please download Temp File Cleaner by Old Timer and save the file on your desktop.. . . . . .
 

 

. . . .Note that Temp Files are just things like, when you visit here, you "basically" create a Temporary File of the download (or visit).

 

 

Thank You -

Thank you again. I shall do so and have a look at the program. I also use CCleaner where temp files are cleaned out and this prog I run before general backup every second day.

 

Regards :rolleyes:



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:18 AM

Posted 12 December 2014 - 08:01 PM

Did you check under Options > WinPatrol Log or View History for info about the entries? If you have WinPatrol PLUS...it will provide additional information.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 thomcats

thomcats
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 12 December 2014 - 08:01 PM

Windows Program Automatic Startup Locations

RunOnce Local Machine Key - These keys are designed to be used primarily by Setup programs. Entries in these keys are started once and then are deleted from the key. If there is an- exclamation point preceding the value of the key, the entry will not be deleted until after the program completes, otherwise it will be deleted before the program runs...

What is runonce.exe?
What is runonce.exe doing on my computer?

WinPatrol's main feature is how it monitors and allows you to review programs that automatically launch when Windows starts including those which add a RunOnce key in the registry. You may be able to find more information under Options > WinPatrol Log or View History. If you have WinPatrol PLUS...it will provide additional information.

 

Hello,

 

I have Win Patrol Plus and I went into the Options and had a look at the history and logs. As far as I can see (the logs aren't totally easy to read) it only says in the History part, that the offensive program has demaded to start and that I have stopped it. That's all - I can find no explanation to what is behind it all. I understand what a runonce.exe is supposed to do, but I'm still looking for possibilities to stop this virus/malware before it can start to run its program here. Since it evidently wants to run an exe on my computer, it must be lurking somewhere here with its potential danger - only I don't know where to look.

 

Any suggestions?

 

Regards



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:18 AM

Posted 12 December 2014 - 08:09 PM

As far as I can see (the logs aren't totally easy to read) it only says in the History part, that the offensive program has demaded to start and that I have stopped it. That's all - I can find no explanation to what is behind it all...I'm still looking for possibilities to stop this virus/malware before it can start to run its program here.

It may not be malware related. It could be related to an update of a legit program which did not provide enough info for WinPatrol to determine its name. If it is a program which is set for automatic updates...the runonce may be repeatedly offered. Just letting you know this in case you don't find any malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users