Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Unknow Folder/file .exe


  • Please log in to reply
9 replies to this topic

#1 quill

quill

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 18 November 2006 - 06:27 PM

Greetings o genui (hmmm, is that the correct tense..) anyway, I've recently come across a file in SwSetup
entitled MaxRe.exe. A Google search returned very little info, and most of it in german! Does anyone know what this is/does?
thanks

BC AdBot (Login to Remove)

 


#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:06:12 AM

Posted 18 November 2006 - 06:38 PM

I believe SwSetup is used in downloading HP drivers.

Edited by Enthusiast, 18 November 2006 - 07:57 PM.


#3 DemonSui

DemonSui

  • Members
  • 325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hammond, IN
  • Local time:06:12 AM

Posted 18 November 2006 - 06:48 PM

this is malware. a search revealed a site in German with instrustions to remove it.

if you run hijackthis does this show up?:

O2 - BHO: (no name) - {4C7F6A03-707B-46CB-BE02-057A138F445E} - C:\WINDOWS\system32\msls232.dll


note to staff: I'm finding this information on actual forums, I'm not making this up
EDIT: source: http://www.hijackthis-forum.de/showthread.php?p=100364
edit2: a quick scan of the logs posted shows that MaxRe.exe quickly disappeared

Edited by DemonSui, 19 November 2006 - 12:27 AM.

Let free your emotions so I can destroy them!

PSP M33 USER.

MY new PC is a laptop and I love it.

#4 DemonSui

DemonSui

  • Members
  • 325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hammond, IN
  • Local time:06:12 AM

Posted 18 November 2006 - 06:52 PM

I believe SwSetup is used in downloading HP drivers.

I will go check that right now. my brother has an HP pc

edit: ok, fine. my brother's gonna be a jerk and I cannot check

Edited by DemonSui, 18 November 2006 - 06:54 PM.

Let free your emotions so I can destroy them!

PSP M33 USER.

MY new PC is a laptop and I love it.

#5 quill

quill
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 19 November 2006 - 06:17 PM

Hi, and thanks to all for your replies...Deamon, I ran HJT and did come up with an 02 BHO (no name), however it's associated with a spybot helper. I can post the HJT logfile here, or in the appropriate forum. Please advise.

#6 quill

quill
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 19 November 2006 - 06:22 PM

Oh, one more thing I forgot to add...I came across this after a thourogh scan with avast in safe mode, and the scan took a particularly long time with D:/ preload, upon investigation I could only find the above mentioned MaxRe.exe, and RunMax.exe in the associated folder.

#7 DemonSui

DemonSui

  • Members
  • 325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hammond, IN
  • Local time:06:12 AM

Posted 19 November 2006 - 06:35 PM

I would kindly ask that you post a log here for cleaning

Edited by DemonSui, 19 November 2006 - 06:35 PM.

Let free your emotions so I can destroy them!

PSP M33 USER.

MY new PC is a laptop and I love it.

#8 DemonSui

DemonSui

  • Members
  • 325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hammond, IN
  • Local time:06:12 AM

Posted 19 November 2006 - 07:57 PM

Wrong place, please post in the link provided, and delete the log here.

I am not qualified to review and diagnose hijackthis logs

Edited by DemonSui, 19 November 2006 - 07:59 PM.

Let free your emotions so I can destroy them!

PSP M33 USER.

MY new PC is a laptop and I love it.

#9 quill

quill
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 19 November 2006 - 10:40 PM

oops! missed the link...thanks for your help

#10 DemonSui

DemonSui

  • Members
  • 325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hammond, IN
  • Local time:06:12 AM

Posted 19 November 2006 - 10:42 PM

no problem
Let free your emotions so I can destroy them!

PSP M33 USER.

MY new PC is a laptop and I love it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users