Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zonealarm Sec Alert Selfextr Mfc App Trying To Launch...


  • Please log in to reply
4 replies to this topic

#1 Kikki

Kikki

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 08 April 2007 - 12:58 PM

there is no information anywhere about a zonealarm firewall popup security alert window that came
up today, sunday, 4.8.07. I HAVE HAD A COUPLE OF "CHANGED" SYSTEM 32 FILES show up when i
run avg, so it may be related or not.

i simply cannot find information on any of this zonealarm security alert, what it pertains to, what it
does, etc. i am the wireless home administrator of two computers and a printer, with file and printer
sharing. i run windows xp pro SP2 on the desktop, and the laptop runs windows xp home SP2. both have
zone alarm and avg (free) antivirus loaded.

i use mozilla firefox as a browser. i have a few toolbars installed onto my own admin account, but not all
on the limited user account. the ones that i use are:

firefox
microsoft custom links
yahoo
stumbleupon
google

the google search and a search here does not reveal what this means:

(a red zonealarm alert upon reboot):

SUSPICIOUS BEHAVIOR

selfextr MFC Application is trying to launch

C:\WINDOWS\system32\extrac32.exe, or use another program to gain access to privileged
resources.
Application: RELEASE_01_3062.EXE

Properties: version 1.0.1.11
description: selfextr MFC application
copyright: 2006 Gteko Ltd.

is this a part of the google desktop application? is it part of google? google search did not return
anything.

i am going to DENY it access as of now, but i need to know what it is in trying to fix a problem
with RAM memory that shows up on my limited user (patti, my assistant) account, yet, it has a
green dot within the zonealarm program list!

this is what i see on patti's limited logon, even if i shut down my own google desktop:

Google desktop problem. could not update database. there may not be enough free space on
the drive or another program may be locking up the database. free up disk space or try uninstalling
and reinstalling google desktop. D 800700 20 5.1.10634 (showing on the desktop only).

after i had installed firefox and the google desktop bar that i use, i noticed, upon running an
antivirus scan using AVG free antivirus (the best), that two files are now CHANGED:

FILE: user32.dll and
FILE: ntoskrnl.exe

they just are CHANGED, and AVG does not show them as infected, so i don't understand
what "changed" refers to.

they are both inside of this path:

C:\WINDOWS\system32\filename above

i didn't find anything to help me figure out why these system32 files are showing up as changed
when i performed google search. it just doesn't make any sense to me.

i have to do an introduction, sorry.

please, please, please help me! Because i DARE NOT reconfigure the wireless laptop until i
know what this means and how it affects the WINDOWS registry.

i do not use any registry cleaner and don't trust them at all. i do not know how to fix my own
registry and am scared to do anything with it.

PLEASE HELP ME!!!

sincerely, kikki :thumbsup:






i am just rebooting today on the desktop

BC AdBot (Login to Remove)

 


m

#2 isuelde

isuelde

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 16 April 2007 - 02:40 PM

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GTek\GTUpdate\AUpdate\Channels\ch2\CIP\RELEASE_01_3062.EXE

seems to be a possible install directory.

Searching for Gtek online gets me:

http://www.gtek.com/products.html

If you've installed anything like that recently, denying it might stop whatever you installed from functioning correctly. Other than that, I don't see anything wrong with the course of action you took. Note also that the program does not seem to demand network connectivity in any way.

Seeing as you're a wireless home administrator, and many of Gtek's products have to do with wireless functions, I would look for any new additions from their product lines.

#3 Kikki

Kikki
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 22 April 2007 - 01:31 AM

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GTek\GTUpdate\AUpdate\Channels\ch2\CIP\RELEASE_01_3062.EXE

seems to be a possible install directory.

Searching for Gtek online gets me:

http://www.gtek.com/products.html

If you've installed anything like that recently, denying it might stop whatever you installed from functioning correctly. Other than that, I don't see anything wrong with the course of action you took. Note also that the program does not seem to demand network connectivity in any way.

Seeing as you're a wireless home administrator, and many of Gtek's products have to do with wireless functions, I would look for any new additions from their product lines.

thank you very much. i am not getting THAT issue anymore. NOW, still, when i run AVG antivirus i STILL see that two files have been "changed," but not that they are infected at all. no antiviral, even if i turn off avg and do an online scan, shows that i am infected. but these two files are "changed:" ntoskrnl.exe and user32.dll. do you know why they are "changed?" would they have been changed by adding firefox or by using the website called www.stumbleupon.com? on top of that, i did some research at microsoft about the first changed filename, but it was not pertinent to my particular situation. however the kb article pointed to a trojan worm. but no antiviral can find one! so NOW, whenever i try to install a plugin to firefox, i get an error that says that it will not install (it gets stopped towards the end of the install) due to a 203 error. it says to look at the "error console" to find the 203 error. i have no idea where the error console is. MS does not refer to an error console. do you know anything whatsoever, or have any idea, what this could be?
THANK YOU FOR YOUR ANSWER TO MY QUESTION!!! kikki

#4 buddy215

buddy215

  • BC Advisor
  • 12,616 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:25 AM

Posted 22 April 2007 - 06:44 AM

I don't have 2.0 but in 1.5 the Java Script console (called error console in 2.0) is accessed from the tools drop down menu.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 alumbagh

alumbagh

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 22 April 2007 - 11:07 AM

Hi, Kikki.
"after i had installed firefox and the google desktop bar that i use, i noticed, upon running an
antivirus scan using AVG free antivirus (the best), that two files are now CHANGED:

FILE: user32.dll and
FILE: ntoskrnl.exe

they just are CHANGED, and AVG does not show them as infected, so i don't understand
what "changed" refers to."

Don't worry about the above two changes.
I bet you have recently downloaded and installed some Windows Updates. Such things make updates and changes to your registry, and AVG (being diligent about sniffing around in the registry) detects these changes and reports them, but if you look at the report it has a blue icon with an "I" in it, meaning "information".

These are not nasties, in fact after I download my Windows patches and run AVG, I would be worried if I take not get that info report.

If you want to stop AVG making that report, open up the Test Center scan findings box, press key F3 and a dialogue will open in which you can delete the report and tell AVG to ignore such items in future.
I, however, like to see that report as it is a useful confirmation that the Windows patch has "taken".




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users