Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Documents I Didn't Make


  • Please log in to reply
6 replies to this topic

#1 jerryc

jerryc

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 04 May 2007 - 11:24 AM

I happened to scroll over 'Documents' in the start menu and there are two things there that I did not make and do not know anything about. They open in notepad. They are titled 'administrator@.... ' one is one of my banks, the other is a site that I haven't gone to.
This is a very new install of XP, done last week, and has pretty tight security with Trend and some antispyware, or so I thought.
Any thoughts?

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:45 AM

Posted 04 May 2007 - 02:12 PM

Hi jerryc
Be on the safe side and scan wiyh your AV and this (use Free Home User version)SUPERAntiSpyware in Safe Mode.

Notice if they find any backdoor trojans..As thes will have compromised any passwords and financial info on your PC. Let us know the outcome.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jerryc

jerryc
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 04 May 2007 - 02:34 PM

Thanks, I did a scan with Trend office scan and it found this
HKTL_HIDEWIN.AA

Trend says it can't be cleaned. I then noticed that the taskbar icon for Trend was gone, so I tried to research it and their site isn't as clear as I seem to need. I called them and have been working on it, looking at things in the registry and under Trend in .msc. One thing they had me change, it appears that the baddie had changed a setting.
they had me send them a log and they said they replied with some links but the email hasn't arrived, after 20 mins. It's going to webmail so I don't see how anything could be interfering with that.
Before I called them I saw one page at Trend had a fix that included a zip file, I got that and unzipped, and can't open it. Kinda confused at this point and I have to go to work.

#4 jerryc

jerryc
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 04 May 2007 - 02:39 PM

And now I just got the email from Trend. says I have no virus, I have these.

HKTL_HIDEWIN.AA C:\Windows\cmdow.exe File cannot be cleaned. File was quarantined.

TROJ_ANICMOO.AX

and they said to turn off sys restore, safemode, rescan, delete cache etc.

I'll do this later, thanks for your help, any further comments welcome of course.

#5 jerryc

jerryc
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 04 May 2007 - 09:59 PM

Later... came home, booted to safemode. Taskbar icon for Trend appeared but was red not blue. Right click gave menu but nothing would actually work, scan, update, nothing. I tried to use IE to google things and that didn't work, couldn't find the page, internet was not working. Control panel/network settings was a blank page, nothing. Other icons worked however.
message from trying to run Trend was that it wasn't running, to start it and try again. Repeated attempts got nothing. Task manager said it was running...so?? I deleted cookies and TIF, rebooted normally, and all seems to be well, Trend is running, updated fine, ran it and found nothing. The files I first got started on were gone also, the shortcuts in 'recent documents' were there but they didn''t work,
'couldn't find files, do I want to delete the shortcuts?' Yes, and now it seems all is really gone.
But why did IE/network not work? and why did Trend not run in safemode? any ideas?
Thanks.

#6 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:02:45 PM

Posted 05 May 2007 - 02:12 AM

CMDOW Commandline Window Utility for NT4/2000/XP/2003 read this.

Info on AA extension

Info on AX

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,584 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:45 AM

Posted 05 May 2007 - 06:50 AM

cmdow.exe is a program that can hide certain windows. Such programs may have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These types of program may at times be detected by some anti-virus programs as a "RiskTool", "Hacking tool, "Potentially unwanted tool", etc. Anti-virus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user or take action to clean/quarantine it as in your case.

To be sure your system is clean, I suggest you do at least one online virus scan.
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]
F-Secure Online Scanner. <- Be sure to follow the directions on the F-Secure page for proper Installation. (also checks for rootkits).
BitDefender Online Scanner. <- Add a check by "Autoclean".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users