Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What Should I Do About These Startup Programs?


  • This topic is locked This topic is locked
3 replies to this topic

#1 kellydgk

kellydgk

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Houston
  • Local time:08:59 AM

Posted 06 June 2007 - 05:33 PM

These programs look really suspect. This is what HijackThis and A-Squared show me on the startup lists.
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

????r =
ehTray.exe = C:\Windows\ehome\ehTray.exe
updateMgr = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
Copernic Desktop Search 2 = "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
????r =

On A-Squared the first one shows up as "????r" and the last enry is four japanese characters and an "r".
What are these? What should I do?

BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,615 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:59 AM

Posted 06 June 2007 - 05:59 PM

ehtray.exe
http://www.bleepingcomputer.com/startups/e...y.exe-1525.html
--------------------------------------------------------------------------------

updateMgr
http://www.bleepingcomputer.com/startups/A....exe-17174.html
--------------------------------------------------------------------------------

Copernic Desktop Search
http://www.pcworld.com/downloads/file/fid,...escription.html

--------------------------------------------------------------------------------

You can also submit a file to Jotti. It will check the file with several antimalware programs.
http://virusscan.jotti.org/
--------------------------------------------------------------------------------

Do you have any reasons to suspect your computer is infected?

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 kellydgk

kellydgk
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Houston
  • Local time:08:59 AM

Posted 06 June 2007 - 07:40 PM

Sorry, I was not clear in my original post. I am only worried about the first and fourth entries, the ones that are "????r".
I included the others just so you could see the full context. I am working on a HijackThis topic but the person who is helping me is busy so I wanted to see if anyone else had any thoughts on those mysterious entries.

Edited by kellydgk, 06 June 2007 - 07:42 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:59 AM

Posted 07 June 2007 - 07:42 AM

Your hijackthis log is posted here. Please refrain from asking for help from other members or staff while you are being instructed by a member of the HJT Team. Any modifications you make can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the team member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer. To avoid confusing, I am closing this thread.

The HJT Team should be the only members that you take advice from, until they have verified your log as clean. I'm closing this topic until you are cleared by the HJT Team. If, after your log has been cleaned, you still need help, please PM a Moderator and we will re-open this topic. If you have any questions, don't hesitate to send me a PM.

Thanks for your cooperation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users