To make a long story short... I accidentally opened an e-mail attachment I shouldn't have. (I had a "good" reason for doing so.) Wondering if its executable was lurking anywhere, I ran Process Explorer -- and there it was. Two clicks, and it was gone.
I will, of course, double-check the next time I restart.
In case folks here don't like opening links in postings (one never knows) I did a quick search for "Process Explorer" and it looks quite valid. My link for Microsoft's musings:
"Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded."
You might as well download from MS - or is the cnet version newer?
John :-#)#
--
(Please post followups or tech inquiries to the newsgroup)
John's Jukes Ltd. 2343 Main St., Vancouver, BC, Canada V5T 3C9
(604)872-5757 or Fax 872-2010 (Pinballs, Jukes, Video Games)
www.flippers.com
"Old pinballers never die, they just flip out."
Right and the reason for it being open is to scan your current apps that are running and if there is one of interest, it then can gain access to the app and do things like look at the client area, check menu settings etc..
Do not trust CNET down loads.... A good many and I say many apps that are hosted by CNET have been repackaged and tricks set up to get you to install what You don't want to start with..
I got trick by that once from them when I wanted to down load something they had, what they did was repackage it so the item you wanted was actually a down load tool bar and then it would open up the app you wanted which was the name of the tool bar I didn't want.. In short they switch the names around and made it deniable by them because they could make claim that the user clicked on the wrong one and in fact that wasn't the case. I later found out what was happening day by day, I would see these little apps being installed on my PC and a new ICON being added to the desktop.. they were spamming me with promotional software etc..
Trying to remove that was very tricky because they installed two different apps, one monitor's the other so if you remove one from the task window, the other would see it and restart it again. Not only that, they would rename it so I had to find the master file. I had to go into safe mode and fix the reg etc..
Jamie
Be aware that you may still have something in there. I know you used process explorer to find it but also these little funny programs do the same as what process explorer does and that is seeking out apps that are currently operating in your system, being on the desktop or in the background.
Most of those funny things do exactly what process explorer does and by you deleting it may have made you feel better but the damage might have already been done.
I once had an issue with CNET for example tricking me into installing something I did not want, they switch the file names around in the package so that you would click on the down loader install instead of the actually App you wanted. Process Explorer is a nice tool but just beware, the spammers also know how it works and I wouldn't suggest getting it from anywhere but MS.
Jamie
Didn't PE originate from SysInternals (I forget the author)? Together with that other invaluable tool Dependency Walker, also available from M$, which can tell you why a program does not run...
Mike.
In the ages of XP, a colleague at work found his PC endlessly rebooting after normal shutdown. Process Explorer was his only way to bring the computer to rest.
PE and the other utilities at sysinternals.com are pure gems.
Microsoft had reasons to persuade Mark Russinovitch lodging sysinternals.com under the wings of MS Technet. They could actually learn from him and Bryce Cogswell.
Cheers!
I'm not sure that's true of CNET, but it is true of other sites. I've never had problems with File Hippo.
Actually, I did. The EXE was present on the drive. Kaspersky caught it a little later (on its own, without my running a scan). I requested a removal, and had to restart the computer. I then ran a full scan, and it seemed to be gone.
Did you ever figure out what exactly it was doing? You may have gotten lucky before the damage was done or it may have already ran its course or what ever it was meant to do in the first place and you may not have what it was looking for.
I remember at one time my bank I do business with had a problem. One day I got an Email from an unknown source showing my back balance and a few other important things, indicating that I should log in to correct some details of my. There was a link available for me to use and I noticed that it didn't go to any site that was my bank.. So I used my regular log in and there was no problem with my details but, the information that was in my Email was spot on as to my accounts etc..
I quickly called them after several holds and pass me on to the next person, I was asked to change my user name etc because apparently a vast amount of customers that do on line stuff with their accounts were also getting the same emails, so it appears that not me but the bank got hacked and was able to view the customers accounts but not able to get the access information to remotely log in.
Just something to think about how some businesses are naive about the technology..
I work a lot coding on Windows and I can think of a half dozen ways off the top of head how to elude the user.
Jamie
No. I caught my mistake almost immediately after making it, and killed the process. About an hour later, Kaspersky found the file and deleted it
I was careless. But I'dordered an item from Costco Photo, and this looked like a status message. My mistake was not paying attention to the sender -- who was in Italy.
It never hurts to be overly suspicious. This was the first time something got through in over a decade. I have been warned.
Oh... handy trick... I was badly attacked back in 2004. The attack included malware that reinstalled itself at each restart. It occurred to me that if I changed the files' permissions to be executed or rewritten, a lot of problems would be solved. And they were. You don't need to remove a file -- just keep it from running or being replaced with a newer version.
To make a long story short... I accidentally opened an e-mail attachment I shouldn't have. (I had a "good" reason for doing so.) Wondering if its executable was lurking anywhere, I ran Process Explorer -- and there it was. Two clicks, and it was gone.
I will, of course, double-check the next time I restart.
I had a mighty scare today on my laptop. On booting, everything I tried to do resulted in an error message. I couldn't access msconfig, control panel, the Start/Stop button on the taskbar, System Restore, nothing. Right clicking the Start Menu did nothing. Kept saying something was trying to erase a registry entry or something.
Googling on my old laptop showed that with Win8, you can no longer get into safe mode by pressing F8 whilst booting, is has to be achieved via Windows actually allowing you to do this, and mine wasn't allowing me to do anything at all. Nightmare.
After a lot of perseverance, I finally discovered there is another instance of the Power Button if you press the Windows flaggy button to reveal all the "apps", a feature I never use. Clicking this Power Button whilst holding Shift finally allowed me to access System Restore. Which worked.
I don't know how this happened, I don't think I clicked any dodgy attachment and I don't do any dodgy websites, but I have been caught out in the past, and since learnt to be very suspicious of most things.
The first error message I got was "Windows Live Mail Calendar is corrupted", and Live Mail refused to run. This quickly progressed to the registry error message on everything I then tried to do.
Gareth.
I got an E-mail the other day from who claim to be a company of Amazon, "Audible.com", it was short and brief and the hot link they gave me spit out a URL that had nothing at all to do with Amazon or anything to do with any one selling something. It look more like some hooky location.
Jamie
enjoy
AutoRuns is your friend here.
Introduction
This utility, which has the most comprehensive knowledge of auto-starting l ocations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order W indows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show o ther locations, including Explorer shell extensions, toolbars, browser help er objects, Winlogon notifications, auto-start services, and much more. Aut oruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on thir d-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accou nts configured on a system. Also included in the download package is a comm and-line equivalent that can output in CSV format, Autorunsc.
You'll probably be surprised at how many executables are launched automatic ally!
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.