For as far back as I can remember, when I boot up my Lenovo laptop, a DOS window would pop up and be gone before I could read any of it.
Today I guess I blinked just right, and was able to read the top line, it's running something called plink.exe.
Searching the drive for "plink", all I find is...
C:\WINDOWS\Prefetch\PLINK.EXE-22215186.pf
with today's date and time.
What does this do? What program might be running it? ...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| San Tan Valley, AZ 85142 Skype: skypeanalog | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
If i remember it correctly, it's some kind of object code linker/loader (perhaps Borland or lattice compiler). Are you compiling something?
No. That's what has me puzzled.
Is there some way to record all of a login screen sequence and then run it in slow motion?
I guess I could try a camcorder ;-) ...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| San Tan Valley, AZ 85142 Skype: skypeanalog | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
I don't often give people a hard time for asking questions in the newsgroups, but really?
-- Rick
Go eat a 20% fat hamburger ;-) ...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| San Tan Valley, AZ 85142 Skype: skypeanalog | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
I think I need to screen record to locate the offending program that is running plink. As I pointed out, it only exists in the Prefetch directory... and I'm not sure what that means as well. ...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| San Tan Valley, AZ 85142 Skype: skypeanalog | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
This says that it is part of putty.exe. But i think putty.exe works by itself, it does not require any other files. It is probably a common place/directory for virus/malware to attach itself to.
The prefetch directory contains links that windows loads into memory. Sort of an application booster, since the image is already in memory it loads faster.
Peer into the .pf file and you should see the link to the exe. Heres the pdf of the format of the pf file
Cheers
I bet it's a virus program linking itself into other programs.
Just save a copy somewhere. Delete it and see if it breaks anything. If not, just leave it off. Get/Update anti-virus software just in case.
Thanks, Martin!
Back on DOS days I had an executable editor. What do you use now to view such a file? ...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| San Tan Valley, AZ 85142 Skype: skypeanalog | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
Couldn't really tell anything by looking into PLINK.EXE-22215186.pf with UltraEdit, but Taskmanager showed googleupdate.exe and googlecrashhandler.exe (both "call-home" POS's)... so I looked up how to dispense with them, and the DOS pop-up went away :-) ...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| San Tan Valley, AZ 85142 Skype: skypeanalog | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
I use CodeWright, but it is hard to find these days.
Why are you rebooting your machine so much anyway? I generally leave mine running and it often goes for over a month before rebooting.
-- Rick
I do a weekly malware scan... never finds anything, but does clean up all the extraneous trash... then I reboot. ...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| San Tan Valley, AZ 85142 Skype: skypeanalog | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
Open up the Task Scheduler and delete the Google stuff.
Cheers
Ah never mind, you probably did that already
I either use Wordpad(for a quick look) or Hexedit to look inside unknown stuff.
Cheers
Windows+R, regedit,
Search for "RunOnce" under a few places. See if that or the related folders (Run, RunOnceEx, etc.) contain anything suspicious.
Modify or delete registry entries at your own peril...
Tim
-- Seven Transistor Labs Electrical Engineering Consultation Website:
"Jim Thompson" wrote in message news: snipped-for-privacy@4ax.com...
BEAST! (20% is nasty)
Cheers, James Arthur
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| San Tan Valley, AZ 85142 Skype: skypeanalog | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
The first step towards wipe partition and reinstall Windows is to play with the registry ;-)
Grant
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.