Trojan Hunter find -- point32 missing

Discussion in 'other anti-trojan software' started by marti, Mar 29, 2002.

Thread Status:
Not open for further replies.
  1. marti

    marti Registered Member

    Joined:
    Mar 25, 2002
    Posts:
    646
    Location:
    Houston, Texas, USA
    Ran Trojan Hunter -- what does this response mean?

    File scan (autostarted files, running executables)
    While scanning C:\WINDOWS\Rundll32.exe: File point32.exe not found
    No trojan files found


    point32 is in the proper place:

    C:\Program Files\Microsoft Hardware\Mouse\point32.exe


    Startup programs:
    Summary of active startup programs as of 03/29/2002 12:39:27 PM
    This list does not reference programs launched by autoexec.bat or other referenced batch files
    It also does not reference programs disabled using the msconfig.exe utility
    -------------------------------------------------------------------------
    -------------------------------------------------------------------------
    -------------------------------------------------------------------------


    The following programs are launched by the named registry keys
    -------------------------------------------------------------------------


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    UPS = C:\Program Files\Pwrchute\ups.exe

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    SystemTray = SysTray.Exe

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun

    ICONCLNT = C:\Program Files\Pwrchute\iconclnt.exe

    VetTray = C:\PROGRA~1\ETRUST~1\VETTRAY.EXE

    ScriptSentry = C:\PROGRAM FILES\SCRIPT SENTRY\SCRIPTSENTRY.exe /check

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    POINTER = point32.exe

    Vet Alert = C:\WINDOWS\System\VetMsg9x.exe



    The following programs are launched by shortcuts in the All Users StartUp folder
    -------------------------------------------------------------------------

    ZoneAlarm Pro = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe




    The following launch lines are present in the Win.ini file
    -------------------------------------------------------------------------


    load=

    run=

    CAD results:
    http://pages.sbcglobal.net/computermoon/cad032902.jpg

    Running Win98SE.
     
  2. SmackDown

    SmackDown Guest

    Run msconfig, and you should find some program being called to start up that doesn't exist any longer, perhaps you uninstalled it or something. What version of TH are you running?

    TH may have just given you the wrong name, if you look in msconfig, see if there is a program being called to start up with windows, that shouldn't be meaning you uninstalled it.


    PS they have a forum also. http://www.misec.net/cgi-bin/yabb/YaBB.cgi

    And a similar Question has been asked and aswered here. http://www.misec.net/cgi-bin/yabb/YaBB.cgi?board=TrojanHunter&action=display&num=1017118870
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi marti,

    I asked the author in the meanwhile to drop by and answer your question.

    regards.

    paul
     
  4. marti

    marti Registered Member

    Joined:
    Mar 25, 2002
    Posts:
    646
    Location:
    Houston, Texas, USA
    SmackDown,  I included my msconfig in my initial post.  All are valid programs, and have been in place for a very, very long time.  All entries in the msconfig correspond to running tasks.  Enternet & RNAAPP are due the PPPoE s/w required for my ADSL connection.

    I have the evalation version of TH, version 2.53, build 581.  The definition files are up-to-date (according to the "liveupdate" feature).

    I have been trying to find the answer to my question for two days, now.  Finally gave up and posted for additional help.

    Paul, thanks for notifying the author.
     
  5. marti

    marti Registered Member

    Joined:
    Mar 25, 2002
    Posts:
    646
    Location:
    Houston, Texas, USA
    Something is going on here.  Rnaapp should not have been running!!!!  I checked later on, and it was not there.  I rebooted, started the PPP0E s/w (EnterNet 300) and Rnaapp is not part of it.  I checked the modem logs, last time the dial-up modem was used on on March 20.

    Poltergeists.  :D :D :D
     
  6. MagnusMischel

    MagnusMischel Registered Member

    Joined:
    Mar 30, 2002
    Posts:
    6
    I'll have to look over the code that handles the path parsing. TrojanHunter should have found point32.exe if C:\Program Files\Microsoft Hardware\Mouse\ is in your PATH environment variable. (It should be, or Windows won't even know how to autostart point32.exe.) If you could verify that C:\Program Files\Microsoft Hardware\Mouse\ is in your path (or verify that point32.exe does autostart) then that would be great. I'll have a look at this issue anyway, and if there's a problem with TrojanHunter it will be fixed with a new build.
     
  7. marti

    marti Registered Member

    Joined:
    Mar 25, 2002
    Posts:
    646
    Location:
    Houston, Texas, USA
    The mouse is installed correctly, as far as I can determine.  It's there at bootup.  In  system info (win98SE), there is an item called "system hooks."  The only item listed is the mouse, and the path is correct.  

    I have not installed nor uninstalled the mouse.   However, I did reload the mouse drivers a few weeks ago.  Can't see how that would cause a problem.

    thanks for stopping by to help me.

    marti
     
  8. marti

    marti Registered Member

    Joined:
    Mar 25, 2002
    Posts:
    646
    Location:
    Houston, Texas, USA
    Don't know what was going on, but that annoyance is gone.  I uninstalled a program loading at startup, but that didn't help.  I then started modifying programs so they wouldn't load at startup.  I put them back in, one at a time, and things were OK.  I left the "point32" entry out, as the mouse works just fine without it.  

    thanks for all the replies,
    marti
     
  9. SmackDown

    SmackDown Guest

    Glad you got it fixed.
     
Thread Status:
Not open for further replies.