Ooops! 2 mysterious .ocx files

Discussion in 'malware problems & news' started by bellgamin, Mar 31, 2014.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    One of my file integrity checkers, "TinyWatcher", just posted an alarm stating that 2 .ocx files have been modified. The 2 files are:
    C:\WINDOWS\system32\JE9I4EW5.ocx (modified on 3/22)
    C:\WINDOWS\ULYP5O85.ocx (modified on 3/26)

    My right-click-instigated check by Avast reports these 2 files are okay.

    Even so . . .
    I uploaded each of these 2 files to VirusTotal. Result: VT reports both are clean. ODDLY: both have exactly the same SHA256 hash.

    REQUEST YOUR COMMENTS:

    1- Two files with different file names but having the same hash! What gives, I wondero_O

    2- The 2 files were modified on 2 different dates, respectively, within the past week. I haven't done anything, computer-wise, except surf. So . . . what kind of application would use &/or modify an .ocx file?

    3- I checked these with VT & Avira. I wouldn't mind having a 3rd-opinion program. Does anyone know of another online virus checker that will check a single file, as does VirusTotal?
     
    bellgamin, Mar 31, 2014
    #1
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Hi, Tiny Watcher ! Yeah i liked it a lot when i had it on my 98SE comp :)

    I wonder why if they were (modified on 3/22) & (modified on 3/26) you've only just been notified of them ?

    They could be the same files, but with the names changed ?

    If you right click on them, what does it say in "Properties"

    You could rename them for now by putting for eg an x on the end of them, until you find out more about them ;)

    Regards
     
    CloneRanger, Mar 31, 2014
    #2
  3. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    TinyWatcher has a reversible "disable" function. I have disabled them for now so that I can see what, if anything, is affected thereby.
     
    bellgamin, Mar 31, 2014
    #3
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    MrBrian, Mar 31, 2014
    #4
  5. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    bellgamin,
    ActiveX utility fromNirSoft
    http://www.nirsoft.net/utils/acm.html
    displays .ocx names, date, who made it, and more. Perhaps you can find out more what it's about using their Find.
     
    act8192, Mar 31, 2014
    #5
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,066
    Location:
    Canada
    Probably Adobe Flash. Oh yeah, nice to see you back, bellgamin :) :thumb:
     
    wat0114, Mar 31, 2014
    #6
  7. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Thanks! I checked that resource. It did not recognize the file. Also, I Googled hi & low & checked several links resultant therefrom. Zilch info.

    Ah well -- those files are disabled so... :blink:

    ~~~~~~~~~~~~~~~~~~~~~~~~~
    10Q wat & act. Mahalo nui loa from Hawaii!
     
    bellgamin, Mar 31, 2014
    #7
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...