2 odd files

Discussion in 'privacy problems' started by nokryptonite, Apr 15, 2007.

Thread Status:
Not open for further replies.
  1. nokryptonite

    nokryptonite Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    4
    Hi all.. hope this is the right place to post as I am new to all of this..

    OS windows vista

    found two files today in a directory called "My Data Sources"

    they are named

    +NewSQLServerConnection

    and

    *Connect to new Data Source

    they both seem to be excell files but I get a security warning about connection when I try to open them (from excel itself)

    I am suspicious becasue both files have creation dates of 2000 (on brand new machine)

    I recently installed Office 2007.. not sure what gives here.. any suggestions?

    Sound fishy?
     
  2. MICRO

    MICRO Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    1,020
    Each of those items appears to be related to Office/Excel
    and I can't see anything re. them being fishy malware of any kind.

    Maybe someone can tell more re. their usefulness.
     
  3. nokryptonite

    nokryptonite Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    4
    Many thanks I deleted the files anyway with no seeming adverse effects. Thanks for checking it out for me. I also had a couple of questions about a windows defender alert regarding a file named wd.sys. A quick check online revealed that a "hax" trojan uses this file. Now I am wondering if this file is a standard windows file or what. Also while checking my event viewer I get this funny alert telling me that on shutdown my registry "leaked" a handle. Now I would not worry about this so much except that on shut down I have noticed some "unusual" behavior. It seems that every Icon I have clicked on my desktop gets quickly "reclicked" seconds before shut down. Just several quick flashed on all of the desktop icons I have used during the session. I was able to replicate this behavior on a similar machine at a store and was unsure of what it meant. any suggestions about these things or am I being overly paranoid?
     
  4. MICRO

    MICRO Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    1,020
    Nokrypt.,

    This wd.sys thing could be as you suggest, a concern, and causing your machine these other bits of strange behaviour - I have no idea how you have set up your security system but I would make sure I had installed and run these - I would not Delete the wd.sys file until one of the anti's picked it up as malware.

    Superantispyware
    Ad-aware
    Search & Destroy
    Win Patrol
    HijackThis
    CWShredder
    Spywareblaster
    Spywareguard
    Firewall
    Mark Jacob's Reg Watcher
    AVG Anti-virus

    If you already have your own setup, well and good, because as you have no doubt observed here at Wilders, it's very different smokes for very different blokes - If you do have a setup already then I would be running your machine through a couple of Online scanners such as,

    www.kaspersky.com/virusscanner
    www.webroot.com/services/spyaudit_03.htm

    At this next addy I would upload wd.sys and allow Jotti's to run their dozen
    top scanners through it.
    http://virusscan.jotti.org/

    Just entered wd.sys at,

    http://www.softwaretipsandtricks.com/sys/index.php

    and they say there IS a legit. wd.sys file,
    M$'s - Watchdog Timer Driver 11.264 bytes

    Regards.
     
    Last edited: Apr 16, 2007
  5. nokryptonite

    nokryptonite Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    4
    well I am using kasperksy internet security 6.o and as of yet it has not picked up anything strange neither has the windows defender scan. (all signatures up to date) I may do as you suggest and try the other programs. I am very cautious though about some of the programs as some can "parade" as antivirus software but are really malicious in nature. I did a search and turned up four instances of the file. As for the files sizes none of them match the file size you listed. Two are small about 4 kb and the others are 19 kb so there, you have it weird eh? also noticed that two are listed as MUI file tpes while the others are sys type starnge eh?
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Why not upload them to Virus Total.
     
  7. nokryptonite

    nokryptonite Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    4
    Firstly I wanted to thank you guys for taking the time to read the suggestions.. since them I did a complete system recovery and chose to try the prepackaged norton internet security package over kis 6.0 I will see what the difference is. I had also downloaded and run spybot s and d before doing this and was informed that some registry entries that had been made matched changes that AGOBOT worm virus makes. This was the reason I decided to do a full recovery and install. anyhow.. feeling SLIGHTLY less paranoid now.
     
Loading...
Thread Status:
Not open for further replies.