_iu14d2n.tmp

What the heck. I just got done worrying over the GLB1A2B.EXE thing and now this. I ran across both files while looking through PG's security tab. When I looke them up on google I see no definitive info on what these things are. Some say it's part of Ad-Aware, some say it's a worm/virus hybrid. Someone on some forum recommened deleting this file through explorer but I coulnd't find it. Regardless, on both files I just set their permissions to deny always and rebooted. Still, i'm a little worried. I've run all kinds of online tests etc and nothing has come up. I'm a fully registered TDS-3 owner and that has come up with nothing either. Someone please help me.

PS I just downloaded hijack this so I'll run that and post here if you like.

Thanks.

 

HiSpray-on Dust, Don't post your HJT log yet please.

Can I suggest you do a search of your hard drive, open windows explorer then tools - folder -options - view - Enable "show hidden files & folders" and below that untick "Hide protected operating system files(recommended)"
Now search for GLB1A2B.EXE If you can see it please report back it's location ie. Path.
If this is unsuccessful do "Start - run - Type "regedit" without the quotes and press return - open the Edit menu and select find put GLB1A2B.EXE in the search box press return and see if there any registry entries note them down if one is found press F3 until you get the report that the search is complete. Note all entries and report back here. Please make no changes yet.

Thanks. Pilli

 

Many temporary files are loaded during installation of programs and deleted automatically after the install. If Process Guard is running at the same time and the .tmp file was an executable file and permission was asked and given for "Allow" it would remain in the Security list but not be found on your computer, having already been deleted.

 

Good points Linney

 

Ok I found an entry in the registry:

My Computer\HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603

Then inside the 5603 entry there is an ab (default) REG_SZ (value not set)
Then below that is the GLB1A2B.EXE entry. It reads: ab 000 REG_SZ GLB1A2B.EXE

Hope I typed that out in a coherent enough manner for you.

Thanks.

 

Anything with MRU stands for Most Recently Used and is a reference to you searching for that particular file. Search for a file called "Linney" on your computer, make sure RegEdit is not loaded. After the search open up RegEdit and then look in the same location you mentioned, you should see "Linney" listed too.

 

Hi Spray-on Dust, Then I think that Linney was correct about a temp install file. If they were caused by temp installer files then once removed from the security list or given the permit once allow, you should see no more alerts.

As a sort of double check you could also look in your Task Manager and note any application or processes that are unknown to you or that you think are dubious.

Pilli