_iu14d2n.tmp

Discussion in 'ProcessGuard' started by Spray-on Dust, Dec 18, 2004.

Thread Status:
Not open for further replies.
  1. Spray-on Dust

    Spray-on Dust Registered Member

    Joined:
    Dec 6, 2004
    Posts:
    51
    What the heck. I just got done worrying over the GLB1A2B.EXE thing and now this. I ran across both files while looking through PG's security tab. When I looke them up on google I see no definitive info on what these things are. Some say it's part of Ad-Aware, some say it's a worm/virus hybrid. Someone on some forum recommened deleting this file through explorer but I coulnd't find it. Regardless, on both files I just set their permissions to deny always and rebooted. Still, i'm a little worried. I've run all kinds of online tests etc and nothing has come up. I'm a fully registered TDS-3 owner and that has come up with nothing either. Someone please help me.

    PS I just downloaded hijack this so I'll run that and post here if you like.

    Thanks.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    HiSpray-on Dust, Don't post your HJT log yet please.

    Can I suggest you do a search of your hard drive, open windows explorer then tools - folder -options - view - Enable "show hidden files & folders" and below that untick "Hide protected operating system files(recommended)"
    Now search for GLB1A2B.EXE If you can see it please report back it's location ie. Path.
    If this is unsuccessful do "Start - run - Type "regedit" without the quotes and press return - open the Edit menu and select find put GLB1A2B.EXE in the search box press return and see if there any registry entries note them down if one is found press F3 until you get the report that the search is complete. Note all entries and report back here. Please make no changes yet.

    Thanks. Pilli
     
    Last edited: Dec 19, 2004
  3. linney

    linney Registered Member

    Joined:
    Feb 17, 2002
    Posts:
    174
    Many temporary files are loaded during installation of programs and deleted automatically after the install. If Process Guard is running at the same time and the .tmp file was an executable file and permission was asked and given for "Allow" it would remain in the Security list but not be found on your computer, having already been deleted.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Good points Linney :D
     
  5. Spray-on Dust

    Spray-on Dust Registered Member

    Joined:
    Dec 6, 2004
    Posts:
    51
    Ok I found an entry in the registry:

    My Computer\HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603

    Then inside the 5603 entry there is an ab (default) REG_SZ (value not set)
    Then below that is the GLB1A2B.EXE entry. It reads: ab 000 REG_SZ GLB1A2B.EXE

    Hope I typed that out in a coherent enough manner for you.

    Thanks. :)
     
  6. linney

    linney Registered Member

    Joined:
    Feb 17, 2002
    Posts:
    174
    Anything with MRU stands for Most Recently Used and is a reference to you searching for that particular file. Search for a file called "Linney" on your computer, make sure RegEdit is not loaded. After the search open up RegEdit and then look in the same location you mentioned, you should see "Linney" listed too.
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Spray-on Dust, Then I think that Linney was correct about a temp install file. If they were caused by temp installer files then once removed from the security list or given the permit once allow, you should see no more alerts.

    As a sort of double check you could also look in your Task Manager and note any application or processes that are unknown to you or that you think are dubious.

    Pilli
     
Thread Status:
Not open for further replies.