Figuring out IMON Client Compatibility List

Discussion in 'NOD32 version 2 Forum' started by MatthewHSE, Jan 12, 2007.

Thread Status:
Not open for further replies.
  1. MatthewHSE

    MatthewHSE Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    3
    I have the full version of Nod32. When I checked the client list found under IMON > Setup > HTTP tab > Client Compatibility, I found the following two entries that I don't understand:

    User Agent: IS Download DLL - File: is-9HEIL.tmp
    User Agent: IS Download DLL - File: is-JCD3A.tmp

    These seem suspicious and have me thinking about spyware or viruses.

    Both entries in the list of clients were created at different times. The first *seems* to have been created yesterday (it *may* have been any time in the past month) but the second was definitely created today.

    I searched my computer for both files, but they're not present on my system anymore. It seems a little suspicious to have .tmp files in a list that is apparently applications that have accessed the Internet from my computer. I'd appreciate it if someone could shed some light on this for me.

    Deep scans with fully-updated copies of Nod32, Spybot S&D, AdAware, Windows Defender and RootkitRevealer come back with nothing. This is a one-month-old clean installation of Windows XP Pro SP2, behind a NAT-enabled router with no port forwarding or DMZ.

    Thanks in advance for any ideas,

    Matthew
     
  2. ASpace

    ASpace Guest

    Hello and Welcome to Wilders .

    When you have scanned with so many excellent softwares it is less likely you are infected .

    Make sure your search settings for the Windows search engine are like the one in screenshot and again search for the files
    is-9HEIL.tmp
    is-JCD3A.tmp

    If you can find then , submit them to Virus Total www.virustotal.com and to ESET labs samples@eset.com
     

    Attached Files:

  3. sharketor

    sharketor Registered Member

    Joined:
    Sep 29, 2006
    Posts:
    10
    I have the same problem, there are 2 items with .tmp extension in http compatibility setup: user agent WISE. It is something related to installation of a chat program, icq or msn, or a program that required internet connection. I don't remenber now. So I think that you don't have a virus, but the 2 entries probably were created during installation of a program. My question is: why nod32 doesn't delete all the old entries in http compatibility setup? If the .tmp file doesn't exist anymore, why it is still there?

    o_O
     
  4. MatthewHSE

    MatthewHSE Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    3
    Thank you for your quick reply!

    My search settings were set up as shown in your screenshots, but the files still couldn't be found. I agree that so many scans aren't likely to be wrong, but I'm still a little nervous about programs accessing the Internet when they're called "Download DLL" and have .tmp file extensions...just doesn't seem right somehow.
     
  5. MatthewHSE

    MatthewHSE Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    3
    Maybe, but I doubt it in this case. I haven't installed anything (except Nod32 and Spybot S&D) in the last few days. Besides, I know that there was only one of those files last night, and a few hours after turning on my computer this morning, there were two of them. I ran no installs in the meantime, unless you count updating the malware scanners.
     
  6. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    The only installer I've seen which generates random .tmp connections when it has to download something are the installers made by the application InnoSetup (and possibly some old installers too).

    Seeing as the names of the files you have in the list are called is-JCD3A.tmp I'm quite sure from an InnoSetup installer which has downloaded extra content for some application(s) you've installed.

    I wouldn't worry about it. In fact I have tons of those when I test some of my own stuff that has to be downloaded :)
     
  7. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Sorry for bumping this, but did you find the app/installer that made the connections?
     
Thread Status:
Not open for further replies.