Is it a sympthom of a Trojan or Backdoor on my PC?

Discussion in 'malware problems & news' started by Jeremy2, Aug 26, 2004.

Thread Status:
Not open for further replies.
  1. Jeremy2

    Jeremy2 Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    72
    I've Sygate firewall installed, and in the logs I've the following message:

    Application Hijacking has been detected
    The application: C:\WINDOWS\system32\notepad.exe try to launch another application: C:\Program Files\Mozilla Firefox\firefox.exe to go to remote host 209.158.113.3


    Very strange that notepad is trying to launch a browser.
    Any thoughts?

    Thanks in advance, Jeremy
     
  2. dostival_un

    dostival_un Guest

    That is not the real notepad. Notepad.exe is normally in windows folder, not system32
     
  3. pintakasi

    pintakasi Registered Member

    Joined:
    Aug 28, 2004
    Posts:
    1
    Location:
    France
    I had this issue before and cannot fix it using my antivirus so I just deleted the notepad.exe. After doing that I tried to repair my Win XP in order to reinstall the notepad to no avail. Later, I just replaced notepad with Note Tab - a freeware with full-featured text editor.
    I hope this help.
     
  4. squash

    squash Guest

    I use Notetab Light too...

    However if you want notepad back it's located in C:\WINDOWS\system32\dllcache ... which contains a backup of all the windows xp important files used by Windows file protection to bring back copies of files...
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
  6. Jeremy2

    Jeremy2 Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    72
    Hi,
    I have already run KAV, and Ad-aware, spybot, and TDS-3 Pro. (all daily updated).
    No thing was detected.

    Thanks in advance for any help, Jeremy
     
  7. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    that IP number is one of the US anonymous proxies so is automatically suspect unlewss you are running something like proximatron or a simialar application that would route all requests through an anonymous proxy

    I would automatically suspect a cws hijack attempt asd they often use a suspect notepad to perform their dirty deeds
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.