LicenseMan32.exe?

Discussion in 'other security issues & news' started by Tommy, Aug 8, 2006.

Thread Status:
Not open for further replies.
  1. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Suddenly my FW pops ups att each startup asking for network access for a file:
    C:\Program Files\Common Files\Microsoft Shared\Web Components\LicenseMan32.exe

    The registry entry is:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    "UpdateManager"="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Components\\LicenseMan32.exe"

    Could it be a part of AntiVir PE, which i just installed and deinstalled?

    Anyone heard about this one? Google brings no results.
     
    Last edited: Aug 8, 2006
  2. Lamehand

    Lamehand Registered Member

    Joined:
    Mar 2, 2006
    Posts:
    428
    Location:
    the Netherlands,very near to the North sea
    Can't you look at the properties of that file?, to get more info out of it.
    On the other hand, it wasn't there before and now all of a sudden, after installing/uninstalling some software you get firewall alerts, i would jump all over it and kill it, but that's what i would do.

    Lamehand
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    whatever that file is, neither google nor yahoo have any links. using msn tho i found this page which simply says the file is malware.
     
  4. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    No further informations in properties.
    I killed it. Interesting case because nether my AV nor my AT catched it. This exe tried to conect to google and where god knows els where.

    I uploaded it as a rar-file in case somebody else wants to scan it ~snipped url....Bubba~
     
    Last edited by a moderator: Aug 9, 2006
  5. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    well jotti's scanner found nothing and i dont know anything about that file.

    better safe than sorry i always say.
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    In this case that's the approach We will take in regards to a possible malware file "that tried to conect to google and where god knows els where".

    Even under normal circumstances We ask that malware links not be posted but in this questionable case....I do not wish at this moment in time to check due to our server issues and have erred on the side of caution and removed the URL.

    As for the future....if one has a questionable file that does show signs of being UPX packed making outbound connection to "god knows els where"....Please do not post a link to that questionable file here on Wilders. There are numerous choices available other than Wilders to share possible malware files.

    For what it's worth Tommy....the UPX portion does make mention of Borland if that by chance helps in regards to what you may have been doing at the time of the outbound. In any case....with our ongoing server issue it's not a good time to be checking and ask that we use caution during this up\down issue.

    Thanks,
    Bubba
     
    Last edited: Aug 9, 2006
  7. Texcritter

    Texcritter Registered Member

    Joined:
    May 6, 2005
    Posts:
    1,985
    Location:
    Teesside, North East England
  8. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    @Bubba
    sorry for posting the link, didn't had bad intentions. Will keep the rule in mind next time.

    @Texcritter
    Thanks for the links.

    Anyway problem solved, file and registry entry killed.
     
  9. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    yea the second one is teh same.
     
  10. Xes

    Xes Registered Member

    Joined:
    Aug 23, 2006
    Posts:
    1
    Location:
    Holland
Thread Status:
Not open for further replies.