Ooops! 2 mysterious .ocx files

Discussion in 'malware problems & news' started by bellgamin, Mar 31, 2014.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    One of my file integrity checkers, "TinyWatcher", just posted an alarm stating that 2 .ocx files have been modified. The 2 files are:
    C:\WINDOWS\system32\JE9I4EW5.ocx (modified on 3/22)
    C:\WINDOWS\ULYP5O85.ocx (modified on 3/26)

    My right-click-instigated check by Avast reports these 2 files are okay.

    Even so . . .
    I uploaded each of these 2 files to VirusTotal. Result: VT reports both are clean. ODDLY: both have exactly the same SHA256 hash.

    REQUEST YOUR COMMENTS:

    1- Two files with different file names but having the same hash! What gives, I wondero_O

    2- The 2 files were modified on 2 different dates, respectively, within the past week. I haven't done anything, computer-wise, except surf. So . . . what kind of application would use &/or modify an .ocx file?

    3- I checked these with VT & Avira. I wouldn't mind having a 3rd-opinion program. Does anyone know of another online virus checker that will check a single file, as does VirusTotal?
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Hi, Tiny Watcher ! Yeah i liked it a lot when i had it on my 98SE comp :)

    I wonder why if they were (modified on 3/22) & (modified on 3/26) you've only just been notified of them ?

    They could be the same files, but with the names changed ?

    If you right click on them, what does it say in "Properties"

    You could rename them for now by putting for eg an x on the end of them, until you find out more about them ;)

    Regards
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    TinyWatcher has a reversible "disable" function. I have disabled them for now so that I can see what, if anything, is affected thereby.
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  5. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    bellgamin,
    ActiveX utility fromNirSoft
    http://www.nirsoft.net/utils/acm.html
    displays .ocx names, date, who made it, and more. Perhaps you can find out more what it's about using their Find.
     
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    Probably Adobe Flash. Oh yeah, nice to see you back, bellgamin :) :thumb:
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Thanks! I checked that resource. It did not recognize the file. Also, I Googled hi & low & checked several links resultant therefrom. Zilch info.

    Ah well -- those files are disabled so... :blink:

    ~~~~~~~~~~~~~~~~~~~~~~~~~
    10Q wat & act. Mahalo nui loa from Hawaii!
     
Loading...
Thread Status:
Not open for further replies.