Unknown File

Discussion in 'adware, spyware & hijack cleaning' started by Blackspear, Mar 3, 2004.

Thread Status:
Not open for further replies.
  1. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    The only reference I could find to this file does not explain anything about it, except that it is suspicious...

    http://lib4.wsulibs.wsu.edu/hdparse/machines/holeast1ge.html

    Anyone know what it is o_O

    Cheers :D
     

    Attached Files:

  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    I do not know what the file is either, and like you, can not find out any info about it anywhere.....

    To me it is suspicious, have you tried scanning the file with any AV's or AT's? or possibly submitted it for analysis anywhere?

    Regards,
    Kent
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Puff-m-d, didn't know where to submit it, so I thought I'd give it a go here first and see if someone knew more about it or could point me in the right direction...

    Cheers :D
     
  4. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi Blackspear,

    Could be an uninstaller

    Can you rightclick that file and cehck properties? Does it have a version tab or maybe it displays some company name there in any of the tabs?

    Cheers,
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks for your reply Unzy, I think so as well, however when CWShredder pulled it up, thought it best to check. There are 3 similar icons grouped together, see attached pic.

    Cheers :D
     

    Attached Files:

  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I also found reference to "Unvise32" here:

    http://www.computercops.biz/postt12387.html&view=previous

    Still none the wiser...

    Cheers :D
     
  7. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi Blackspear,

    I believe unvise32 belongs to the DivX Pro codec. Do you have that installed?

    About CWShredder detecting this :

    The reason such a file can be detected by CWShredder is that one of the CWS variants uses random names as executables, for instance : uifgr5gthj.exe. Because you cannot target such an executable (because it is on each PC a different name) CWShredder scans your machine for files which it thinks are randomnamed.

    Therefor, in some occasions it can be CWShredder suddenly says : "is this file random named?" and it could be that it detects in reality a file which is legit.

    Other users said the shredder asked if 'direct32cc' etc were randomnamed, while those are in fact legit.

    I'm not particulary found of this option in CWShredder, but there are not many other ways to detect that particular CWS variant.

    Although, the randomly named executable of that CWS variant is always 10 digits, so I wonder why it also asks for files with lesser/ or more digits. I think you can add in the code :

    "look for 10 digit random named files"

    I think we will see much more of these questions :doubt:

    To me personally, it's an uninstaller, no harm done on your PC

    Hope this helps

    Cheers,
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Unzy, many thanks, I do have Divx installed. Now I have more of an understanding, and with that it allows me to be more at ease :D

    Cheers :D
     
  9. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    You're welcome :)

    Take care

    Cheers,
     
Thread Status:
Not open for further replies.