XP PRO mystery files?

Discussion in 'other software & services' started by SG1, Oct 10, 2005.

Thread Status:
Not open for further replies.
  1. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    432
    Anyone know what c\windows\is-omlcr.exe & is-omlcr.lst files are from/for? Google search on them turned up nothing.

    Had/have registry entry from hell left over from JR's Installer, that calls to file is-gsv13.exe in c:\windows - a file that no longer is there; tried everything to kill that registry entry, including advice from JR and to no avail thus far; said registry entry returns almost instantly. The Reg. entry is "viral like" but is not a nasty; my 384,000 security apps I run say it's not anything evil --- but I thought the above two files I asked about were related to the missing .exe file that the Registry entry calls to(?)

    Thanks for hlp/info, SG1 (Pat)
     
  2. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
  3. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    432
    Close Hauled;

    See link (to) Symantec's site, re my query: found note at newsgroup for JR's Installer, and it would seem that someone's already using that app for installing crap.
    http://securityresponse.symantec.com/avcenter/venc/data/spyware.atwinspy.html

    The Registry entry in my case, calls to a file "is-gsv13.exe" that is not on any of 3 HDs (or at least not under that name) and hence, gives an error msg. at each bootup that said file can't be found in Windows DIR.

    IF I have/had, a nasty on this PC while running 394,000 security apps, I'll give it up and unplug the sucker in sheer dismay. My Program Files DIR literally runs from A to X re apps and almost all are security or PC maintenance related.

    Anti worm(2)/anti trojan(2)/Avs (3) min. running while on net, and all manner of apps that lock down browser and OS proper. I could cut and paste a software audit of apps I use (from Belarc Advisor) here, that would make your head spin and eyes glaze over, from reading <g> and if I had been nailed by a nasty, I'd
    fill the tub with gin and cut my wrists. Not really, of course, but I would be really steamed over being whacked by some ***hole.

    ButButBut... any further thoughts on this? I've found your help and thoughts on PC things to be well reasoned, and a help, so if you have opinions, by all means I'd love to hear 'em.

    Thanks, SG1 (Pat)
    =====================================
    *** Have added file from TrojanHunter scan - not sure what it means, but just the word "alternate" data stream sounds scary?!
    What is this?
     

    Attached Files:

    Last edited: Oct 11, 2005
  4. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    SG1,

    The following entry looks like it is an address that has been obfuscated, or a temp directory:

    Setup2=QWaAwMsrjVN8IynZ4AdAm/s5kATQFwc

    If we could see the entire line of text, then maybe we can deobfuscate it, or figure out what the address is.

    I would also move this to the trojan section. People there are more capable when it comes to tracking down unknown processes.
     
    Last edited: Oct 12, 2005
  5. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Try using the free Kaspersky Webscanner, i seem to remember that you use AVG? Gsv.exe you can remove as it is up to no good.:)
     
  6. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    432
    Don;

    Thanks for reply/info: but the file is-gsv13.exe or even gsv.exe does not exist on our PC - it's just a Registry entry that I can't get rid of, that calls to said WIN dir file, and thus - I get error msg. at bootup time. (So, there is no file to be scanned - it's not there).

    SG1 (Pat)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.