XP PRO mystery files?

Discussion in 'other software & services' started by SG1, Oct 10, 2005.

Thread Status:
Not open for further replies.
  1. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    Anyone know what c\windows\is-omlcr.exe & is-omlcr.lst files are from/for? Google search on them turned up nothing.

    Had/have registry entry from hell left over from JR's Installer, that calls to file is-gsv13.exe in c:\windows - a file that no longer is there; tried everything to kill that registry entry, including advice from JR and to no avail thus far; said registry entry returns almost instantly. The Reg. entry is "viral like" but is not a nasty; my 384,000 security apps I run say it's not anything evil --- but I thought the above two files I asked about were related to the missing .exe file that the Registry entry calls to(?)

    Thanks for hlp/info, SG1 (Pat)
     
  2. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
  3. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    Close Hauled;

    See link (to) Symantec's site, re my query: found note at newsgroup for JR's Installer, and it would seem that someone's already using that app for installing crap.
    http://securityresponse.symantec.com/avcenter/venc/data/spyware.atwinspy.html

    The Registry entry in my case, calls to a file "is-gsv13.exe" that is not on any of 3 HDs (or at least not under that name) and hence, gives an error msg. at each bootup that said file can't be found in Windows DIR.

    IF I have/had, a nasty on this PC while running 394,000 security apps, I'll give it up and unplug the sucker in sheer dismay. My Program Files DIR literally runs from A to X re apps and almost all are security or PC maintenance related.

    Anti worm(2)/anti trojan(2)/Avs (3) min. running while on net, and all manner of apps that lock down browser and OS proper. I could cut and paste a software audit of apps I use (from Belarc Advisor) here, that would make your head spin and eyes glaze over, from reading <g> and if I had been nailed by a nasty, I'd
    fill the tub with gin and cut my wrists. Not really, of course, but I would be really steamed over being whacked by some ***hole.

    ButButBut... any further thoughts on this? I've found your help and thoughts on PC things to be well reasoned, and a help, so if you have opinions, by all means I'd love to hear 'em.

    Thanks, SG1 (Pat)
    =====================================
    *** Have added file from TrojanHunter scan - not sure what it means, but just the word "alternate" data stream sounds scary?!
    What is this?
     

    Attached Files:

    Last edited: Oct 11, 2005
  4. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    SG1,

    The following entry looks like it is an address that has been obfuscated, or a temp directory:

    Setup2=QWaAwMsrjVN8IynZ4AdAm/s5kATQFwc

    If we could see the entire line of text, then maybe we can deobfuscate it, or figure out what the address is.

    I would also move this to the trojan section. People there are more capable when it comes to tracking down unknown processes.
     
    Last edited: Oct 12, 2005
  5. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Try using the free Kaspersky Webscanner, i seem to remember that you use AVG? Gsv.exe you can remove as it is up to no good.:)
     
  6. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    Don;

    Thanks for reply/info: but the file is-gsv13.exe or even gsv.exe does not exist on our PC - it's just a Registry entry that I can't get rid of, that calls to said WIN dir file, and thus - I get error msg. at bootup time. (So, there is no file to be scanned - it's not there).

    SG1 (Pat)
     
Loading...
Thread Status:
Not open for further replies.