Page 4 of 4 FirstFirst ... 234
Results 31 to 33 of 33

Thread: Rogue executable in C:\windows\temp

Hybrid View

  1. 10-26-2007, 03:01 PM #1
    PhilliePhan's Avatar
    PhilliePhan
    PhilliePhan is offline High-Voltage Messiah
    Join Date
    Aug 2006
    Posts
    578

    Lightbulb

    Quote Originally Posted by hipp2112 View Post
    Quick question that is slightly off subject. Have you heard of a product called Powersuite 2007 by Spotmau? there was a link to this on nliteos.com and was curious.
    Thanks.
    Hi Scott,

    I am not familiar with Powersuite 2007, though I have had similar "home-made" tools over the years. I am not as up-to-date on tech stuff these days as I am transitioning from "tech guy" back to "liberal arts guy." LOL!

    That may be why I can't see anything in those logs - they all look pretty clean.

    The ones that raise my suspicion are Quicksweeper, Regcure and XSoftspy . The latter two because, if I remember back a few years, required purchase to remove stuff and may have been on Spyware Warrior's Rogue List.
    -- Have you completely uninstalled QuickSweeper?

    Anyhoo, I imagine the problem started BEFORE those products were installed, so we rule them out.

    The only other thing I can think of is that C:\Program Files\BlueStar Is that the Astronomy program?
    It might be tied to VitalStream/Internap in some way. Perhaps it uses a product or service. Maybe we should e-mail THEM!?

    http://www.vitalstream.com/
    abuse@vitalstream.com
    TechPhone: +1-800-254-7554
    TechEmail: noc@vitalstream.com


    -- What about Process Explorer? Any luck tracking the rogue .exe in TEMP?

    Sorry I can't be more help. There ARE a few more scanners we can try, but let me know what you find with PE first.

    Best
    PP
    Philadelphia Phillies
    Reply With Quote Reply With Quote
  2. 10-26-2007, 03:08 PM #2
    hipp2112
    hipp2112 is offline Junior Member
    Join Date
    Oct 2007
    Posts
    17
    RegCure and XoftSpy were 2 programs just recently installed. I found mention of these in another forum before I found this one. I have not yet uninstalled QuickSweeper. I've been dealing with a major BlackBerry problem all day. BlueStar is an addon to our Microsoft Dynamics AX ERP package. It is used to store and view CAD drawings. Everyone in the company has this installed.
    Reply With Quote Reply With Quote
  3. 10-26-2007, 03:22 PM #3
    PhilliePhan's Avatar
    PhilliePhan
    PhilliePhan is offline High-Voltage Messiah
    Join Date
    Aug 2006
    Posts
    578

    Lightbulb

    Quote Originally Posted by hipp2112 View Post
    BlueStar is an addon to our Microsoft Dynamics AX ERP package. It is used to store and view CAD drawings. Everyone in the company has this installed.
    Thanks - that was one that I was not familiar with. Thought maybe it was the astronomy program. If memory holds, it used video applications similar to what vitalstream provides.

    -- It it just the one compy that tries to dial home?


    My friend ShadowPuterDude took a tiny little batch I wrote some time ago and vastly improved it. You could try running it and posting the log. Maybe it will help?

    ISeeYouXP by ShadowPuterDude
    http://downloads.malwareteks.com/ISeeYouXP.exe

    -- Double-click ISeeYouXP.exe, ISeeYouXp will be extracted to C:\ISeeYouXP.
    -- ISeeYouXP will autorun after installation.

    NOTE: Vista Users ISeeYouXP will not autorun on Vista.


    I'll try to check back tonight.

    Cheers
    PP
    Philadelphia Phillies
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules