Unknown File on desktop

Status
Not open for further replies.
R

rahul_intlad

Posts: 13   +0
Hi,my first post on this forum,I am sorry if I make a mistake here will try and acquaint myself with the forum slowly.

Have been using zonealarm security suite as my firewall all along but was not happy with it hogging my system resources and boot time was very high.I have 256MB Ram and am running windows xp home edition.So after reading about comodo firewall here have shifted to comodo recently.Am using NOD 32 antivirus.

Now after shifting to the firewall I am very happy with its performance and other things but after shifting now I find a file is present on my desktop which even after deleting comes back when I surf the internet.

Details of the file:
Type of file-> Windows Script Host Settings File
Description-> HEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
Location->C:\Documents and Settings\Username\Desktop
Size->895 bytes

I don't know what file is this,is it a malware.Here is my HJT log if it helps.

Could you guys please help.
 
Force opened the file with an editor[notepad] and this is what it reads:
*****************************************************

Entered: CMyPostMix::CMyPostMix()
Entered: CMyPostMix::~CMyPostMix()
Entered: CMyPostMix::CMyPostMix()
Entered: CMyPostMix::InitPlugin()
Entered: CMyPostMix::playerCreated()
Entered: CMyPostMix::CMyPostMix()
Entered: CMyPostMix::~CMyPostMix()
Entered: CMyPostMix::CMyPostMix()
Entered: CMyPostMix::InitPlugin()
Entered: CMyPostMix::playerCreated()
Entered: CMyPostMix::CMyPostMix()
Entered: CMyPostMix::~CMyPostMix()
Entered: CMyPostMix::CMyPostMix()
Entered: CMyPostMix::InitPlugin()
Entered: CMyPostMix::playerCreated()
Entered: CMyPostMix::CMyPostMix()
Entered: CMyPostMix::~CMyPostMix()
Entered: CMyPostMix::CMyPostMix()
Entered: CMyPostMix::InitPlugin()
Entered: CMyPostMix::playerCreated()
Entered: CMyPostMix::CMyPostMix()
Entered: CMyPostMix::~CMyPostMix()
Entered: CMyPostMix::CMyPostMix()
Entered: CMyPostMix::InitPlugin()
Entered: CMyPostMix::playerCreated()
********************************************************
 
Hello and welcome to Techspot.

See HERE for instructions on how to disable the Windows Scripting Host.

Then, delete the file on your desktop.

Can you tell me what this programme is?

C:\Program Files\Wordflash\Wordflash\Wordflash2.5.exe

Regards Howard :wave: :wave:
 
disable the Windows Scripting Host.
Click to expand...
As shown in the link,if I delete only VBS does not make any difference,should I remove VBE as well.

Can you tell me what this programme is?
C:\Program Files\Wordflash\Wordflash\Wordflash2.5.exe
Click to expand...
It is a gre tutorial,was running it while I did the HJT.Helps in learning new words[english].
 
Thanks howard seems to have solved the problem,will post if the problem comes up again for the moment have deleted the file and it has not reappeared on reconnecting to the internet.

However are there any repercussions on deleting VBE and VBS I need to be concerned/worried of.
 
As far as I`m aware, there won`t be any problems. In fact it`s quite a good idea to disable the Windows Scripting Host as it is often used to infect systems.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - (no file)
O18 - Protocol: vfsp - (no CLSID) - (no file)

Click on the fix checked button.

Close HJT.

Regards Howard :)
 
Howard just to update the thread,the file did come back to my desktop the only difference being now it was a windows unrecognized file.

I did a HJT again and this time I fixed:


O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...ehicles/2008/corolla/key_features/ext360.html

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/in/securityadvisor/pestscan/pestscan.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/in/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload-v5.streamload.com/Upload/XUpload.ocx

So far file has not come back again,I really feel this has to do with live365.com because I remember this problem started a while after I blocked live365 in by internet explorer.
 
Thanks for the update.

Hopefully, that`ll be an end to your problems.

Regards Howard :)

This thread is for the use of rahul_intlad only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

R
There is about 30000 directories on my desktop
Replies
2
Views
1K
Kshipper
Kshipper
P
Solved PC is reinfecting or some bootkit
2
Replies
27
Views
8K
Broni
Broni
P
  • Locked
Inactive Laptop shutting down before scan complete (logs inside)
Replies
2
Views
2K
Broni
Broni

Latest posts

Back