Question: Significance of Unknown Owner/File Missing

Status
Not open for further replies.
Bobbye

Bobbye

Posts: 16,313   +36
This is a general question in that it does not pertain to any specific log. But it is something I see frequently in the HijackThis logs and have wondered if there is a particular significance:

O23 - Service: @%SystemRoot%\system32\****1*****- ****2****Unknown owner - C:\Windows\System32\****3****(file missing)

1********'exe' or 'dll' file followed by a number such as -100
2********Name or acronym of Service
3.*******same exe file as #1.

All unknown/missing aren't in the SystemRoot, but I am wondering if these Services can actually load without the information. Is the "@" significant, as I sometimes see other files, preceded by the "@" that have the 'unknown owner/file missing?

This is a learning experience for me and I would appreciate information if there is any. I realize that each log is specific to the person who runs the program.

And if this is an 'unanswerable' question, please let me know-politely.
 
I am not going to give a full answer as I am slightly confused by the question, but sometimes when you see a bunch of (file missing) they aren't missing at all. I have seen this a lot when the user has Vista 64 bit. It seems like a compatibility issue between HJT and the OS.

Hope this is a good start on what you are looking for. And never suggest a user fix any (File Missing) entries

*unless they are malicious
*unless they are 02 or 03 entries.(these don't matter if they are malicious or not)
 
Thanks Blind Dragon- Interestingly enough, what prompted me to ask about this was a particular Log I looked at from a Vista user. There were 11 of the 023 entries like the example I gave, plus some others not in the systemroot category, but still 023.

In the 02 category, one I notice often in Vista with no name/no file is the Windows Live Call HoverToCall class for Windows Live Messenger, a legit BHO per the CSLID. This one sticks in my mind because I'ver looked up the CLSID so many time! According to what you say above though,
*unless they are 02 or 03 entries.(these don't matter if they are malicious or not)
Click to expand...

I won't be telling anyone to zap these entries- it's always interesting though when it's 'out of the ordinary'..

Appreciate your help.
 
I hope that made sense. If you see a 02 or 03 with (File Missing) you can have them fix those.

For other entries check if they are legit or not and if not then have them fix the entry, you also want to have them look for the file on a malicious entry that says the file is not there, because I have seen many times where the file is there.

So the main thing to see is if the entry is good or bad, then make your decision.
 
Status
Not open for further replies.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
Cal Jeffrey
Ransomware group scams its partner out of a share of $22 million by faking an FBI takedown
Replies
6
Views
254
ZedRM
ZedRM

Latest posts

Back