hotfixq0306270.exe
in [Anti-Virus]
|
From: badgolferman on 18 Sep 2005 17:03 What is hotfixq0306270.exe? It shows up as a running process on my computer WXP SP2. I can't find very much information about it on Google. The links all lead to unrelated information. -- "I miss. I miss. I miss. I make." -- Seve Ballesteros describing his four-putt at Augusta's No. 16 in 1988.
From: David H. Lipman on 18 Sep 2005 18:28 From: "badgolferman" <REMOVETHISbadgolferman(a)gmail.com> | What is hotfixq0306270.exe? It shows up as a running process on my | computer WXP SP2. I can't find very much information about it on | Google. The links all lead to unrelated information. | Please submit a sample of "hotfixq0306270.exe" to Virus Total -- http://www.virustotal.com/flash/index_en.html The submission will then be tested against many different AV vendor's scanners. That will give you an idea what it is and who recognizes it. In addition, unless told otherwise, Virus Total will provide the sample to all participating vendors. When you get the report, please post back the exact results. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
From: badgolferman on 18 Sep 2005 22:13 David H. Lipman, 9/18/2005, <CSlXe.2037$yN1.1371(a)trnddc03>,6:28:50 PM, wrote: > From: "badgolferman" <REMOVETHISbadgolferman(a)gmail.com> > > > What is hotfixq0306270.exe? It shows up as a running process on my > > computer WXP SP2. I can't find very much information about it on > > Google. The links all lead to unrelated information. > > > > > Please submit a sample of "hotfixq0306270.exe" to Virus Total -- > http://www.virustotal.com/flash/index_en.html > The submission will then be tested against many different AV vendor's > scanners. That will give you an idea what it is and who recognizes > it. In addition, unless told otherwise, Virus Total will provide the > sample to all participating vendors. > > When you get the report, please post back the exact results. This is a report processed by VirusTotal on 09/19/2005 at 04:10:31 (CET) after scanning the file "HotFixQ0306270.exe" file. Antivirus Version Update Result AntiVir 6.32.0.3 09.16.2005 no virus found Avast 4.6.695.0 09.16.2005 no virus found AVG 718 09.16.2005 no virus found Avira 6.32.0.3 09.16.2005 no virus found BitDefender 7.2 09.19.2005 no virus found CAT-QuickHeal 8.00 09.18.2005 no virus found ClamAV devel-20050725 09.17.2005 no virus found DrWeb 4.32b 09.18.2005 no virus found eTrust-Iris 7.1.194.0 09.18.2005 no virus found eTrust-Vet 11.9.1.0 09.16.2005 no virus found Fortinet 2.41.0.0 09.07.2005 no virus found F-Prot 3.16c 09.16.2005 no virus found Ikarus 0.2.59.0 09.16.2005 no virus found Kaspersky 4.0.2.24 09.19.2005 no virus found McAfee 4583 09.16.2005 no virus found NOD32v2 1.1219 09.16.2005 no virus found Norman 5.70.10 09.16.2005 no virus found Panda 8.02.00 09.18.2005 no virus found Sophos 3.97.0 09.18.2005 no virus found Symantec 8.0 09.18.2005 no virus found TheHacker 5.8.2.108 09.16.2005 no virus found VBA32 3.10.4 09.19.2005 no virus found Okay, according to VirusTotal it is not a virus. Still, what is it? Microsoft Support does not have a record of it either. -- "You've just one problem. You stand too close to the ball after you've hit it." -- Sam Snead
From: David H. Lipman on 18 Sep 2005 22:30 From: "badgolferman" <REMOVETHISbadgolferman(a)gmail.com> | | This is a report processed by VirusTotal on 09/19/2005 at 04:10:31 (CET) after scanning | the file "HotFixQ0306270.exe" file. Antivirus Version Update Result < snip > | Okay, according to VirusTotal it is not a virus. Still, what is it? | Microsoft Support does not have a record of it either. | | -- | "You've just one problem. You stand too close to the ball after you've | hit it." -- Sam Snead It certainly doesn't conform to a MS naming convention either. However it /*is*/ suspicious. For the moment, I suggest using MSCONFIG.EXE to find how the file is being loaded at startup and disable. Can you also find the where the file exists and the post the fully qualified name and path to the this file. I also suggest creating an account with McAfee/AVERT's Web Immune and submitting it. https://www.webimmune.net/default.asp This way you can get McAfee/AVERT Virus Reaserachers to exmine it and see if it is malware of some kind. If it is in the class of adware they'll even tell 'ya that too. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
From: badgolferman on 18 Sep 2005 22:56 David H. Lipman, 9/18/2005, <1ppXe.3000$9a2.2252(a)trnddc04>,10:30:21 PM, wrote: > From: "badgolferman" <REMOVETHISbadgolferman(a)gmail.com> > > > > > > This is a report processed by VirusTotal on 09/19/2005 at 04:10:31 > > (CET) after scanning the file "HotFixQ0306270.exe" file. Antivirus > > Version Update Result > > < snip > > > > Okay, according to VirusTotal it is not a virus. Still, what is > > it? Microsoft Support does not have a record of it either. > > > > -- > > "You've just one problem. You stand too close to the ball after > > you've hit it." -- Sam Snead > > It certainly doesn't conform to a MS naming convention either. > However it is suspicious. > > For the moment, I suggest using MSCONFIG.EXE to find how the file is > being loaded at startup and disable. > > Can you also find the where the file exists and the post the fully > qualified name and path to the this file. > > I also suggest creating an account with McAfee/AVERT's Web Immune and > submitting it. https://www.webimmune.net/default.asp > > This way you can get McAfee/AVERT Virus Reaserachers to exmine it and > see if it is malware of some kind. If it is in the class of adware > they'll even tell 'ya that too. I have discovered what it is now. It is a utility for my wife's Flash Disk. It appears to load as a process to allow partition/format/password configuration changes. I have disabled it through MSCONFIG now. Thanks for your help. -- "Golf balls are attracted to water as unerringly as the eye of a middle-aged man to a female bosom." -- Michael Green
|
Next
|
Last
Pages: 1 2 Prev: Nod32, Kaspersky,Norton,McAfee,F-Prot,AVG,Avast! Most effective? Next: Decompression bomb? |