Windows Defender and unidentified exe files

G

Guest

When I use the beta2 Windows Defender to identify Startup Programs there are
three that are not recognized by Defender and I cannot find anything about
them on the net.

The information given is:-

File Name: lrfskfw.exe
Startup Value: C:\WINDOWS\system32\lrfskfw.exe
File Path: C:\WINDOWS\system32\lrfskfw.exe
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Classification: Not yet classified
SpyNet Voting: Not Available

File Name: mgnc.exe
Startup Value: C:\WINDOWS\system32\mgnc.exe
File Path: C:\WINDOWS\system32\mgnc.exe
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Classification: Not yet classified
SpyNet Voting: Not Available

File Name: wlcwnas.exe
Startup Value: C:\WINDOWS\system32\wlcwnas.exe
File Path: C:\WINDOWS\system32\wlcwnas.exe
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Classification: Not yet classified
SpyNet Voting: Not Available

Does anyone know anything about them? Are they a threat or not?
 
D

Doug Knox MS-MVP

Locate the files in question in Windows Explorer. Right click each one and select Properties. You may be able to get an idea of the company that wrote the software in question and a description of what it does.
 
M

MowGreen [MVP]

Mike B,

Those are malware files. Did you allow Windows Defender to block them
from loading on Startup ?
Strongly suggest you have the system scanned at Kaspersky to detect
which malware it is :
http://www.kaspersky.com/virusscanner

To derive the most complete results from the scan, read this Tutorial :
http://aumha.net/viewtopic.php?t=15574&sid=3131be723b55c32374bb51a70fe5f0fc

Then suggest you post to a reputable anti-malware forum after first
reading the guidelines of the forum of your choice :

http://forum.aumha.org/viewforum.php?f=30&sid=28b7de716b318feaf7b8d0b95dcd7ff0
http://www.bleepingcomputer.com/forums/HijackThis_Logs_and_Analysis-f22.html
http://spywarewarrior.com/viewforum.php?f=2&sid=3ce3e4c9a40b25268d1bac3189d22184
http://forums.spywareinfo.com/index.php?showforum=44
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html


MowGreen [MVP 2003-2006]
===============
*-343-* FDNY
Never Forgotten
===============
 
G

Guest

MowGreen, fortunately I did block it and have now followed your advice. The
offending exe files are now gone. Thanks

MikeB

MowGreen said:
Mike B,

Those are malware files. Did you allow Windows Defender to block them
from loading on Startup ?
Strongly suggest you have the system scanned at Kaspersky to detect
which malware it is :
http://www.kaspersky.com/virusscanner

To derive the most complete results from the scan, read this Tutorial :
http://aumha.net/viewtopic.php?t=15574&sid=3131be723b55c32374bb51a70fe5f0fc

Then suggest you post to a reputable anti-malware forum after first
reading the guidelines of the forum of your choice :

http://forum.aumha.org/viewforum.php?f=30&sid=28b7de716b318feaf7b8d0b95dcd7ff0
http://www.bleepingcomputer.com/forums/HijackThis_Logs_and_Analysis-f22.html
http://spywarewarrior.com/viewforum.php?f=2&sid=3ce3e4c9a40b25268d1bac3189d22184
http://forums.spywareinfo.com/index.php?showforum=44
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html


MowGreen [MVP 2003-2006]
===============
*-343-* FDNY
Never Forgotten
===============



Mike said:
When I use the beta2 Windows Defender to identify Startup Programs there are
three that are not recognized by Defender and I cannot find anything about
them on the net.

The information given is:-

File Name: lrfskfw.exe
Startup Value: C:\WINDOWS\system32\lrfskfw.exe
File Path: C:\WINDOWS\system32\lrfskfw.exe
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Classification: Not yet classified
SpyNet Voting: Not Available

File Name: mgnc.exe
Startup Value: C:\WINDOWS\system32\mgnc.exe
File Path: C:\WINDOWS\system32\mgnc.exe
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Classification: Not yet classified
SpyNet Voting: Not Available

File Name: wlcwnas.exe
Startup Value: C:\WINDOWS\system32\wlcwnas.exe
File Path: C:\WINDOWS\system32\wlcwnas.exe
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Classification: Not yet classified
SpyNet Voting: Not Available

Does anyone know anything about them? Are they a threat or not?
Click to expand...
Click to expand...
 
M

MowGreen [MVP]

Good work, Mike. Best to block unknown files than risk infecting the
system.
Still, suggest you do a scan at Kaspersky to ensure that no "unwanted"
files are still present.

MowGreen [MVP 2003-2006]
===============
*-343-* FDNY
Never Forgotten
===============


Mike said:
MowGreen, fortunately I did block it and have now followed your advice. The
offending exe files are now gone. Thanks

MikeB

:

Mike B,

Those are malware files. Did you allow Windows Defender to block them
from loading on Startup ?
Strongly suggest you have the system scanned at Kaspersky to detect
which malware it is :
http://www.kaspersky.com/virusscanner

To derive the most complete results from the scan, read this Tutorial :
http://aumha.net/viewtopic.php?t=15574&sid=3131be723b55c32374bb51a70fe5f0fc

Then suggest you post to a reputable anti-malware forum after first
reading the guidelines of the forum of your choice :

http://forum.aumha.org/viewforum.php?f=30&sid=28b7de716b318feaf7b8d0b95dcd7ff0
http://www.bleepingcomputer.com/forums/HijackThis_Logs_and_Analysis-f22.html
http://spywarewarrior.com/viewforum.php?f=2&sid=3ce3e4c9a40b25268d1bac3189d22184
http://forums.spywareinfo.com/index.php?showforum=44
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html


MowGreen [MVP 2003-2006]
===============
*-343-* FDNY
Never Forgotten
===============



Mike B wrote:

When I use the beta2 Windows Defender to identify Startup Programs there are
three that are not recognized by Defender and I cannot find anything about
them on the net.

The information given is:-

File Name: lrfskfw.exe
Startup Value: C:\WINDOWS\system32\lrfskfw.exe
File Path: C:\WINDOWS\system32\lrfskfw.exe
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Classification: Not yet classified
SpyNet Voting: Not Available

File Name: mgnc.exe
Startup Value: C:\WINDOWS\system32\mgnc.exe
File Path: C:\WINDOWS\system32\mgnc.exe
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Classification: Not yet classified
SpyNet Voting: Not Available

File Name: wlcwnas.exe
Startup Value: C:\WINDOWS\system32\wlcwnas.exe
File Path: C:\WINDOWS\system32\wlcwnas.exe
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Classification: Not yet classified
SpyNet Voting: Not Available

Does anyone know anything about them? Are they a threat or not?
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

applehebi 28
Mcafee mcmnhdlr.exe Classification: Not yet classified: when will 5
Windows Defender - Warning Event ID 3004 -spoolsv.exe 7
Help, please 'edeaaqpwgm.exe' in system, what is it ? 1
Cisco Client Access Agent being blocked 1
Vista Defender blocks NOD32 Antivirus??? 6
WD Spynet 2
Windows Defender... Again? 5

Top