An unfamiliar exe - need help please

[Mark G.]

So I am not sure what is prompting a program called "NORTV.exe", but it ask
to add to my startup list (have a startup monitor application running) each
time I boot up. I Googled it and found nothing and am fairly sure that I
have no malware or anything. Does anyone know what this is or what program
it my belong to? Best I can figure is that it belongs to a program I have
been trying out called "Sandboxie". Any ideas? What else can I do? Any help
is very much appreciated!

 

[Mark G.]

I should also add that I am running XP Pro. Additionally, this nortv.exe is
at the root of C:\Windows. And lastly, this whole experience says something
about "nnosetupregfile reg to run @startup" or something like that. Ideas
please?

 

[Malke]

I should also add that I am running XP Pro. Additionally, this nortv.exe
is at the root of C:\Windows. And lastly, this whole experience says
something about "nnosetupregfile reg to run @startup" or something like
that. Ideas please?

Some suggestions:

1. You can send nortv.exe to VirusTotal, which will submit it to numerous
antivirus companies for identification and send you back a report.

http://www.virustotal.com/

2. You're "fairly sure" your computer is virus/malware-free? Be *really*
sure:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

3. Right-click on the file and then left-click on Properties. This will
sometimes give a Version tab which has the file mftr.'s name. If it does,
Googling may be more successful.

4. Contact the Sandboxie people and ask them if the file belongs to them.

5. Examine what is running at Startup and by doing clean-boot
troubleshooting perhaps you will be able to see what is calling nortv.exe.

Clean boot in Windows XP - http://support.microsoft.com/kb/310353

Clean-boot advanced troubleshooting in Windows XP -
http://support.microsoft.com/kb/316434

How to Troubleshoot By Using the Msconfig Utility in Windows XP -
http://support.microsoft.com/?id=310560

The free Autoruns program is very useful for managing your Startup -
http://www.microsoft.com/technet/sysinternals/default.mspx

6. Rename nortv.exe to nortv.old and see if anything legitimate breaks.

Malke

 

[Tim Meddick]

Hi Mark,
I have just installed the Sandboxie program, and have to say that
it's not part of that program. At any rate, I cannot find it either in the
Sandboxie folder or any where in Windows or it's subfolders. It does put an
entry in the registry startup key, but it's called "SbieCtrl.exe". This
"NORTV.exe" sounds like it could be a dialler. For more info on diallers
goto http://www.emsisoft.com/en/kb/articles/tec041212/

 

[Mark G.]

Wow, thanks for the great info you two! One important thing I forgot and
left out the that rather than "NORTV.exe", it is actually "is-NORTV.exe".

I will look through the ideas you all presented. Great links too.

Not to get off topic, but kind of goes along with what I am looking into
now. I always think I have great security, but am now in the process of
testing that theory. Any further ideas on that? Currently my computers (2
desktops and 1 laptop) are behind a wireless router that runs WAP-PSK
security and encription. I also have the XP Pro firewall on running the
following to help protect me: Windows Defender, Spybot, 2 different Startup
Monitors, WinPatrol Plus, Bit Defender Anti-Virus, Trend Micro RuBotted, and
Real Spy Monitor. Not sure if there is a best security setup, but I try....
I will say that I do not care for Norton at all! Guess I have always thought
that the all-in-one solutions weren't as good as the mixed bag as I
presented above.

And lastly, there are websites out there that try to scan your computer(s)
and test it's security and soforth and on some, I was fine, but on others, I
was not and I am not sure why that is. I do take them kind of with a grain
of salt, but do any of you know any that are pretty good and dead on? I
don't mind getting more complicated to protect my assets (computers and
content), but closing and opening each individual port can be cumbersome
wouldn't you say? Better ideas and all?

Sorry for the long read, but I hope to hear back from some of you soon.
Thanks for the help thus far!

 

[Malke]

Mark G. wrote:

Comments inline:

Wow, thanks for the great info you two! One important thing I forgot and
left out the that rather than "NORTV.exe", it is actually "is-NORTV.exe".

Amazing what a difference typing the right name makes. ;-) Searching for
"is-NORTV.exe" brings me links to your post and not much else. So I would
still follow the advice I previously gave you.

Not to get off topic, but kind of goes along with what I am looking into
now. I always think I have great security, but am now in the process of
testing that theory. Any further ideas on that? Currently my computers (2
desktops and 1 laptop) are behind a wireless router that runs WAP-PSK
security and encription. I also have the XP Pro firewall on running the
following to help protect me: Windows Defender, Spybot, 2 different
Startup Monitors, WinPatrol Plus, Bit Defender Anti-Virus, Trend Micro
RuBotted, and Real Spy Monitor. Not sure if there is a best security
setup, but I try.... I will say that I do not care for Norton at all!
Guess I have always thought that the all-in-one solutions weren't as good
as the mixed bag as I presented above.

Good gracious. You have way too many security programs running. For XP
systems, I like only an antivirus (NOD32 for a commercial one, Avast for a
free one) and the Windows Firewall. I don't normally recommend an
antispyware program that runs resident but if you want one, have only one.
Malwarebytes' Antimalware (MBAM) is excellent. The free version will not
run resident but the paid version will. I wrote a short article for my
clients called "Too Much Security". You are welcome to download it for your
own use. Right-click on the link and choose "Save As".

http://www.elephantboycomputers.com/Too_Much_Security.pdf

And lastly, there are websites out there that try to scan your computer(s)
and test it's security and soforth and on some, I was fine, but on others,
I was not and I am not sure why that is. I do take them kind of with a
grain of salt, but do any of you know any that are pretty good and dead
on? I don't mind getting more complicated to protect my assets (computers
and content), but closing and opening each individual port can be
cumbersome wouldn't you say? Better ideas and all?

I don't like any of those scanning websites. The best defense is to have the
correct security (see my comments above) and practice "Safe Hex".

http://www.getsafeonline.org/
https://www.mysecurecyberspace.com/
http://www.getnetwise.org/
http://www.claymania.com/safe-hex.html
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://msmvps.com/blogs/harrywaldron/archive/2006/02/05/82584.aspx - MVP
Harry Waldron - The Family PC - How to stay safe on the Internet
http://www.elephantboycomputers.com/staying-safe.pdf (another article you
can download)

Malke

 

[Mark G.]

Thanks for all the input! Now to put it to use!

Mark G. wrote:

Comments inline:


Amazing what a difference typing the right name makes. ;-) Searching for
"is-NORTV.exe" brings me links to your post and not much else. So I would
still follow the advice I previously gave you.


Good gracious. You have way too many security programs running. For XP
systems, I like only an antivirus (NOD32 for a commercial one, Avast for a
free one) and the Windows Firewall. I don't normally recommend an
antispyware program that runs resident but if you want one, have only one.
Malwarebytes' Antimalware (MBAM) is excellent. The free version will not
run resident but the paid version will. I wrote a short article for my
clients called "Too Much Security". You are welcome to download it for
your
own use. Right-click on the link and choose "Save As".

http://www.elephantboycomputers.com/Too_Much_Security.pdf


I don't like any of those scanning websites. The best defense is to have
the
correct security (see my comments above) and practice "Safe Hex".

http://www.getsafeonline.org/
https://www.mysecurecyberspace.com/
http://www.getnetwise.org/
http://www.claymania.com/safe-hex.html
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://msmvps.com/blogs/harrywaldron/archive/2006/02/05/82584.aspx - MVP
Harry Waldron - The Family PC - How to stay safe on the Internet
http://www.elephantboycomputers.com/staying-safe.pdf (another article you
can download)

Malke