hotfixq0306270.exe

[badgolferman]

What is hotfixq0306270.exe? It shows up as a running process on my
computer WXP SP2. I can't find very much information about it on
Google. The links all lead to unrelated information.

 

[David H. Lipman]

From: "badgolferman" <[email protected]>

| What is hotfixq0306270.exe? It shows up as a running process on my
| computer WXP SP2. I can't find very much information about it on
| Google. The links all lead to unrelated information.
|


Please submit a sample of "hotfixq0306270.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

When you get the report, please post back the exact results.

 

[badgolferman]

Please submit a sample of "hotfixq0306270.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's
scanners. That will give you an idea what it is and who recognizes
it. In addition, unless told otherwise, Virus Total will provide the
sample to all participating vendors.

When you get the report, please post back the exact results.

This is a report processed by VirusTotal on 09/19/2005 at 04:10:31
(CET) after scanning the file "HotFixQ0306270.exe" file.
Antivirus Version Update Result
AntiVir 6.32.0.3 09.16.2005 no virus found
Avast 4.6.695.0 09.16.2005 no virus found
AVG 718 09.16.2005 no virus found
Avira 6.32.0.3 09.16.2005 no virus found
BitDefender 7.2 09.19.2005 no virus found
CAT-QuickHeal 8.00 09.18.2005 no virus found
ClamAV devel-20050725 09.17.2005 no virus found
DrWeb 4.32b 09.18.2005 no virus found
eTrust-Iris 7.1.194.0 09.18.2005 no virus found
eTrust-Vet 11.9.1.0 09.16.2005 no virus found
Fortinet 2.41.0.0 09.07.2005 no virus found
F-Prot 3.16c 09.16.2005 no virus found
Ikarus 0.2.59.0 09.16.2005 no virus found
Kaspersky 4.0.2.24 09.19.2005 no virus found
McAfee 4583 09.16.2005 no virus found
NOD32v2 1.1219 09.16.2005 no virus found
Norman 5.70.10 09.16.2005 no virus found
Panda 8.02.00 09.18.2005 no virus found
Sophos 3.97.0 09.18.2005 no virus found
Symantec 8.0 09.18.2005 no virus found
TheHacker 5.8.2.108 09.16.2005 no virus found
VBA32 3.10.4 09.19.2005 no virus found

Okay, according to VirusTotal it is not a virus. Still, what is it?
Microsoft Support does not have a record of it either.

 

[David H. Lipman]

From: "badgolferman" <[email protected]>


|
| This is a report processed by VirusTotal on 09/19/2005 at 04:10:31 (CET) after scanning
| the file "HotFixQ0306270.exe" file. Antivirus Version Update Result

< snip >

| Okay, according to VirusTotal it is not a virus. Still, what is it?
| Microsoft Support does not have a record of it either.
|
| --
| "You've just one problem. You stand too close to the ball after you've
| hit it." -- Sam Snead

It certainly doesn't conform to a MS naming convention either. However it /*is*/
suspicious.

For the moment, I suggest using MSCONFIG.EXE to find how the file is being loaded at startup
and disable.

Can you also find the where the file exists and the post the fully qualified name and path
to the this file.

I also suggest creating an account with McAfee/AVERT's Web Immune and submitting it.
https://www.webimmune.net/default.asp

This way you can get McAfee/AVERT Virus Reaserachers to exmine it and see if it is malware
of some kind. If it is in the class of adware they'll even tell 'ya that too.

 

[badgolferman]

It certainly doesn't conform to a MS naming convention either.
However it is suspicious.

For the moment, I suggest using MSCONFIG.EXE to find how the file is
being loaded at startup and disable.

Can you also find the where the file exists and the post the fully
qualified name and path to the this file.

I also suggest creating an account with McAfee/AVERT's Web Immune and
submitting it. https://www.webimmune.net/default.asp

This way you can get McAfee/AVERT Virus Reaserachers to exmine it and
see if it is malware of some kind. If it is in the class of adware
they'll even tell 'ya that too.

I have discovered what it is now. It is a utility for my wife's Flash
Disk. It appears to load as a process to allow
partition/format/password configuration changes. I have disabled it
through MSCONFIG now. Thanks for your help.

 

[David H. Lipman]

From: "badgolferman" <[email protected]>

| David H. Lipman, 9/18/2005, <1ppXe.3000$9a2.2252@trnddc04>,10:30:21 PM,

|
| I have discovered what it is now. It is a utility for my wife's Flash
| Disk. It appears to load as a process to allow
| partition/format/password configuration changes. I have disabled it
| through MSCONFIG now. Thanks for your help.
|
| --
| "Golf balls are attracted to water as unerringly as the eye of a
| middle-aged man to a female bosom." -- Michael Green

Well at least it isn't malware -- that's good. However the name of the file sucks !

 

[vk]

I think that your possible infect "trojan" or "spyware".
you can press "Ctrl+Alt+Del" open process or open "Start"---"Run"
enter "regedit" see Autorun programme:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Usually circumstance this kind of method is can discover
unconventionality,
but, If these "Trojan and spyware" programme be hidden.

I recommend "Security expert" with you do that .
1. you can use "Autorun manage" see autorun programme
2.use "Process manage" see unconventionality programme
3.use "Network Control" see the network link.

Go to Website look into expatiation: http://securityexpert.cnns.net

 

[David H. Lipman]

From: <[email protected]>

| I think that your possible infect "trojan" or "spyware".
| you can press "Ctrl+Alt+Del" open process or open "Start"---"Run"
| enter "regedit" see Autorun programme:
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
| Usually circumstance this kind of method is can discover
| unconventionality,
| but, If these "Trojan and spyware" programme be hidden.
|
| I recommend "Security expert" with you do that .
| 1. you can use "Autorun manage" see autorun programme
| 2.use "Process manage" see unconventionality programme
| 3.use "Network Control" see the network link.
|
| Go to Website look into expatiation: http://securityexpert.cnns.net

I think you need to read the full thread before you jump to a conclusion.
Especially when you are pushing a "for purchase" software package.

 

[What's in a Name?]

From: <[email protected]>

| I think that your possible infect "trojan" or "spyware".
| you can press "Ctrl+Alt+Del" open process or open "Start"---"Run"
| enter "regedit" see Autorun programme:
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
| Usually circumstance this kind of method is can discover
| unconventionality,
| but, If these "Trojan and spyware" programme be hidden.
|
| I recommend "Security expert" with you do that .
| 1. you can use "Autorun manage" see autorun programme
| 2.use "Process manage" see unconventionality programme
| 3.use "Network Control" see the network link.
|
| Go to Website look into expatiation:
| http://securityexpert.cnns.net

I think you need to read the full thread before you jump to a
conclusion. Especially when you are pushing a "for purchase"
software package.

Perhaps spam a little? securityexpert=vk? I wonder cnns who is?
English is his first language not.
-max
--
Playing Nice on Usenet:
http://oakroadsystems.com/genl/unice.htm#xpost
My Pages: http://home.neo.rr.com/manna4u/
http://home.neo.rr.com/manna4u/keepingclean.html
http://home.neo.rr.com/manna4u/virusprevention.html
http://home.neo.rr.com/manna4u/tools.html
Change nomail.afraid.org to yahoo.com to reply.
Registered Linux User #393236

 

[David H. Lipman]

| Perhaps spam a little? securityexpert=vk? I wonder cnns who is?
| English is his first language not.
| -max

That's what I am thinking. Looks like it is in China so the author perhaps is Chinese.

inetnum: 61.140.0.0 - 61.146.255.255
netname: CHINANET-GD
descr: CHINANET Guangdong province network
descr: Data Communication Division
descr: China Telecom
country: CN