Is this legit file?

S

SANTANDER

1) Is this unxxx.bat legit system file or need be removed? (has created
recently):

C:\WINDOWS\system32\unxxx.bat

and it code(in notepad):

:pp
del "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe"
if exist "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe" goto pp
del "C:\WINDOWS\system32\unxxx.bat"


2) is this Jview.dll legit system file or need be removed? (with
corresponding registry key)

C:\WINDOWS\AppPatch\Jview.dll
 
T

Tom [Pepper] Willett

If you google both of those files, you'll find they are not legit, but that
your machine is infected.

: 1) Is this unxxx.bat legit system file or need be removed? (has created
: recently):
:
: C:\WINDOWS\system32\unxxx.bat
:
: and it code(in notepad):
:
::pp
: del "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe"
: if exist "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe" goto pp
: del "C:\WINDOWS\system32\unxxx.bat"
:
:
: 2) is this Jview.dll legit system file or need be removed? (with
: corresponding registry key)
:
: C:\WINDOWS\AppPatch\Jview.dll
:
 
P

PA Bear [MS MVP]

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://aumha.net/viewforum.php?f=30,
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
 
K

Kayman

1) Is this unxxx.bat legit system file or need be removed? (has created
recently):

C:\WINDOWS\system32\unxxx.bat

and it code(in notepad):

:pp
del "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe"
if exist "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe" goto pp
del "C:\WINDOWS\system32\unxxx.bat"


2) is this Jview.dll legit system file or need be removed? (with
corresponding registry key)

C:\WINDOWS\AppPatch\Jview.dll
Click to expand...

1. CCleaner - Free
Cleans temporary internet files, cookies, history, recent urls, application
MRUs, etc. ...
http://www.filehippo.com/download_ccleaner/
If Windows Defender is utilized go to Applications, under Utilities
uncheck "Windows Defender".

2. Download David H. Lipman's MULTI_AV.EXE from the URL:
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/

To use this utility, perform the following...
Execute; Multi_AV.exe {Note: You must use the default folder C:\AV-CLS}
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{or Double-click on 'Start Menu' in C:\AV-CLS}

NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your FireWall to allow it to download the needed AV vendor
related files.

C:\AV-CLS\StartMenu.BAT -- {or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode.
This way all the components can be downloaded from each AV vendor's web
site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.

You can choose to go to each menu item and just download the needed files
or you can download the files and perform a scan in Normal Mode. Once you
have downloaded the files needed for each scanner you want to use, you
should reboot the PC into Safe Mode [F8 key during boot] and re-run the
menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm
 
S

SANTANDER

PA Bear said:
Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis
log to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://aumha.net/viewforum.php?f=30,
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Click to expand...
-----------

I already checked with antivirus and HijackThis v2.0.2, antiviris detected
Jview.dll as virus, but I wanted know was it this legit system file or just
malware.
As to unxxx.bat, it has not been detected by antivirus, and not marked by
HijackThis, but Deckard's System Scanner just specified it as recentrly
created, and it looks suspicious.

Thanks
 
J

Jordon

SANTANDER said:
As to unxxx.bat, it has not been detected by antivirus, and not marked
by HijackThis, but Deckard's System Scanner just specified it as
recentrly created, and it looks suspicious.
Click to expand...

A batch file (by itself) can't be a virus because it contains only
text. But a virus could create a batch file that could use other
scripts or system commands to wreak havoc.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows Updates Fail to Install 8
System Resore Error accompat.txt 7
BugHunter Query 6
I hope this isn't serious, but I can't load Windows? 6
Update Problem 2
Windows Media Player error in Windows XP Home 1
16 bit MS-DOS Subsystem 2
Recovered from Serious Error?? 1

Top