UFO (Unidentified Freakin' Object) in Quarantine

G

Guest

I have something in Quarantine that I don't understand or know what to do with.

Name: Unknown
Alert level: Unknowm
Description:
This program has potentially unwanted behavior.
Advice:
Allow this detected item only if you trust the program or the sofware
publisher.
Resources:
shellopencmd:
HKLM\Software\Classes\https\shell\open\command\\
Category:
Not Yet Classified

And that's all the info I have.

How do I find out what it is and what to do with it?
 
G

Guest

I don't know much about the registry. I opened the registry editor and in the
box on the left side of the screen I clicked the plus signs by
HKEY_Local_Machine, Software, Classes, https, and shell. I then clicked on
the command folder and on the right side of the screen the following popped
up:

Name Type Data
(Default) REG_EZ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -n...

Searching for iexplore.exe turns up two files:
Name: iexplore
In Folder: C:\Program Files\Internet Explorer
Size 606 KB
Type: Application
Date Modified: 8/23/2006 12:16 AM

Name: iexplore.exe.mui
In Folder: C:\Program Files\Internet Explor...
Size: 560 KB
Type: MUI File
Date Modified: 8/23/2006 12:16 AM

Scans with Windows Defender, Avast! and Spybot S&D found nothing.

I also scanned iexplore.exe at Jotti and none of the virus scanners found
anything.
File: iexplore.exe
Status:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime
packers were found, this is suspicious. Normally programs aren't packed and
don't force the sandbox into lengthy emulation. Do realize no scanner issued
any warning, the file can very well be harmless. Caution is advised,
however.) (Note: this file has been scanned before. Therefore, this file's
scan results will not be stored in the database)
MD5 c69585a5c1cc4509171c14e09ae185b5

I then scanned it at Virustotal, none of the scanners there found anything
either.
File size: 620032 bytes
MD5: c69585a5c1cc4509171c14e09ae185b5
SHA1: 16f5e5ba94e963013eae7f719783c76925af3f27
None of the scanners found anything.

So I Googled the file but couldn't find any iexplorer.exe with those MD5 and
SHA1 hashes. That's unusual isn't it?

File properties show:
iexplore.exe
Company: Microsoft Corporation
File Version: 7.00.5700.6 (winmain(wmbla).060822-2230)
Internal Name: iexplore
Language: English (United States)
Original File name: IEXPLORE.EXE
Product Name: Windows Internet Explorer
Product Version: 7.00.5700.6

The Version Number checks out ok.

Should I delete, restore or what?
Do you think I ought to consider just nuking the entire drive,
repartitioning, reformatting and reinstalling XP?

Appreciate the help,
 
N

NewScience

What you did was perfectly correct. I should have been more explicit.

When you clicked on the '+" next to command, what was under the command key
in the left panel (the item keys directly under 'command').
 
G

Guest

Ok, thanks.

Really appreciate your help.

I'm pretty sure iexplore.exe is safe but what gets me is what caused it to
be sent to quarantine to start with? I don't remember getting a warning,
prompt or anything like that. I was just poking around, looked in quarantine
and there it was. Weird.

So would you restore, delete it or what? I really don't understand what any
of those options would do as IE seems to be working fine even with
iexplore.exe in quarantine.

thanks,
hayduke
 
N

NewScience

It looks like something was trying to add another 'command' to the Open
command for HTTPS url files. This does not affect IE, but would affect any
url shortcut that contains 'https://www.websitename.com'.

That is why I asked for what list of keys is under 'command'. It looks like
WD protected you.
 
G

Guest

I stumbled across the event viewer and the system log is full of warnings
from Windows Defender. I haven't been getting any warnings from WD at all and
every scan turns up nothing.

I've scanned with OneCare Live, Spybot &D, Ad-aware SE personal, Trend
Micro's Housecall, Windows Defender, etc, etc and none of the find anything
but yet all these warnings are showing up in event viewer?

I've found some strange entries in the event viewer system logs

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 10/10/2006
Time: 6:57:24 AM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {C49357C9-E97E-4EE3-88B8-6959C8C5B51F}
User: BIZE9\Hayduke
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: service:uphcleanhlp
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None

Event ID: 3004
Date: 10/10/2006
Time: 6:57:24 AM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {D21D5AA4-634C-4F41-90D1-AE2513882078}
User: BIZE9\Hayduke
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: driver:uphcleanhlp
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 10/3/2006
Time: 2:19:44 PM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {78D5FCEB-CC84-4E3B-AD58-635222299F5B}
User: BIZE9\Manager
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: service:pROCEXP100
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 10/3/2006
Time: 2:19:44 PM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {08C27FC9-31B1-46D8-A339-A82338CC1C4D}
User: BIZE9\Manager
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: driver:pROCEXP100
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 10/3/2006
Time: 10:59:22 AM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {A1B621A1-ACDC-40B8-BB36-97D4C4423ACE}
User: BIZE9\Manager
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: driver:spupdsvc
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 10/3/2006
Time: 10:59:22 AM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {E736A0F1-9E51-4329-A1C1-6A26F1DA1413}
User: BIZE9\Manager
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: service:spupdsvc
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 10/2/2006
Time: 4:43:51 PM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {E343E664-5652-488F-BBCE-6E0F59FA48F7}
User: BIZE9\Manager
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found:
clsid:HKLM\SOFTWARE\CLASSES\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29};regkey:HKLM\Software\Microsoft\Code
Store Database\Distribution
Units\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\CONTAINS\FILES\\C:\WINDOWS\Downloaded
Program Files\CTPID.ocx;regkey:HKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{F6ACF75C-C32C-447B-9BEF-46B766368D29};regkey:HKLM\SOFTWARE\CLASSES\TYPELIB\{1AEDDE72-EF8A-4826-9DCE-F112736A7D46}\1.0;regkey:HKLM\SOFTWARE\CLASSES\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29};activex:HKLM\Software\Microsoft\Code
Store Database\Distribution
Units\{F6ACF75C-C32C-447B-9BEF-46B766368D29};typelibversion:HKLM\SOFTWARE\CLASSES\TYPELIB\{1AEDDE72-EF8A-4826-9DCE-F112736A7D46}\1.0;file:C:\WINDOWS\Downloaded Program Files\CTPID.ocx
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 10/2/2006
Time: 4:42:54 PM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {7E5A105F-2EB8-43CB-B57D-841E40F70A0F}
User: BIZE9\Manager
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found:
clsid:HKLM\SOFTWARE\CLASSES\CLSID\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715};regkey:HKLM\Software\Microsoft\Code
Store Database\Distribution
Units\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}\CONTAINS\FILES\\C:\WINDOWS\Downloaded
Program Files\CTSUEng.ocx;regkey:HKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715};regkey:HKLM\SOFTWARE\CLASSES\TYPELIB\{E2301FEA-9B55-4647-9B25-93AD0F93ACE7}\1.0;regkey:HKLM\SOFTWARE\CLASSES\CLSID\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715};activex:HKLM\Software\Microsoft\Code
Store Database\Distribution
Units\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715};typelibversion:HKLM\SOFTWARE\CLASSES\TYPELIB\{E2301FEA-9B55-4647-9B25-93AD0F93ACE7}\1.0;file:C:\WINDOWS\Downloaded Program Files\CTSUEng.ocx
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 10/2/2006
Time: 4:21:23 PM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {FF680256-0DB4-45CF-AA38-58FEAA70BCDF}
User: BIZE9\Manager
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found:
shellopencmd:HKLM\Software\Classes\ftp\shell\open\command\\;file:C:\Program
Files\Mozilla Firefox\firefox.exe
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 10/2/2006
Time: 4:21:23 PM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {88D30610-037D-44AA-A7B5-124FDC9A159D}
User: BIZE9\Manager
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found:
shellopencmd:HKLM\Software\Classes\http\shell\open\command\\;file:C:\Program
Files\Mozilla Firefox\firefox.exe
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 10/2/2006
Time: 4:21:23 PM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {CAD64C8E-8982-4053-B39C-326061CB1CA2}
User: BIZE9\Manager
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found:
shellopencmd:HKLM\Software\Classes\https\shell\open\command\\;file:C:\Program
Files\Mozilla Firefox\firefox.exe
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 10/2/2006
Time: 3:28:14 PM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {60885ABA-E7C5-4597-A42C-187463A5EF6D}
User: BIZE9\Manager
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 9/30/2006
Time: 6:14:31 PM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {FD0638CD-1239-490B-B6A1-BC3840552368}
User: BIZE9\Manager
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found:
shellopencmd:HKLM\Software\Classes\https\shell\open\command\\;file:C:\Program
Files\Mozilla Firefox\firefox.exe
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 9/30/2006
Time: 6:14:31 PM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {FA2F3F68-0C72-4B3A-B311-64A1A6DC701E}
User: BIZE9\Manager
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found:
shellopencmd:HKLM\Software\Classes\ftp\shell\open\command\\;file:C:\Program
Files\Mozilla Firefox\firefox.exe
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 9/30/2006
Time: 6:14:31 PM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {92FBDA0F-CC2D-4BE6-A55C-4216F6EB8850}
User: BIZE9\Manager
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found:
shellopencmd:HKLM\Software\Classes\http\shell\open\command\\;file:C:\Program
Files\Mozilla Firefox\firefox.exe
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 9/30/2006
Time: 4:19:28 PM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {9EAB7C5B-D375-464B-8288-DC4380D40A91}
User: BIZE9\Manager
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found:
regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched;file:C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 9/30/2006
Time: 4:19:28 PM
User: N/A
Computer: BIZE9
Description:
Windows Defender Real-Time Protection agent has detected spyware or other
potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {367EBB5E-7296-40A5-918B-908E92B8999B}
User: BIZE9\Manager
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found:
clsid:HKLM\SOFTWARE\CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93};regkey:HKLM\Software\Microsoft\Code
Store Database\Distribution
Units\{8AD9C840-044E-11D1-B3E9-00805F499D93};regkey:HKLM\SOFTWARE\CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93};activex:HKLM\Software\Microsoft\Code
Store Database\Distribution
Units\{8AD9C840-044E-11D1-B3E9-00805F499D93};file:C:\Program
Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
Alert Type: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Unknown Program 4
Scan issue 2
Windows Defender - Google Toolbar has potentially unwanted behavior? 2
GloballyOpenPorts 5
Defender Beta 2- I cant use the information shown on the history p 6
Is IE an unkown program to WD? 1
Multiple restore points update 4
WD cannot delete files error 0x80501001 3

Top