Unknown running program on shutdown

R

Ragnar Midtskogen

Hello,
I am running WinXP Pro on a Dell XPS desktop. It is on a home network behind
a router.
For the last few days I get a message on shutdown that program so and so is
running.
The name of the program varies but it is always three characters or
numerals, like n1a or ml8.
I have McAffee, automatically updated and I also did a full scan, but
nothing was found.
I have used Task Manager to check for running programs and it is not there.
I have also looked at the processes but could not find anything suspicious.
I also looked at the running services, but again did not find anything.
It seems this started about the time I installed Adobe Elements 8, but that
may be a coincidence.

I have Googled the problem with no help so far.

Any suggestions would be appreciated.

Ragnar
 
E

Elmo

Ragnar said:
Hello,
I am running WinXP Pro on a Dell XPS desktop. It is on a home network behind
a router.
For the last few days I get a message on shutdown that program so and so is
running.
The name of the program varies but it is always three characters or
numerals, like n1a or ml8.
I have McAfee, automatically updated and I also did a full scan, but
nothing was found.
Click to expand...

It might not be malware, but if it is, it would disable your current a/v
software. Run these as a test:

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html
 
R

Ragnar Midtskogen

Thanks Joe,

Ran the Malwarebytes one, it found three items, alarm.exe, and two Registry
entries
Alarm.exe is a legit part of the Chaos Software calendar.
The two Registry entries control warnings if ativirus and firewall is
disabled. McAfee has its own warnig function, so it disabels the Windows one
to avoid confusing users.
So, I guess the problem is not any kind of malware.

Ragnar
 
T

Twayne

In
Ragnar Midtskogen said:
Thanks Joe,

Ran the Malwarebytes one, it found three items, alarm.exe, and two
Registry entries
Alarm.exe is a legit part of the Chaos Software calendar.
The two Registry entries control warnings if ativirus and firewall is
disabled. McAfee has its own warnig function, so it disabels the
Windows one to avoid confusing users.
So, I guess the problem is not any kind of malware.

Ragnar
Click to expand...

Hmm, that's bad; wonder how many newbies are getting messed up using that?
Funny though; I've run it and not had it show the win firewall off as a
problem.

HTH,

Twayne
 
J

Jose

In



Hmm, that's bad; wonder how many newbies are getting messed up using that?
Funny though; I've run it and not had it show the win firewall off as a
problem.

HTH,

Twayne
Click to expand...

MBAM will report if one of the three Windows Security reporting
mechanisms (Alert Settings) is disabled, not if it is turned off.

It will look like this in the MBAM report:

Registry Data Items Infected:
HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and
deleted successfully.

Looks like some kind of infection, but it isn't and nothing gets
deleted or changed until you say so.

With your permission, MBAM will change the registry entries back to 0,
enabling the warning again.

This is frustrating for folks that don't want to see for example, the
Automatic Updates warning, disable it on purpose, run MABM, they don't
read the message, let MBAM just fix everything and then they start
seeing the warning messages again. Therefore, the conclusion is their
system is afflicted or MBAM/Windows is broken.

SAS doesn't seem to mind.
 
R

Ragnar Midtskogen

Thanks Joe,

Ran the Malwarebytes one, it found three items, alarm.exe, and two Registry
entries
Alarm.exe is a legit part of the Chaos Software calendar.
The two Registry entries control warnings if ativirus and firewall is
disabled. McAfee has its own warnig function, so it disables the Windows one
to avoid confusing users.
So, I guess the problem is not any kind of malware.
In fact, I suspect the program running was part of Adobe Elements' backup
function. When I disabled it the problem went away.

Ragnar
 
E

Elmo

Ragnar said:
Thanks Joe,

Ran the Malwarebytes one, it found three items, alarm.exe, and two Registry
entries
Alarm.exe is a legit part of the Chaos Software calendar.
The two Registry entries control warnings if antivirus and firewall is
disabled. McAfee has its own warning function, so it disables the Windows one
to avoid confusing users.
So, I guess the problem is not any kind of malware.
In fact, I suspect the program running was part of Adobe Elements' backup
function. When I disabled it the problem went away.

Ragnar
Click to expand...

That makes sense.. thanks for reporting back.

[Previous discussion]


It might not be malware, but if it is, it would disable your current a/v
software. Run these as a test:

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Strange Shutdown and Persistent Install Requests 1
1 program running 4
Windows Update at Shutdown 1
shutdown slow 16
XP Shutdown, End Program - Welcome 1
comp. resources running extre. high 2
WinXP Instant Shutdown 10
Running an old DOS program 35

Top