what is C:\windows\MemAlloc.exe

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Logfile of HijackThis v1.97.7
Scan saved at 8:47:54 PM, on 5/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\windows\System32\VetMsgNT.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Firewall\ca.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\windows\MemAlloc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Owner\My
Documents\HijackThis.exe
C:\windows\System32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www1.wowway.com/portal/index.asp?RG=Cl
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program
Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1
\ETRUST~1\VetTray.exe
 
Logfile of HijackThis v1.97.7
Scan saved at 8:47:54 PM, on 5/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\windows\System32\VetMsgNT.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Firewall\ca.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\windows\MemAlloc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Owner\My
Documents\HijackThis.exe
C:\windows\System32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www1.wowway.com/portal/index.asp?RG=Cl
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program
Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1
\ETRUST~1\VetTray.exe
Click to expand...

I can't find any references to a file of this name in any version of
Windows, except for one other instance of a HiJackThis log that also
listed it.

I would definitely treat it as suspicious.

1. Locate the file in Windows Explorer, right-click on the file name,
select Properties and go to the Version tab. The information there
should tell you who created the file and which application it belongs
to. If it is a legit file, that is.

2. If you cannot satisfy yourself that this a legit file from a
reliable source then I would suggest you try renaming it to
MemAlloc.jnk or similar and then using your computer that way for a
few days and see what, if anything, happens in the way of abnormal
behavior and/or error messages relating to MemAlloc.exe.

Good luck


Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

"The reason computer chips are so small is computers don't eat much."
 
Back
Top