what is this?

[me aul triangle]

For the past two days, every time I boot up my PC, I get two warning
messages (identical seemingly). They seem to be files from an "Unknown
Publisher". They are labelled, Open File Security Warning " loc 1.exe from
c/windows/system 32"

I have no idea what they are. My son left his MSN account open on Sunday
night and I clicked on an incoming message and got a virus alert. I assume
these warnings are connected because that's when this first occured, on my
next start up. Can anybody suggest what I should do please?

 

[David H. Lipman]

From: "me aul triangle" <meseldoonda (e-mail address removed)>

| For the past two days, every time I boot up my PC, I get two warning
| messages (identical seemingly). They seem to be files from an "Unknown
| Publisher". They are labelled, Open File Security Warning " loc 1.exe from
| c/windows/system 32"
|
| I have no idea what they are. My son left his MSN account open on Sunday
| night and I clicked on an incoming message and got a virus alert. I assume
| these warnings are connected because that's when this first occured, on my
| next start up. Can anybody suggest what I should do please?
|

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.


* * * Please report back your results * * *

 

[Nick Skrepetos \(SuperAdBlocker.com\)]

Hello,

You may wish to try Super Ad Blocker with SUPERAntiSpyware:
http://www.superadblocker.com

Super Ad Blocker | SUPERAntiSpyware offers several unique features such as
using a system level driver to delete detected items, so pests do not come
back once detected and cleaned.

Super Ad Blocker offers a fully functional 15-day trial. You can scan and
clean your computer and then remove Super Ad Blocker if you do not wish to
keep it. We do appreciate when users support our development efforts by
purchasing the product

If that does not find and/or remove the spyware/adware on your machine, you
can submit a diagnostic and I will diagnose your machine for free and post
the results back to the group and update our rules with anything found:
http://www.superadblocker.com/diagnostic.html?id=nicks

You may also wish to "see" what is running on your computer here:
http://www.fileresearchcenter.com

Nick Skrepetos
SuperAdBlocker.com - SUPERAntiSpyware
http://www.superadblocker.com
http://blogs.superadblocker.com
http://forums.superadblocker.com

** Please note that I am the author of the above programs and sites and I do
have a vested interest in Super Ad Blocker, SUPERAntiSpyware and
FileResearchCenter.com. You, the user, have no obligation to purchase the
software and are free to try the software, clean/fix your system, and then
uninstall.

 

[me aul triangle]

Hello,

You may wish to try Super Ad Blocker with SUPERAntiSpyware:
http://www.superadblocker.com

Super Ad Blocker | SUPERAntiSpyware offers several unique features such as
using a system level driver to delete detected items, so pests do not come
back once detected and cleaned.

Super Ad Blocker offers a fully functional 15-day trial. You can scan and
clean your computer and then remove Super Ad Blocker if you do not wish to
keep it. We do appreciate when users support our development efforts by
purchasing the product

If that does not find and/or remove the spyware/adware on your machine,
you
can submit a diagnostic and I will diagnose your machine for free and post
the results back to the group and update our rules with anything found:
http://www.superadblocker.com/diagnostic.html?id=nicks

You may also wish to "see" what is running on your computer here:
http://www.fileresearchcenter.com

Nick Skrepetos
SuperAdBlocker.com - SUPERAntiSpyware
http://www.superadblocker.com
http://blogs.superadblocker.com
http://forums.superadblocker.com

** Please note that I am the author of the above programs and sites and I
do
have a vested interest in Super Ad Blocker, SUPERAntiSpyware and
FileResearchCenter.com. You, the user, have no obligation to purchase the
software and are free to try the software, clean/fix your system, and then
uninstall.

Thanks for that Nick. I tried it and it seems to have cleared up a problem I
have been experiencing recently. But, my original question still remains
unanswered. Does anybody know what " Publisher". Open File Security Warning
" loc 1.exe

from

mean and should I permit it or if not, how do I stop it appearing when I
start up my system. I will probably buy your program Nick as it seems to
have done a decent wee job for me. I will send you a diagnostic report to
see if you can give me any more suggestions in the meantime. Thanks again

 

[David H. Lipman]

From: "me aul triangle" <meseldoonda (e-mail address removed)>


| Thanks for that Nick. I tried it and it seems to have cleared up a problem I
| have been experiencing recently. But, my original question still remains
| unanswered. Does anybody know what " Publisher". Open File Security Warning
| " loc 1.exe| mean and should I permit it or if not, how do I stop it appearing when I
| start up my system. I will probably buy your program Nick as it seems to
| have done a decent wee job for me. I will send you a diagnostic report to
| see if you can give me any more suggestions in the meantime. Thanks again
|

It means the OS is looking for signed applications via a security certificate. There was
none found in that EXE file as malware is usually found as unsigned executables.

Start --> settings --> control panel --> Internet options --> Advanced
The following is most likely enabled - "check for signatures on downloaded programs"

After using SuperAdBlocker and have re-booted that platform, do you still get that message ?

 

[me aul triangle]

From: "me aul triangle" <meseldoonda (e-mail address removed)>


| Thanks for that Nick. I tried it and it seems to have cleared up a
problem I
| have been experiencing recently. But, my original question still remains
| unanswered. Does anybody know what " Publisher". Open File Security
Warning
| " loc 1.exe
| mean and should I permit it or if not, how do I stop it appearing when I
| start up my system. I will probably buy your program Nick as it seems to
| have done a decent wee job for me. I will send you a diagnostic report
to
| see if you can give me any more suggestions in the meantime. Thanks
again
|

It means the OS is looking for signed applications via a security
certificate. There was
none found in that EXE file as malware is usually found as unsigned
executables.

Start --> settings --> control panel --> Internet options --> Advanced
The following is most likely enabled - "check for signatures on downloaded
programs"

After using SuperAdBlocker and have re-booted that platform, do you still
get that message ?

Yes Nick, it's still appearing. I wonder if I should run it instead of
cancelling it each time. Maybe that would stop it from appearing every time
I start up?

 

[Max Wachtel]

meseldoonda (e-mail address removed) AKA me aul triangle on 11/30/2005 in

Yes Nick, it's still appearing. I wonder if I should run it instead
of cancelling it each time. Maybe that would stop it from appearing
every time I start up?

******************Reply Separator*************************

"NEVER download files from anywhere unless it is from the website of
the developer,manufacturer or some entity you trust. They ALWAYS have
the most up to date files that haven't been tampered with by some third
party who is "hosting"(read Leeching or Stealing) those files without
permission."-Fitz

No-you should not run it.
max
--
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
Keeping Windows Clean: http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help: http://home.neo.rr.com/manna4u/tools.html
Playing Nice on Usenet: http://oakroadsystems.com/genl/unice.htm#xpost
To reply by e-mail change nomail.afraid.org to gmail.com
nomail.afraid.org is setup specifically for use in USENET
feel free to use it yourself. Registered Linux User #393236

 

[David H. Lipman]

From: "me aul triangle" <meseldoonda (e-mail address removed)>

|
| Yes Nick, it's still appearing. I wonder if I should run it instead of
| cancelling it each time. Maybe that would stop it from appearing every time
| I start up?


Have it stop loading at StartUp.

 

[me aul triangle]

From: "me aul triangle" <meseldoonda (e-mail address removed)>

|
| Yes Nick, it's still appearing. I wonder if I should run it instead of
| cancelling it each time. Maybe that would stop it from appearing every
time
| I start up?


Have it stop loading at StartUp.

I don't know how to do that!

 

[David H. Lipman]

From: "me aul triangle" <meseldoonda (e-mail address removed)>


| I don't know how to do that!
Execute; msconfig.exe
Choose the StartUp tab.
Find the line item that loads... c:\windows\system32\loc 1.exe
Disable that line.

 

[me aul triangle]

From: "me aul triangle" <meseldoonda (e-mail address removed)>


| I don't know how to do that!

Execute; msconfig.exe
Choose the StartUp tab.
Find the line item that loads... c:\windows\system32\loc 1.exe
Disable that line.

Thanks David. When I checked that start-up, there were two items, "loc1 exe"
so prsumably that's why I was getting two warnings which were identical.
Thing I would like to know is, where did they come from? Anyway, thanks
again

 

[David H. Lipman]

From: "me aul triangle" <meseldoonda (e-mail address removed)>


| Thanks David. When I checked that start-up, there were two items, "loc1 exe"
| so prsumably that's why I was getting two warnings which were identical.
| Thing I would like to know is, where did they come from? Anyway, thanks
| again
|

I have no idea. Where it came from. Somewhere in the Ether I guess...