|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Generate data entry and reporting .NET Web apps in minutes, straight from your database. Read our FREE whitepaper “Build Web 2.0 Applications Without Hand-Coding” Download now! |
|
#1
November 9th, 2004, 03:45 PM
|
|||
|
|||
|
What is this?
This is in my HKLM\...\run (that's abbreviated - no "..." reg keys, fyi) reg entry & spysweeper keeps prompting me after every startup to either keep it or remove it. I keep telling it "remove" since I can't find what it is anywhere. I keep seeing it in hijackthis logs from people loaded with spyware... That's about all I can find on it with google. It's not running, and I can easily remove it, but I was wondering if it was a legit program or windows (XP) component, or if it's spy\mal\adware. Here are the details:
file: c:\WINNT\System32\vcdmf.exe Process: cgdedl registry entry: HKLM\...\run\vcdmf.exe
|
|
#2
November 11th, 2004, 03:37 PM
|
|||
|
|||
|
Hi geetus,
Looks suspicious. Please post a HijackThis log: Download HijackThis. Make sure you install HijackThis to a permanent folder such as C:\HJT as it creates backups of what we will fix. Run the program, press Scan, after a brief pause... press Save log. Notepad will open, copy and paste the entire log into your post. Do not fix anything yet, most of what's in the log is needed! http://www.majorgeeks.com/download3155.html Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting!
|
|
#3
November 11th, 2004, 04:55 PM
|
|||
|
|||
|
I temporatily took care of it.
I renamed the file vcdmf.ren (rather than exe) and guess what? doesn't run at startup, doesn't set off spysweeper, etc. Everything seems to be working fine without it, too. I'll re-rename it & reboot so I can get it in the log. I just wanna know what it is... Curious...
|
|
#5
November 11th, 2004, 05:23 PM
|
|||
|
|||
|
I figured as much
I'm sort of against running the exe just to get it to show up in my hjt log, though. I'm going to trust my instinct on this one & just get rid of it. I've had it renamed for a while now & had no problems running anything... no errors... everything's fine. If anyone feels like doing some reverse engineering, I can e-mail it to them (renamed to a harmless file ext, of course) to play around with. IMO, if it were legit, it would have been documented better. I think I'll just quarantine it & let it collect dust. If anyone wants to dissect it, just post your e-mail address in this thread & I'll send it to you.
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > What is this? |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
