Custom Search
Join the PC homebuilding revolution! Read the all-new, FREE 200-page online guide: How to Build Your Own PC!
NOTE: Using robot software to mass-download the site degrades the server and is prohibited. See here for more.
Find The PC Guide helpful? Please consider a donation to The PC Guide Tip Jar. Visa/MC/Paypal accepted.
Results 1 to 11 of 11

Thread: Strange new file on desktop

  1. #1
    Join Date
    Feb 2003
    Location
    Franklin, Indiana
    Posts
    81

    Strange new file on desktop

    Just noticed something on my desktop that does not belong. It's a new file named ~. Its size is 177kb.

    It was created just moments after I noticed a Java console icon in the task bar. No clue where this came from. Mcafee, and AVG detect nothing. I run spybot and am using the beta release posted today.

    Getting ready to download and run trojan hunter.

    The file has no apparent file extension, and when opened in notepad has no readable text. I'm tempted to just delete it and move on, but thought I might ask for opinions first.

    Computer Mutt

  2. #2
    Join Date
    Nov 2000
    Location
    The Mountain State
    Posts
    23,359
    What is the mystery file's name?
    AV, Anti-Trojan List;Browser and Email client List;Popup Killer List;Portable Apps
    “When men yield up the privilege of thinking, the last shadow of liberty quits the horizon.” - Thomas Paine
    Remember: Amateurs built the ark; professionals built the Titantic."

  3. #3
    Join Date
    Feb 2003
    Location
    Franklin, Indiana
    Posts
    81
    The file name is just the symbol ~


    Trojan Hunter found nothing.

    Cant think of anything I might have done to accidentally create it. But nothing else appears unusual.

  4. #4
    Join Date
    Feb 2003
    Location
    Franklin, Indiana
    Posts
    81
    Figured you might ask for hijack this log:

    Logfile of HijackThis v1.93.0
    Scan saved at 9:31:23 PM, on 4/24/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.insightbb.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=about:blank
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.mozilla.org/start/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\wchy8306.slt\prefs.j s)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CMOZILLA.ORG%5CMOZILLA%5Cs earchplugins%5Cgoogle.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\wchy8306.slt\prefs.j s)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
    O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
    O4 - HKLM\..\Run: [LexStart] Lexstart.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM95\DeadAIM.ocm,ExportedCheckODLs
    O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 3.5\THGuard.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Web Window Killer] "C:\PROGRAM FILES\AALKU\WEB WINDOW KILLER\WEBWINDOWKILLER.EXE" hidden
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: &Check Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra button: Wallpaper (HKLM)
    O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...724.6604513889
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...5/mcinsctl.cab
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/...2/ComCtl32.cab
    O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab

  5. #5
    Join Date
    Nov 2000
    Location
    The Mountain State
    Posts
    23,359
    Along with running TH, right click on it, and select properties. List them here.
    AV, Anti-Trojan List;Browser and Email client List;Popup Killer List;Portable Apps
    “When men yield up the privilege of thinking, the last shadow of liberty quits the horizon.” - Thomas Paine
    Remember: Amateurs built the ark; professionals built the Titantic."

  6. #6
    Join Date
    Feb 2003
    Location
    Franklin, Indiana
    Posts
    81
    Ok here is what I see when I click properties.

    Type of file: File
    Description : ~

    Location: C:\Windows\Desktop
    Size: 177KB (181,802 bytes)
    Size on Disk: 184KB (188,416 bytes)

    Created: Today, April 24, 2003, 8:59:51PM
    Modified: Today, April 24, 2003, 8:59:52PM
    Accessed: Today, April 24, 2003

    Attributes: Archive


    Might be on a wild goose chase, but I don't know where it came from.
    Thanks,
    Computer Mutt

  7. #7
    Join Date
    Nov 2000
    Location
    The Mountain State
    Posts
    23,359
    Ok make a copy of it, zip it up and send it to me......

    PM me and I'll let you know where to send it.
    AV, Anti-Trojan List;Browser and Email client List;Popup Killer List;Portable Apps
    “When men yield up the privilege of thinking, the last shadow of liberty quits the horizon.” - Thomas Paine
    Remember: Amateurs built the ark; professionals built the Titantic."

  8. #8
    Join Date
    Nov 2000
    Location
    The Mountain State
    Posts
    23,359
    It is a list of email addresses, like a forwarded email.

    I did not see any other code, but I will have a deeper look at it later, so you should go ahead and delete it, it does not look executable.
    AV, Anti-Trojan List;Browser and Email client List;Popup Killer List;Portable Apps
    “When men yield up the privilege of thinking, the last shadow of liberty quits the horizon.” - Thomas Paine
    Remember: Amateurs built the ark; professionals built the Titantic."

  9. #9
    Join Date
    Feb 2003
    Location
    Franklin, Indiana
    Posts
    81
    Thanks MJC!

    File is deleted. Can't imagine where the list came from. It literally appeared in front of my eyes.

  10. #10
    Join Date
    Nov 2000
    Location
    The Mountain State
    Posts
    23,359
    I can, it is an OE glitch...

    Under certain circumstances it will put out this file on the desktop instead of the temp folder and then deleting it.
    AV, Anti-Trojan List;Browser and Email client List;Popup Killer List;Portable Apps
    “When men yield up the privilege of thinking, the last shadow of liberty quits the horizon.” - Thomas Paine
    Remember: Amateurs built the ark; professionals built the Titantic."

  11. #11
    Join Date
    Jan 2001
    Location
    Unimatrix Zero-one
    Posts
    2,273
    Ahh...It pays to read these old post form time to time. Never know what interesting tidbits you'll pick up.
    Ferengi Rules of Acquistion:
    Rule # 47
    Don't trust a man wearing a better suit than your own.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •