Custom Search
Join the PC homebuilding revolution! Read the all-new, FREE 200-page online guide: How to Build Your Own PC!
NOTE: Using robot software to mass-download the site degrades the server and is prohibited. See here for more.
Find The PC Guide helpful? Please consider a donation to The PC Guide Tip Jar. Visa/MC/Paypal accepted.
Results 1 to 23 of 23

Thread: I've got UNREGMP2

  1. #1
    Join Date
    Nov 2001
    Location
    Towson, Md. USA
    Posts
    1,702

    I've got UNREGMP2

    I put this into 'search files and folders':

    Windows Media Player.lnk=@C:\WINDOWS\inf\unregmp2.exe,-4

    What I got was

    UNREGMP2 ---C:\WINDOWS\INF--188kb--Application--12/11/2002, 3:08 pm

    should I delete this in search files and folders, is there anything else to do ?

    This file name was mentiioned as being spyware on another thread:

    (edit) http://www.pcguide.com/vb/showthread...929#post205929
    posts #94 and 98.
    Best//Donn

    Actor Kevin Kline was asked once (Actor's Studio) how he can play his comedy rolls with such repeated and consistent passion. His response:

    "I don't know, I just can't imagine not being happy."

  2. #2
    Join Date
    Feb 2002
    Location
    Somerset, England
    Posts
    2,762
    Certainly that file must go, but it may not be all the malware! Best post a Hijack this log so we can be certain everything is removed.
    be wary of strong drink - it may make you shoot at tax collectors, and miss!

  3. #3
    Join Date
    Oct 2001
    Location
    Portland
    Posts
    585
    Well... As far as I am concerned, it is not spyware from what I can detect.

    1. AVG did not detect as any kind of virus or Trojan.
    2. I did a complete full top notch scan with Ad-Aware SE and nothing was found.
    3. unregmp2.exe is a legitimate Microsoft program. Yes, it is possible for a hacker to replace that file with the same name.
    4. It does not put itself in HKLM or HKCU (Startup Registries) where malicious programs are placed. It may put itself in Run Once (another Startup Registry) but once the computer reboots, that is cleared.

    It seems to be a Windows Media Player file of some kind. It maybe trying to create a shortcut ie... (Windows Media Player.lnk=@C:\WINDOWS\inf\unregmp2.exe) and the file fails leaving that trademark. lnk=Windows Shortcut File.

    That given, it maybe safe to delete the file. If unsure, just rename the file to something like unregmp2.bak

    I have 9 such files and I'm 110% sure that I am virus/Trojan and malicious-ware free.

    C:\WINDOWS\$NtServicePackUninstall$\unregmp2.exe
    C:\WINDOWS\$NtServicePackUninstall$\unregmp2.exe.0 00
    C:\WINDOWS\inf\unregmp2.exe
    C:\WINDOWS\Prefetch\UNREGMP2.EXE-07CACB61.pf
    C:\WINDOWS\Prefetch\UNREGMP2.EXE-237E40E3.pf
    C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe
    C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe
    C:\WINDOWS\ServicePackFiles\i386\unregmp2.exe
    C:\WINDOWS\system32\dllcache\unregmp2.exe

    Even at: http://www.pestpatrol.com/PestInfo/u/unregmp2_exe.asp
    It does not say what exactly this program does to suspect it as spyware. I think they might have gotten that info from a noob and never really checked out the facts.
    But rest assured, that their PestPatrol Corporate Version 5.0 and no other program can detect and remove this "spyware"!

    But all said and done, if you still feel wary about this program either rename it or just delete it completely.

  4. #4
    Join Date
    Nov 2001
    Location
    Towson, Md. USA
    Posts
    1,702
    Thanks, John, for the info and the effort, I think I'll leave it alone for now, but if my new CD-RW goes loco--I'll shoot the @>*&#!!! myself . . . .
    Best//Donn

    Actor Kevin Kline was asked once (Actor's Studio) how he can play his comedy rolls with such repeated and consistent passion. His response:

    "I don't know, I just can't imagine not being happy."

  5. #5
    Join Date
    Oct 2001
    Location
    Portland
    Posts
    585
    If my CD drives goes crazy and this file was the culprit, I'll print this page and eat it.

  6. #6
    Join Date
    Jul 2004
    Location
    Fulda, Germany
    Posts
    996
    Thanks for that info, John0904 (and the PM outlining the steps). I ended up deleting that file on my desktop because some others said it was suspected as being spyware--no harm done, anyway. I also wondered why none of my anti-malware apps picked it up either. Thanks for the effort you put forth to educate us a little about this .exe file.

  7. #7
    Join Date
    Jul 2004
    Location
    Fulda, Germany
    Posts
    996
    BTW, I have this program in 4 different locations on my computer. All four show that they were last accessed on the 4th of August. Is there any way we (with XP Home) can find out if we did anything special on a certain date, like installed a security patch or something like that? I'm curious to see who put this program on my computer.

  8. #8
    Join Date
    Nov 2001
    Location
    Towson, Md. USA
    Posts
    1,702
    Okay, if I delete this file from 'search files and folders' will there be anything to clear out of the registry? It seems to be associated with Win Media Player. If that upends the media player then I can just reinstall it, right?
    Best//Donn

    Actor Kevin Kline was asked once (Actor's Studio) how he can play his comedy rolls with such repeated and consistent passion. His response:

    "I don't know, I just can't imagine not being happy."

  9. #9
    Join Date
    Feb 2002
    Location
    Nor'East USA
    Posts
    5,505
    Which version of Media player do you use Donn,
    7.*, 9 and possibly 10 are available I'm pretty sure.

  10. #10
    Join Date
    Nov 2001
    Location
    Towson, Md. USA
    Posts
    1,702
    It's 9.0, I'm on the Compaq this week.
    Best//Donn

    Actor Kevin Kline was asked once (Actor's Studio) how he can play his comedy rolls with such repeated and consistent passion. His response:

    "I don't know, I just can't imagine not being happy."

  11. #11
    Join Date
    Oct 2001
    Location
    Portland
    Posts
    585
    Ok....

    I renamed C:\WINDOWS\inf\unregmp2.exe to unregmp2.bak

    I started up Windows Media Player 10.

    Guess what? C:\WINDOWS\inf\unregmp2.exe returned.

    This particular file can be renamed or deleted and it will return when Windows Media Player is started.

    That should answer both Donn, newbie2004 and anyone else questions.

    It may act like a .dll or something. I have no idea.

    BTW, results may differ between OS and Windows Media Player versions.

  12. #12
    Join Date
    Feb 2002
    Location
    Nor'East USA
    Posts
    5,505
    I have 2 harddrives on my pc both with active primaries and W98SE installed using the WMP that came with that os.

    There is one unregmp2.exe on each drive but one is 140kb while the other is 188kb. I am assuming it may have to do with how many codecs have been downloaded on one and not the other? Who knows, who cares, it ain't broke, I ain't fixing it!

  13. #13
    Join Date
    Nov 2001
    Location
    Towson, Md. USA
    Posts
    1,702
    Precisely my sentiments, Dr. , precisely.

    I got this at Computer Forums:

    http://www.computerforums.org/showthread.php?t=1374

    "Also you may see a desktop.ini on your desktop. The contents look like this if you open it in notepad
    [LocalizedFileNames]
    Windows Media Player.lnk = @C:\WINDOWS\inf\unregmp2.exe,-4
    You must delete this as well as the unregmp2.exe file in the \Windows\inf folder. If you do not your Windows Media Player will no longer work if you click the WMP shortcut. . . ."

    So I tried my WMP from the desk top icon, I developed a habit of using it from a site (Jazzfm.com). . . works fine from the icon. But, y'know, it's funny, now that I think about, before I did the disk wipe, I tried to use WMP to get to my radio stations, but it didn't respond and I had to go to the site (Jazzfm.com, and KFJC.org) and use it from there. But I just thought it needed an update or I didn't secure that address properly--I just didn't relate it to the trouble I was having at the time. I also ran SpyBot and Adaware at the time and AVG and NOD32 for part of the time--always clean runs from desk top or from Safe Mode or minor tracking cookies. If it is being used as a trojan then could it be well disguised as a minor tracker cookie ?

    I also noticed that about half the postings on this file that I looked at said get rid of it, and half said not to. And there was at least one remark that somewhere along the line someone could have been using this file to plant trojans.

    It will be interesting to see if #1. others come to the forum with similar symptoms that I and Angela had--missing sign-in boxes, and CD-ROM or RW gone loco (particularly the Philips brand, two in a row so far), and gone loco intermittently, and #2. if that unregmp2 file is still there and not causing problems after Angela does the Recovery Disksand if she needs a new CD-ROM or RW like I did after the Recovery Disks.

    There's a bunch of questions/info on this file on Google.

    Best//Donn

    Actor Kevin Kline was asked once (Actor's Studio) how he can play his comedy rolls with such repeated and consistent passion. His response:

    "I don't know, I just can't imagine not being happy."

  14. #14
    Join Date
    Mar 2002
    Location
    west Lothian, Scotland.
    Posts
    13,220
    I have "C:\WINDOWS\inf\unregmp2.exe" on Win98 and no problems that I can detect.
    All scans [Ad-Aware, Spybot, A-squared, HJT] are clean.

  15. #15
    Join Date
    Nov 2001
    Location
    Towson, Md. USA
    Posts
    1,702
    and when I ran it on 'search files and folders'

    C:\WINDOWS\inf\unregmp2.exe,-4

    it gives me a file, and right click to properties says it is a Microsoft Windows Media Player Set-up Utility, 188kb size, 192 kb size on the disk, and it is checked off as an archive file.

    Might be a good idea just to keep our radar up for this file and the symptoms mentioned above. Perhaps some little troll somewhere is sending around something that changes it and then disappears or disguises itself and for smiles it flips CD-RWs in such a way that they appear to have hardware problems.

    Then again, perhaps this isn't really happening, and we're all just. . .crazy, or, OR! . . . we're all napped out on the front seats of our cars dreaming this, while actually we're on a continuous loop through all the world's car washes.

    I suspect, however, we are just dreaming this, and that we're all retired millionaires living in the Bahamas, and we're all actually napped-out under our own coconut trees. . . .

    Come to think of it--that makes a lot more sense.

    Best//Donn

    Actor Kevin Kline was asked once (Actor's Studio) how he can play his comedy rolls with such repeated and consistent passion. His response:

    "I don't know, I just can't imagine not being happy."

  16. #16
    Join Date
    Feb 2002
    Location
    Nor'East USA
    Posts
    5,505
    Just my luck someone will come kick the coconut tree and drop one on my noggin...

    And,,, I just checked a virgin install of ME on my son's pc without anything else installed. It also has not been on the internet yet and unregmp2.exe is nowhere to be found on his machine!

    Also looked on my spare pc with 98SE and it is a 212kb file. Clicking on it, the hardrive makes a few clicking sounds (didn't notice the activity light) but nothing opens.

    So now what do we do doc? Is it a terminal disease? A-m-I-g-o-n-n-a-d-i-e-?

  17. #17
    Join Date
    Nov 2001
    Location
    Towson, Md. USA
    Posts
    1,702
    Fruss, you're ok, just, if you wake up, don't roll down the car window, or, if you must--quick-- take off the side panel on the PC and jam it in the window so it can get cleaned out. . . .

    Other than that, when you fall back asleep, check your son's virgin Me, and see what version of WMP is there. . .5.0, 7.0. 9.0? Maybe it comes with an update or upgrade. . .?
    Best//Donn

    Actor Kevin Kline was asked once (Actor's Studio) how he can play his comedy rolls with such repeated and consistent passion. His response:

    "I don't know, I just can't imagine not being happy."

  18. #18
    Join Date
    Feb 2002
    Location
    Nor'East USA
    Posts
    5,505
    It's version 7.00.00.1440 which is what goes with WinME on an OEM disk

  19. #19
    Join Date
    Nov 2001
    Location
    Towson, Md. USA
    Posts
    1,702
    Bump it up to 9.0 and see if unreg shows up. . .?
    Best//Donn

    Actor Kevin Kline was asked once (Actor's Studio) how he can play his comedy rolls with such repeated and consistent passion. His response:

    "I don't know, I just can't imagine not being happy."

  20. #20
    Join Date
    Oct 2001
    Location
    N of the S of Ireland
    Posts
    20,503
    Is WMP itself not spyware and requires thought about how it is configured?
    http://www.iamnotageek.com/a/86-p1.php
    Take nice care of yourselves - Paul - ♪ -
    Help to start using BiNG. Some stuff about Boot CDs & Data Recovery Basics & Back-up using Knoppix.

  21. #21
    Join Date
    Nov 2001
    Location
    Towson, Md. USA
    Posts
    1,702
    Well, yes, I think, that's a given. My only concern is are they putting something in there that'll screw up normal the operating settings of the device. If they want to know how many times a month I use their machine, I don't care, but much more than that I want to eliminate also.

    I deleted unregmp2 in 'search files and folders' then turned on WMP, then went back to 'search files' , and got file not found. I didn't restart though, and one of my radio shows in on til 9 eastern, so I'll wait til then to restart.


    Edit: I restarted it, openned WMP, closed it, checked search files, and it was not there. Hmmmm. Good.
    Last edited by Donn; 11-23-2004 at 09:12 PM.
    Best//Donn

    Actor Kevin Kline was asked once (Actor's Studio) how he can play his comedy rolls with such repeated and consistent passion. His response:

    "I don't know, I just can't imagine not being happy."

  22. #22
    Join Date
    Feb 2002
    Location
    Nor'East USA
    Posts
    5,505
    Oops you edited ahead of me I'll leave it anyway..

    Drum roll please, how long does it take to "Starting Over"? Or for a true geek, would it be, "ReBooting the ole' (hmm, my mind wanders...)?

    I'm not about to put in WMP9 or 10 in a pc I'm just trying to set up. I've got an older HDD I'm planning on trying to 'blow up' boom soon. Maybe I'll put WMP10 on it on fer a few Sh's and giggles just before I invite Jabbernut over with his 'tools'..

  23. #23
    Join Date
    Nov 2001
    Location
    Towson, Md. USA
    Posts
    1,702
    " just before I invite Jabbernut over with his 'tools'.. "

    Oh, now, that sounds ominus, no, please, not. . . .Jabar-and-his-toooools!!!!
    oh noooooooooooo
    Best//Donn

    Actor Kevin Kline was asked once (Actor's Studio) how he can play his comedy rolls with such repeated and consistent passion. His response:

    "I don't know, I just can't imagine not being happy."

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •