| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 112271 | 2010-08-30 07:52:00 | Some suspect files..? | forrest44 (754) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1133036 | 2010-08-30 07:52:00 | After formatting the hard drive and re-installing Win XP Pro for my old HP computer using the recovery disk, I noticed a folder C:\ICRTOILD, which contains a few files: CLEANPOP (shortcut) CLEANPOP.REG DOSMOD.EXE ICRTOILD.EXE SHCICR.TXT SHICRLD (shortcut) SHILD.CMD WINRUN.EXE I've scanned the EXE files with some online virus scanners and everything appears OK. Does anyone know what these files are for? |
forrest44 (754) | ||
| 1133037 | 2010-08-30 08:06:00 | If it came from the HP recovery disk then it's most probably some weird HP utility program. What does the TXT and REG files contain? That might give some clues as to what it does. |
Agent_24 (57) | ||
| 1133038 | 2010-08-30 08:49:00 | When I get something like this I winrar or winzip the folder and delete the original, leaving the winrar/zipped file in the correct place so it is easy to remember where it is placed. After a month of two if all seems ok and the computer hasn't complained about missing files then I either delete the winrar/zipped file or store it in My Docs for a while then finally after a while delete for good. |
zqwerty (97) | ||
| 1133039 | 2010-08-30 08:57:00 | When I get something like this I winrar or winzip the folder and delete the original, leaving the winrar/zipped file in the correct place so it is easy to remember where it is placed. After a month of two if all seems ok and the computer hasn't complained about missing files then I either delete the winrar/zipped file or store it in My Docs for a while then finally after a while delete for good. Just done that. Good advice I think :) |
forrest44 (754) | ||
| 1133040 | 2010-08-30 09:27:00 | Upload your ZIP file to Rapidshare or something and I'll have a look if you want | Agent_24 (57) | ||
| 1133041 | 2010-08-30 09:32:00 | Install an AV program then scan them | Speedy Gonzales (78) | ||
| 1133042 | 2010-08-30 09:53:00 | I highly doubt that it's a virus, since it would appear to have come from an HP restore disk. It's probably a utility for doing some certain tasks related to restoring Windows from the recovery disk. The TXT file in the folder probably contains information that would shed some light on it. |
Agent_24 (57) | ||
| 1133043 | 2010-08-30 10:04:00 | The winrun can be very suspect. It could be a file named that way by HP, but its is also a very well known name of spyware/ trojans As described here (www.threatexpert.com) - do a google search of winrun.exe and just about all the answers say infection. | wainuitech (129) | ||
| 1133044 | 2010-08-30 10:43:00 | Upload your ZIP file to Rapidshare or something and I'll have a look if you want rapidshare.com |
forrest44 (754) | ||
| 1133045 | 2010-08-30 10:57:00 | Well they dont contain any viruses so thats a good thing :D The files are not exactly to helpful in saying what they really do, apart from the obvious. {ADDLINES AT END} ; ; Copy icrtoild.exe in startup directory ; "c:\i386\regedit /S c:\icrtoild\cleanpop.reg" "c:\icrtoild\SHILD.cmd" @echo off REM ------------------------------------------------------------ REM Copies Microsoft Shortcut in the startup directory (localized) REM ------------------------------------------------------------ c:\icrtoild\Winrun /COPY C:\icrtoild\cleanpop.lnk idCmnStartup\cleanpop.lnk c:\icrtoild\Winrun /COPY C:\icrtoild\shicrild.lnk idCmnStartup\shicrild.lnk c:\i386\regedit /S c:\icrtoild\cleanpop.reg rem c:\icrtoild\reg UPDATE HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\tips\Show=dword:00000000 |
wainuitech (129) | ||
| 1 2 | |||||