Is this legit file?

[Guest SANTANDER]

1) Is this unxxx.bat legit system file or need be removed? (has created

recently):

 

C:\WINDOWS\system32\unxxx.bat

 

and it code(in notepad):

 

:pp

del "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe"

if exist "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe" goto pp

del "C:\WINDOWS\system32\unxxx.bat"

 

 

2) is this Jview.dll legit system file or need be removed? (with

corresponding registry key)

 

C:\WINDOWS\AppPatch\Jview.dll

[Guest Tom [Pepper] Willett]

Re: Is this legit file?

 

If you google both of those files, you'll find they are not legit, but that

your machine is infected.

 

"SANTANDER" <santander@microsoft.news> wrote in message

news:%23tdJe041IHA.5944@TK2MSFTNGP04.phx.gbl...

: 1) Is this unxxx.bat legit system file or need be removed? (has created

: recently):

:

: C:\WINDOWS\system32\unxxx.bat

:

: and it code(in notepad):

:

::pp

: del "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe"

: if exist "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe" goto pp

: del "C:\WINDOWS\system32\unxxx.bat"

:

:

: 2) is this Jview.dll legit system file or need be removed? (with

: corresponding registry key)

:

: C:\WINDOWS\AppPatch\Jview.dll

:

[Guest PA Bear [MS MVP]]

Re: Is this legit file?

 

Unexplained computer behavior may be caused by deceptive software

http://support.microsoft.com/kb/827315

 

Run a /thorough/ check for hijackware, including posting your hijackthis log

to an appropriate forum.

 

Checking for/Help with Hijackware

http://aumha.org/a/parasite.htm

http://aumha.org/a/quickfix.htm

http://aumha.net/viewtopic.php?t=5878

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

http://mvps.org/winhelp2002/unwanted.htm

http://inetexplorer.mvps.org/data/prevention.htm

http://inetexplorer.mvps.org/tshoot.html

http://www.mvps.org/sramesh2k/Malware_Defence.htm

http://defendingyourmachine2.blogspot.com/

http://www.elephantboycomputers.com/page2.html#Removing_Malware

 

When all else fails, HijackThis v2.0.2

(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.

It will help you to both identify and remove any hijackware/spyware with

assistance from an expert. **Post your log to

http://aumha.net/viewforum.php?f=30,

http://forums.spybot.info/forumdisplay.php?f=22,

http://castlecops.com/forum67.html, or other appropriate forums for review

by an expert in such matters, not here.**

 

If the procedures look too complex - and there is no shame in admitting this

isn't your cup of tea - take the machine to a local, reputable and

independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

 

SANTANDER wrote:

> 1) Is this unxxx.bat legit system file or need be removed? (has created

> recently):

>

> C:\WINDOWS\system32\unxxx.bat

>

> and it code(in notepad):

>

>> pp

> del "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe"

> if exist "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe" goto pp

> del "C:\WINDOWS\system32\unxxx.bat"

>

>

> 2) is this Jview.dll legit system file or need be removed? (with

> corresponding registry key)

>

> C:\WINDOWS\AppPatch\Jview.dll

[Guest Kayman]

Re: Is this legit file?

 

On Thu, 26 Jun 2008 16:04:04 +0300, SANTANDER wrote:

> 1) Is this unxxx.bat legit system file or need be removed? (has created

> recently):

>

> C:\WINDOWS\system32\unxxx.bat

>

> and it code(in notepad):

>

> :pp

> del "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe"

> if exist "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe" goto pp

> del "C:\WINDOWS\system32\unxxx.bat"

>

>

> 2) is this Jview.dll legit system file or need be removed? (with

> corresponding registry key)

>

> C:\WINDOWS\AppPatch\Jview.dll

 

1. CCleaner - Free

Cleans temporary internet files, cookies, history, recent urls, application

MRUs, etc. ...

http://www.filehippo.com/download_ccleaner/

If Windows Defender is utilized go to Applications, under Utilities

uncheck "Windows Defender".

 

2. Download David H. Lipman's MULTI_AV.EXE from the URL:

http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

http://www.pctipp.ch/downloads/dl/35905.asp

English:

http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/

 

To use this utility, perform the following...

Execute; Multi_AV.exe {Note: You must use the default folder C:\AV-CLS}

Choose; Unzip

Choose; Close

 

Execute; C:\AV-CLS\StartMenu.BAT

{or Double-click on 'Start Menu' in C:\AV-CLS}

 

NOTE: You may have to disable your software FireWall or allow WGET.EXE to

go through your FireWall to allow it to download the needed AV vendor

related files.

 

C:\AV-CLS\StartMenu.BAT -- {or Double-click on 'Start Menu' in C:\AV-CLS}

This will bring up the initial menu of choices and should be executed in

Normal Mode.

This way all the components can be downloaded from each AV vendor's web

site.

The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and

Reboot the PC.

 

You can choose to go to each menu item and just download the needed files

or you can download the files and perform a scan in Normal Mode. Once you

have downloaded the files needed for each scanner you want to use, you

should reboot the PC into Safe Mode [F8 key during boot] and re-run the

menu again and choose which scanner you want to run in Safe

Mode. It is suggested to run the scanners in both Safe Mode and Normal

Mode.

 

When the menu is displayed hitting 'H' or 'h' will bring up a more

comprehensive PDF help file.

 

Additional Instructions:

http://pcdid.com/Multi_AV.htm

[Guest SANTANDER]

Re: Is this legit file?

 

 

"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

news:%23EFvdp51IHA.5664@TK2MSFTNGP02.phx.gbl...

> Unexplained computer behavior may be caused by deceptive software

> http://support.microsoft.com/kb/827315

>

> Run a /thorough/ check for hijackware, including posting your hijackthis

> log to an appropriate forum.

>

> Checking for/Help with Hijackware

> http://aumha.org/a/parasite.htm

> http://aumha.org/a/quickfix.htm

> http://aumha.net/viewtopic.php?t=5878

> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

> http://mvps.org/winhelp2002/unwanted.htm

> http://inetexplorer.mvps.org/data/prevention.htm

> http://inetexplorer.mvps.org/tshoot.html

> http://www.mvps.org/sramesh2k/Malware_Defence.htm

> http://defendingyourmachine2.blogspot.com/

> http://www.elephantboycomputers.com/page2.html#Removing_Malware

>

> When all else fails, HijackThis v2.0.2

> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.

> It will help you to both identify and remove any hijackware/spyware with

> assistance from an expert. **Post your log to

> http://aumha.net/viewforum.php?f=30,

> http://forums.spybot.info/forumdisplay.php?f=22,

> http://castlecops.com/forum67.html, or other appropriate forums for review

> by an expert in such matters, not here.**

>

> If the procedures look too complex - and there is no shame in admitting

> this isn't your cup of tea - take the machine to a local, reputable and

> independent (i.e., not BigBoxStoreUSA) computer repair shop.

>

> --

> ~Robear Dyer (PA Bear)

> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

> AumHa VSOP & Admin http://aumha.net

> DTS-L http://dts-l.net/

>

> SANTANDER wrote:

>> 1) Is this unxxx.bat legit system file or need be removed? (has created

>> recently):

>>

>> C:\WINDOWS\system32\unxxx.bat

>>

>> and it code(in notepad):

>>

>>> pp

>> del "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe"

>> if exist "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe" goto pp

>> del "C:\WINDOWS\system32\unxxx.bat"

>>

>>

>> 2) is this Jview.dll legit system file or need be removed? (with

>> corresponding registry key)

>>

>> C:\WINDOWS\AppPatch\Jview.dll

-----------

 

I already checked with antivirus and HijackThis v2.0.2, antiviris detected

Jview.dll as virus, but I wanted know was it this legit system file or just

malware.

As to unxxx.bat, it has not been detected by antivirus, and not marked by

HijackThis, but Deckard's System Scanner just specified it as recentrly

created, and it looks suspicious.

 

Thanks

[Guest Jordon]

Re: Is this legit file?

 

SANTANDER wrote:

> As to unxxx.bat, it has not been detected by antivirus, and not marked

> by HijackThis, but Deckard's System Scanner just specified it as

> recentrly created, and it looks suspicious.

 

A batch file (by itself) can't be a virus because it contains only

text. But a virus could create a batch file that could use other

scripts or system commands to wreak havoc.

 

--

Jordon

[Guest PA Bear [MS MVP]]

Re: Is this legit file?

 

Post your HJT log in an appropriate forum for review.

 

SANTANDER wrote:

> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

> news:%23EFvdp51IHA.5664@TK2MSFTNGP02.phx.gbl...

>> Unexplained computer behavior may be caused by deceptive software

>> http://support.microsoft.com/kb/827315

>>

>> Run a /thorough/ check for hijackware, including posting your hijackthis

>> log to an appropriate forum.

>>

>> Checking for/Help with Hijackware

>> http://aumha.org/a/parasite.htm

>> http://aumha.org/a/quickfix.htm

>> http://aumha.net/viewtopic.php?t=5878

>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

>> http://mvps.org/winhelp2002/unwanted.htm

>> http://inetexplorer.mvps.org/data/prevention.htm

>> http://inetexplorer.mvps.org/tshoot.html

>> http://www.mvps.org/sramesh2k/Malware_Defence.htm

>> http://defendingyourmachine2.blogspot.com/

>> http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>

>> When all else fails, HijackThis v2.0.2

>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.

>> It will help you to both identify and remove any hijackware/spyware with

>> assistance from an expert. **Post your log to

>> http://aumha.net/viewforum.php?f=30,

>> http://forums.spybot.info/forumdisplay.php?f=22,

>> http://castlecops.com/forum67.html, or other appropriate forums for

>> review

>> by an expert in such matters, not here.**

>>

>> If the procedures look too complex - and there is no shame in admitting

>> this isn't your cup of tea - take the machine to a local, reputable and

>> independent (i.e., not BigBoxStoreUSA) computer repair shop.

>>

>> --

>> ~Robear Dyer (PA Bear)

>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

>> AumHa VSOP & Admin http://aumha.net

>> DTS-L http://dts-l.net/

>>

>> SANTANDER wrote:

>>> 1) Is this unxxx.bat legit system file or need be removed? (has created

>>> recently):

>>>

>>> C:\WINDOWS\system32\unxxx.bat

>>>

>>> and it code(in notepad):

>>>

>>>> pp

>>> del "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe"

>>> if exist "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe" goto pp

>>> del "C:\WINDOWS\system32\unxxx.bat"

>>>

>>>

>>> 2) is this Jview.dll legit system file or need be removed? (with

>>> corresponding registry key)

>>>

>>> C:\WINDOWS\AppPatch\Jview.dll

> -----------

>

> I already checked with antivirus and HijackThis v2.0.2, antiviris detected

> Jview.dll as virus, but I wanted know was it this legit system file or

> just

> malware.

> As to unxxx.bat, it has not been detected by antivirus, and not marked by

> HijackThis, but Deckard's System Scanner just specified it as recentrly

> created, and it looks suspicious.

>

> Thanks