Results 1 to 4 of 4
  1. #1
    Member buttoni's Avatar
    Join Date
    Jun 2005
    Location
    Central Texas
    Posts
    154
    Points
    12

    Default Explorer.EXE filename difference and Jotti Question

    When I run a HJT log, at the top in running processes is:
    C:\WINDOWS\Explorer.EXE (which is "My Computer" & Win Explorer)

    But Task Manager shows the running process: EXPLORER.EXE
    Why does the filename appear differently in task manager?

    Just for the heck of it, I wanted to try this jotti scan often recommended on this forum, so I uploaded it there. All 14 scanners showed "Found Nothing".

    Service load: 0% 100%

    File: EXPLORER.EXE
    Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5 a0732187050030ae399b241436565e64
    Packers detected: -
    Scanner results
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    UNA Found nothing
    VBA32 Found nothing

    Powered by ........



    Then way down at the bottom of the page, this appears:

    Statistics
    Last file scanned at least one scanner reported something about: TR/Spy.Perfloger.O in [savefile]050720074627_B3Warper.rar, detected by:

    Scanner Malware name
    AntiVir TR/Spy.Perfloger.O
    ArcaVir Trojan.Spy.Perfloger.O
    Avast Win32:Perfloger-D
    AVG Antivirus X
    BitDefender Trojan.Keylogger.RT.A
    ClamAV X
    Dr.Web not a virus Tool.GameCrack
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus not-a-virus:Monitor.Win32.Perflogger.az
    NOD32 Win32/Keylogger.HotKeysHook.A
    Norman Virus Control X
    UNA X
    VBA32 Trojan.Win32.Keylogger.HotKeysHook.A

    Could someone with more experience with jotti.org explain to me what the "statistics" section of the page refers to? Does it refer to the file that I uploaded, or one that was uploaded by the last person before me to visit the site? If it refers to my uploaded file, why do all the scanners, under scan results, say found nothing?????? I'm confused.

    If the statistics section of the website refer to the file I uploaded, you'll be wanting to move this post to the spyware help forum, because I'm sure going to need help getting rid of those nasty sounding things if they're on my system. I do hope that is not the case.
    SYSTEM SPECS: HP Pavilion p6-2120t desktop, Intel Pentium Quad Core, 8GB DDR#-1333MHz SDRAM (2 DIMMS), HP 23" HP 2311 LED monitor, Realtek PCI GBE Family Controller, Integrated sound, HP SATA 16X HD,
    Windows 7x64 Home Premium; Firefox 13.0.1 default; IE8; ATT DSL 2Wire modem/router; Yahoo Web Mail;
    Comodo FW 5.10 (D+ & Sandbox enabled); MSSE; MBAM on demand.

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi Peggy

    When I run a HJT log, at the top in running processes is:
    C:\WINDOWS\Explorer.EXE (which is "My Computer" & Win Explorer)

    But Task Manager shows the running process: EXPLORER.EXE
    Why does the filename appear differently in task manager?
    Both are references to yourlegitimate explorer.exe file

    the fact one is in upper and one is in lower case doesn't mean a thing.. it's just how the different programs decide to show it.

    And at jotti...

    the malware referred to is the last infected file uploaded by someone else so don't worry about it. :lol:

    cheers

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #3
    Member buttoni's Avatar
    Join Date
    Jun 2005
    Location
    Central Texas
    Posts
    154
    Points
    12

    Default

    Thanks, Steam. Boy, you hit it early this morning!

    I figured that was the case. I don't think I want any of THOSE "diseases" on my system.

    Once again, thanks for the prompt reply and thanks for being there to help folks like me.
    SYSTEM SPECS: HP Pavilion p6-2120t desktop, Intel Pentium Quad Core, 8GB DDR#-1333MHz SDRAM (2 DIMMS), HP 23" HP 2311 LED monitor, Realtek PCI GBE Family Controller, Integrated sound, HP SATA 16X HD,
    Windows 7x64 Home Premium; Firefox 13.0.1 default; IE8; ATT DSL 2Wire modem/router; Yahoo Web Mail;
    Comodo FW 5.10 (D+ & Sandbox enabled); MSSE; MBAM on demand.

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    You're welcome Peggy :wink:

    I'll lock this thread now

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -