Hi,
I have a horrible malware that cannot be removed.
I have been working with microsoft-who may have given up now, since they cannot help on the phone- but they want to know what is the source of the numbers that xplorer lists for the drive, the recycle bin, the wierd malware icons that show up on the desktops, etc.
MS asked if the source of the info is in the registry or where? I did not know.
Xplorer is wonderful. Great app. Nearly has survived my malware. It shows more info on the malware than anything else. The preview pane is great, I can tell if a .log, .txt, etc is real or malware due to the preview or lack thereof.
So if possible, what is the source of the designation on the drive, recycle, icons, or other files.
Thank you for your help and for your great app. If I ever get a job again I will purchase your pro version. I recommend it to everyone.
Thanks
Quirkly
source of identifying numbers on hard drive, recycle bin
Moderators: fgagnon, nikos, Site Mods
-
quirkly
- New Member
- Posts: 2
- Joined: 2009 May 08, 19:15
-
fgagnon
- Site Admin
- Posts: 3737
- Joined: 2003 Sep 08, 19:56
- Location: Springfield
If you are speaking of references like the following:
::{645FF040-5081-101B-9F08-00AA002F954E}
::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
they are the registered class identifiers (a.k.a.: CLSIDs) used by x2 for special items which are not simple file system objects.
(The above two examples are the "Recycle Bin" and "My Computer".)
b.t.w., I doubt it when you say
::{645FF040-5081-101B-9F08-00AA002F954E}
::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
they are the registered class identifiers (a.k.a.: CLSIDs) used by x2 for special items which are not simple file system objects.
(The above two examples are the "Recycle Bin" and "My Computer".)
b.t.w., I doubt it when you say
Whether or not a preview is available has nothing to do with whether an item is malicious....I can tell if a .log, .txt, etc is real or malware due to the preview or lack thereof.
-
quirkly
- New Member
- Posts: 2
- Joined: 2009 May 08, 19:15
thank you, availibity of preview
[quote="fgagnon"]If you are speaking of references like the following:
::{645FF040-5081-101B-9F08-00AA002F954E}
::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
they are the registered class identifiers (a.k.a.: CLSIDs) used by x2 for special items which are not simple file system objects.
(The above two examples are the "Recycle Bin" and "My Computer".)
b.t.w., I doubt it when you say [quote]...I can tell if a .log, .txt, etc is real or malware due to the preview or lack thereof. [/quote]Whether or not a preview is available has nothing to do with whether an item is malicious.[/quote]
Thanks for your info. CLSID items are also refed in the registry. Where does xplorer read the CLSID from? (Unless that is propretary.)
Any thoughts on why I would have a CLSID special item, shown as a text type icon with no extention on my desktop? I cannot delete or move it. It is malware, hence why I am asking on
Further explaination-some of the malware is readable in preview. Others, txt, log, exe, lnk, etc. type malware items are seen but are not readable in preview. What governs the availiblity of preview? I have an SQL.log on a desktop that does not show up in preview, is not deleteable, or otherwise able to be affected by other regular operations (zip, cutpaste)
Thanks again,
Quirkly
::{645FF040-5081-101B-9F08-00AA002F954E}
::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
they are the registered class identifiers (a.k.a.: CLSIDs) used by x2 for special items which are not simple file system objects.
(The above two examples are the "Recycle Bin" and "My Computer".)
b.t.w., I doubt it when you say [quote]...I can tell if a .log, .txt, etc is real or malware due to the preview or lack thereof. [/quote]Whether or not a preview is available has nothing to do with whether an item is malicious.
[/quote]Thanks for your info. CLSID items are also refed in the registry. Where does xplorer read the CLSID from? (Unless that is propretary.)
Any thoughts on why I would have a CLSID special item, shown as a text type icon with no extention on my desktop? I cannot delete or move it. It is malware, hence why I am asking on
Further explaination-some of the malware is readable in preview. Others, txt, log, exe, lnk, etc. type malware items are seen but are not readable in preview. What governs the availiblity of preview? I have an SQL.log on a desktop that does not show up in preview, is not deleteable, or otherwise able to be affected by other regular operations (zip, cutpaste)
Thanks again,
Quirkly
-
fgagnon
- Site Admin
- Posts: 3737
- Joined: 2003 Sep 08, 19:56
- Location: Springfield
@ Where does xplorer read the CLSID from? -
I didn't write the code, but I suspect from the running shell &/or shell extension -- which would have got it from the registry. Windows special objects like "My Computer" and "Recycle Bin" could be hard-coded in x2. (nikos would have the definitive answer.)
@ Any thoughts on why ...
not a clue.
@ It is malware -
How do you know? (i.e.: what does it do that is bad?)
@ What governs the availability of preview? -
Tools | Options... | Window | Quick viewer settings
and many items in the FAQ (search on "preview")
and "Using Quick Viewer" in the User Manual.
Further there is no sane way to even guess the source of your problems without knowing your OS and configuration and history.
I didn't write the code, but I suspect from the running shell &/or shell extension -- which would have got it from the registry. Windows special objects like "My Computer" and "Recycle Bin" could be hard-coded in x2. (nikos would have the definitive answer.)
@ Any thoughts on why ...
not a clue.
@ It is malware -
How do you know? (i.e.: what does it do that is bad?)
@ What governs the availability of preview? -
Tools | Options... | Window | Quick viewer settings
and many items in the FAQ (search on "preview")
and "Using Quick Viewer" in the User Manual.
Further there is no sane way to even guess the source of your problems without knowing your OS and configuration and history.
-
nikos
- Site Admin
- Posts: 16296
- Joined: 2002 Feb 07, 15:57
- Location: UK
-
Cosmo
- Gold Member
- Posts: 465
- Joined: 2007 Apr 17, 11:09
It is a die-hard misbelieve, that a compromised system can get cleaned except by either
- reformatting and new installation or
- restoring an image (if there is any).
Reading that MS gave up, this seems to be the very case here.
And for the future there should be learned, that a system, that get's used with an limited account can hardly get compromised at all, only the account, and that can get exchanged rather easily. Only downside: If the user finds it funny to hunt for malware he might loose much fun.
Until then: We know now that there is another malware-catapult in the net.
- reformatting and new installation or
- restoring an image (if there is any).
Reading that MS gave up, this seems to be the very case here.
And for the future there should be learned, that a system, that get's used with an limited account can hardly get compromised at all, only the account, and that can get exchanged rather easily. Only downside: If the user finds it funny to hunt for malware he might loose much fun.
Until then: We know now that there is another malware-catapult in the net.
-
nikos
- Site Admin
- Posts: 16296
- Joined: 2002 Feb 07, 15:57
- Location: UK
i use a normal (limited) user account and i never had a problem in the last 3 years, and so should you! www.zabkat.com/blog/18Nov07.htm