topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 5:41 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: malware or ? #1454789523  (Read 17777 times)

holt

  • Member
  • Joined in 2015
  • **
  • Posts: 398
    • View Profile
    • Donate to Member
malware or ? #1454789523
« on: February 06, 2016, 02:32 PM »
The following is a WinPatrol web page about a mystery number representing a program that asks permission to be added to the Start menu:

http://www.winpatrol...;1&0&0&0
« Last Edit: February 06, 2016, 03:18 PM by holt »

KynloStephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,741
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #1 on: February 06, 2016, 02:34 PM »
Anybody want to click that link for me?  :huh:

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #2 on: February 06, 2016, 02:41 PM »
Anybody want to click that link for me?  :huh:

Okay, feeling brave...

[PLUS Info...] is one of the Bonus features of WinPatrol PLUS. Our Community Shield data is now available to make WinPatrol even more valuable.

We only want you to upgrade if you really like WinPatrol. You can also tell your friends that you found valuable free software without toolbars or other crapware.

Your support helps continue the development of WinPatrol allowing us to tell toolbar company's where to stick it when they offer us big bucks to install their crapware.

If you've been using WinPatrol Free version for years, we need you.  WinPatrol v32 has been hard work and this is a good time to upgrade to PLUS.

ehh ...
@Holt -- what was your problem?
Tom

holt

  • Member
  • Joined in 2015
  • **
  • Posts: 398
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #3 on: February 06, 2016, 03:00 PM »
It's a link to a WinPatrol web page for the mystery number; 1454789523; as such, I didn't believe it would cause a problem for anyone. Sorry.
« Last Edit: February 06, 2016, 03:20 PM by holt »

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #4 on: February 06, 2016, 04:19 PM »
It's a link to a WinPatrol web page for the mystery number; 1454789523; as such, I didn't believe it would cause a problem for anyone. Sorry.

ah, okay, no worries -- I guess you've got to be on Winpatrol Plus to see that page properly.
(FWIW I have it but not on this machine)
Tom

holt

  • Member
  • Joined in 2015
  • **
  • Posts: 398
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #5 on: February 06, 2016, 04:48 PM »
After I ran MWB and a few other scans, Win Patrol said the mystery program wanted permission to be added to the Start menu again, and I rejected it again. When I click on 'show folder' nothing happens.

I only have winpatrol freeware.
« Last Edit: February 06, 2016, 08:47 PM by holt »

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: malware or ? #1454789523
« Reply #6 on: February 06, 2016, 09:50 PM »
Anybody want to click that link for me?  :huh:

Let someone else do it for you:

https://archive.is/uKEGy

holt

  • Member
  • Joined in 2015
  • **
  • Posts: 398
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #7 on: February 06, 2016, 10:12 PM »
Anybody want to click that link for me?  :huh:

Let someone else do it for you:

https://archive.is/uKEGy
Any idea what it is, please?

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: malware or ? #1454789523
« Reply #8 on: February 06, 2016, 10:45 PM »
Nope. Sorry. I can't figure out anything on that webpage.

holt

  • Member
  • Joined in 2015
  • **
  • Posts: 398
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #9 on: February 08, 2016, 08:50 AM »
At least once a day winpatrol pops up with a message do I want to allow 1454942036 to be added to the start menu, or not, or to disable; I have chosen 'no' so far. The options to go to the folder or show properties always produce no visible result. Today I ran Process Explorer for Windows XP, and searched for the number, and also for any rogue program names, and found nothing. It is rather frustrating. If not for winpatrol begging me to buy winpatrol plus for 'more info', I would never even know there was anything to it. Scans by MWB and a few other defensive programs find nothing like it. Deozaan found it at https://archive.is/uKEGy a snapshot of winpatrol still with no further info. I keep wondering if it is a subprogram of something legit, but since it has no identifying features except a persistent nagging to be added to the start menu, I am thinking of telling winpatrol to disable it if no further info can be found. If there is no folder, perhaps it is a stand-alone similar to a coding snack. Or, since I have disabled a few legitimate programs to maximize RAM and performance on this vintage laptop, perhaps one of those is trying to selfstart.
« Last Edit: February 08, 2016, 09:12 AM by holt »

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #10 on: February 08, 2016, 09:42 AM »
Why not just write to [email protected] and ask?  I suppose you could refer to this page, just to let the current developer (no longer BillP) know that this issue is getting some attention.  That might provide some encouragement for him to reply quickly.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #11 on: February 08, 2016, 12:16 PM »
Why not just write to [email protected] and ask?  I suppose you could refer to this page, just to let the current developer (no longer BillP) know that this issue is getting some attention.  That might provide some encouragement for him to reply quickly.

When I've had to contact him, he's responded just as quickly as Bill did.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #12 on: February 09, 2016, 05:52 AM »
WinPatrol Plus doesnt have any info about this either -- they say they now have it on record because I searched for it (just in case they tell you there were enquiries!).
I would definitely contact them.
Tom

holt

  • Member
  • Joined in 2015
  • **
  • Posts: 398
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #13 on: February 10, 2016, 10:46 PM »
WinPatrol Plus doesnt have any info about this either -- they say they now have it on record because I searched for it (just in case they tell you there were enquiries!).
I would definitely contact them.
I emailed them yesterday; no word back yet, but I'll post here the instant I get a reply. :)

holt

  • Member
  • Joined in 2015
  • **
  • Posts: 398
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #14 on: February 13, 2016, 02:28 AM »
On my next to last boot, winpatrol no longer found 'new startup program' 1454789523, but one ending in ...1184. I rejected it and rebooted, and now it says it is number 1455351627, with 'company name not included in this program'. I am beginning to suspect these are just arbitrary code numbers assigned by winpatrol to make me buy the pro version. I have quite a few anti-virus and anti-pup programs installed, and none of them are finding anything remotely like this, and I'm not so sure if freeware winpatrol is worth the nag factor anymore.

On reboot, now winpatrol says it is program 1455358278.
« Last Edit: February 13, 2016, 04:18 AM by holt »

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #15 on: February 13, 2016, 04:27 AM »
I am beginning to suspect these are just arbitrary code numbers assigned by winpatrol to make me buy the pro version.

that's not their style -- well it certainly hasn't been their style in the past. (I used their free version for years before eventually going for the paid version).
Tom

holt

  • Member
  • Joined in 2015
  • **
  • Posts: 398
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #16 on: February 13, 2016, 06:19 AM »
I'll take your word for it. I instructed winpatrol to disable itself from its own list of start on boot programs, and it 'proved it was a robot' by happily complying. Nice program, impressive, but none of my other defensive software is giving cryptic numerical warnings like that.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #17 on: February 13, 2016, 09:04 AM »
Did you ever contact them about it?

holt

  • Member
  • Joined in 2015
  • **
  • Posts: 398
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #18 on: February 13, 2016, 12:03 PM »
Did you ever contact them about it?
Affirmative. Several days ago.

mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,645
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #19 on: February 13, 2016, 06:15 PM »
I am beginning to suspect these are just arbitrary code numbers assigned by winpatrol to make me buy the pro version.

I'd think that it's more likely some crapware that randomizes something (filename, registry key, ???) to avoid being easy to detect/remove.  Can you post a screencap of the dialog box that WinPatrol displays (not the "PLUS Info" webpage)?

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #20 on: February 13, 2016, 10:18 PM »
I am beginning to suspect these are just arbitrary code numbers assigned by winpatrol to make me buy the pro version.

Also, considering the fact that many of us that are looking at the page already have plus, that seems unlikely.

holt

  • Member
  • Joined in 2015
  • **
  • Posts: 398
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #21 on: February 14, 2016, 07:50 PM »
Screen shot of winpatrol's mysterious report:
winpatrol 1.jpgmalware or ? #1454789523

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #22 on: February 14, 2016, 08:24 PM »
It's already telling you in the image that they have nothing on the program, i.e. no description found under the blank image.  This is the standard dialog that happens when something tries to register itself.  It's likely that you have a larger problem.  I'd personally be worried.  But if you're not, let it register itself, and then look in the startup locations to see if something has truly registered there before you reboot.  I've had WinPatrol by the simple measure of monitoring save me a lot of trouble when the initial problem didn't trip any other antivirus.

holt

  • Member
  • Joined in 2015
  • **
  • Posts: 398
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #23 on: February 14, 2016, 09:34 PM »
It's already telling you in the image that they have nothing on the program, i.e. no description found under the blank image.  This is the standard dialog that happens when something tries to register itself.  It's likely that you have a larger problem.  I'd personally be worried.  But if you're not, let it register itself, and then look in the startup locations to see if something has truly registered there before you reboot.  I've had WinPatrol by the simple measure of monitoring save me a lot of trouble when the initial problem didn't trip any other antivirus.
Okay, you have my attention and I'm listening and worried.
The past behavior pattern is that no matter what winpatrol option I choose, permit or refuse, it's always back with the same thing on subsequent reboots.
Except--originally it was always the same initial mystery number; now, it changes each reboot.
How about if I post a set of screen shots of winpatrol's startup list with the mystery program rejected, then reboot, permit the item to start, and create a new set. Maybe something will show, maybe not. So here goes...
The next three pictures will be with mystery program rejected by winpatrol from start-up and start menu.
Edit: I rebooted, and the mystery program has not reappeared again yet; if or when it does, I will make a new post here about it, but until it does reappear, I guess there won't be much to say.
« Last Edit: February 14, 2016, 09:57 PM by holt »

mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,645
    • View Profile
    • Donate to Member
Re: malware or ? #1454789523
« Reply #24 on: February 14, 2016, 11:21 PM »
I wish the WinPatrol would give some information on exactly how it was being set as a "Startup Program" in that dialog.  There are several methods such as using various registry keys or being placed in the 'startup folder'.

Clicking on the "Open Folder" or "Properties" link in the warning dialog might give some clue about what the program is.  If nothing else it should give you enough information to copy the file somewhere and do further analysis. Maybe run a "strings" program against the copy to see what text is in the file or submit the file to virustotal, metascan and/or jotti.

You might also want to enable WinPatrol's "Notify me if a Startup Auto Setting is Removed" check-box - it looks like whatever this is that's being registered is also being unregistered (perhaps in an effort to make detection/removal more difficult).

In the Options tab there are some buttons to create a WinPatrol log or Hijack This! log which might be handy, but they don't seem to work for me.