A problem after a crash
in [Hardware]
|
From: JD on 28 Apr 2010 23:51 Hi Experts :-) I have a computer that I set up about a year ago and it has a C: drive with a strange folder Windows. Just below it is another folder WINNT - for the installed Win2K. The Windows folder has a few files e.g. bnwork.exe, conmser.exe, gjgx.vbe, gjht.vbe, my2.ini, winnetest.exe, and a few more. This drive is NTFS. A few days ago my computer crashed - first time in about 9 months - and since then I keep getting warnings about the gjht.vbe. "The system cannot find the file specified." This .vbe is still there but has only 294 bytes and was probably hit by the crash. The other vbe. has 2.31kB. In this Windows folder there is also a System32 folder with subfolders: chrome, components, cookie, greprefs, ipc, plugins, res and, finally, Update. I can't even remember how this Windows folder got there. Can anyone recognize this situation? I have several NTFS drives on the machine and one FAT32, but the C: drive is on an NTFS. Help appreciated
From: Paul on 29 Apr 2010 02:28 JD wrote: > Hi Experts :-) > > I have a computer that I set up about a year ago and it has a C: drive > with a strange folder Windows. Just below it is another folder WINNT - > for the installed Win2K. The Windows folder has a few files e.g. > bnwork.exe, conmser.exe, gjgx.vbe, gjht.vbe, my2.ini, winnetest.exe, and > a few more. This drive is NTFS. > > A few days ago my computer crashed - first time in about 9 months - and > since then I keep getting warnings about the gjht.vbe. "The system > cannot find the file specified." This .vbe is still there but has only > 294 bytes and was probably hit by the crash. The other vbe. has 2.31kB. > > In this Windows folder there is also a System32 folder with subfolders: > chrome, components, cookie, greprefs, ipc, plugins, res and, finally, > Update. I can't even remember how this Windows folder got there. > > Can anyone recognize this situation? I have several NTFS drives on the > machine and one FAT32, but the C: drive is on an NTFS. > > Help appreciated microsoft.public.windowsxp.general microsoft.public.win2000.general Perhaps groups like that, would have more people who would recognize those files. I tried a search on one of them, and didn't get any substantial hits. Due to the lack of hits in a search engine, I'm going to have to guess "malware" for those "few files". My WinXP partition looks like C: Windows Driver Cache System System32 Temp Program Files My Win2K partition has C: Windows Driver Cache System System32 Temp Program Files Those are very quick snapshots of the structure, without listing all the directories of interest. I'm currently searching for a WINNT somewhere, but not finding it. There are plenty of references to WINNT in driver downloads, but that is about it. My installs are on separate disks, which could account for the differences. Maybe other weirdness happens, if they're on the same partition (upgrade install). Someone in a Microsoft.* group would likely know. Things like chrome, components, and plugins, smells like a browser you installed at some point. I have a "greprefs" in a Firefox install, but a number of browsers share that kind of stuff. Paul
From: JD on 29 Apr 2010 13:06 Paul wrote: > JD wrote: >> Hi Experts :-) >> >> I have a computer that I set up about a year ago and it has a C: drive >> with a strange folder Windows. Just below it is another folder WINNT - >> for the installed Win2K. The Windows folder has a few files e.g. >> bnwork.exe, conmser.exe, gjgx.vbe, gjht.vbe, my2.ini, winnetest.exe, >> and a few more. This drive is NTFS. >> >> A few days ago my computer crashed - first time in about 9 months - >> and since then I keep getting warnings about the gjht.vbe. "The system >> cannot find the file specified." This .vbe is still there but has only >> 294 bytes and was probably hit by the crash. The other vbe. has 2.31kB. >> >> In this Windows folder there is also a System32 folder with >> subfolders: chrome, components, cookie, greprefs, ipc, plugins, res >> and, finally, Update. I can't even remember how this Windows folder >> got there. >> >> Can anyone recognize this situation? I have several NTFS drives on the >> machine and one FAT32, but the C: drive is on an NTFS. >> >> Help appreciated > > microsoft.public.windowsxp.general > microsoft.public.win2000.general > > Perhaps groups like that, would have more people who would recognize those > files. I tried a search on one of them, and didn't get any substantial > hits. > Due to the lack of hits in a search engine, I'm going to have to guess > "malware" for those "few files". > > My WinXP partition looks like > > C: > Windows > Driver Cache > System > System32 > Temp > Program Files > > My Win2K partition has > > C: > Windows > Driver Cache > System > System32 > Temp > Program Files > > Those are very quick snapshots of the structure, without listing all the > directories of interest. I'm currently searching for a WINNT somewhere, but > not finding it. There are plenty of references to WINNT in driver > downloads, > but that is about it. > > My installs are on separate disks, which could account for the differences. > Maybe other weirdness happens, if they're on the same partition (upgrade > install). Someone in a Microsoft.* group would likely know. > > Things like chrome, components, and plugins, smells like a browser you > installed > at some point. I have a "greprefs" in a Firefox install, but a number of > browsers > share that kind of stuff. > > Paul Thanks again Paul. I renamed that Window to WindowC and there is some squawking from my firewall and a few other sources. Will keep monitoring.
From: JD on 29 Apr 2010 14:07 JD wrote: > Paul wrote: >> JD wrote: >>> Hi Experts :-) >>> >>> I have a computer that I set up about a year ago and it has a C: >>> drive with a strange folder Windows. Just below it is another folder >>> WINNT - for the installed Win2K. The Windows folder has a few files >>> e.g. bnwork.exe, conmser.exe, gjgx.vbe, gjht.vbe, my2.ini, >>> winnetest.exe, and a few more. This drive is NTFS. >>> >>> A few days ago my computer crashed - first time in about 9 months - >>> and since then I keep getting warnings about the gjht.vbe. "The >>> system cannot find the file specified." This .vbe is still there but >>> has only 294 bytes and was probably hit by the crash. The other vbe. >>> has 2.31kB. >>> >>> In this Windows folder there is also a System32 folder with >>> subfolders: chrome, components, cookie, greprefs, ipc, plugins, res >>> and, finally, Update. I can't even remember how this Windows folder >>> got there. >>> >>> Can anyone recognize this situation? I have several NTFS drives on >>> the machine and one FAT32, but the C: drive is on an NTFS. >>> >>> Help appreciated >> >> microsoft.public.windowsxp.general >> microsoft.public.win2000.general >> >> Perhaps groups like that, would have more people who would recognize >> those >> files. I tried a search on one of them, and didn't get any substantial >> hits. >> Due to the lack of hits in a search engine, I'm going to have to guess >> "malware" for those "few files". >> >> My WinXP partition looks like >> >> C: >> Windows >> Driver Cache >> System >> System32 >> Temp >> Program Files >> >> My Win2K partition has >> >> C: >> Windows >> Driver Cache >> System >> System32 >> Temp >> Program Files >> >> Those are very quick snapshots of the structure, without listing all the >> directories of interest. I'm currently searching for a WINNT >> somewhere, but >> not finding it. There are plenty of references to WINNT in driver >> downloads, >> but that is about it. >> >> My installs are on separate disks, which could account for the >> differences. >> Maybe other weirdness happens, if they're on the same partition (upgrade >> install). Someone in a Microsoft.* group would likely know. >> >> Things like chrome, components, and plugins, smells like a browser you >> installed >> at some point. I have a "greprefs" in a Firefox install, but a number >> of browsers >> share that kind of stuff. >> >> Paul > > Thanks again Paul. > > I renamed that Window to WindowC and there is some squawking > from my firewall and a few other sources. Will keep monitoring. I just had a thought. Microshaft regularly "updates" my Win2K and IE. They might have added that oddball Windows material.
From: kony on 2 May 2010 13:05
On Thu, 29 Apr 2010 11:07:02 -0700, JD <JD(a)NoDen.con> wrote: >> I renamed that Window to WindowC and there is some squawking >> from my firewall and a few other sources. Will keep monitoring. > >I just had a thought. Microshaft regularly >"updates" my Win2K and >IE. They might have added that oddball Windows >material. Doubtful, they look like malware. Check the file creation dates and do a file search for other files created around the same time, there may be other suspicious ones you need to remove. Run a malware and antivirus scanner, but it is often easier to pull the whole drive out and scan it on another system so there isn't any malware running at the time which often tries to protect and reproduce itself. |