• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

Unknown running program on shutdown

R

Ragnar Midtskogen

Flightless Bird
Hello,
I am running WinXP Pro on a Dell XPS desktop. It is on a home network behind
a router.
For the last few days I get a message on shutdown that program so and so is
running.
The name of the program varies but it is always three characters or
numerals, like n1a or ml8.
I have McAffee, automatically updated and I also did a full scan, but
nothing was found.
I have used Task Manager to check for running programs and it is not there.
I have also looked at the processes but could not find anything suspicious.
I also looked at the running services, but again did not find anything.
It seems this started about the time I installed Adobe Elements 8, but that
may be a coincidence.

I have Googled the problem with no help so far.

Any suggestions would be appreciated.

Ragnar
 
E

Elmo

Flightless Bird
Ragnar Midtskogen wrote:
> Hello,
> I am running WinXP Pro on a Dell XPS desktop. It is on a home network behind
> a router.
> For the last few days I get a message on shutdown that program so and so is
> running.
> The name of the program varies but it is always three characters or
> numerals, like n1a or ml8.
> I have McAfee, automatically updated and I also did a full scan, but
> nothing was found.


It might not be malware, but if it is, it would disable your current a/v
software. Run these as a test:

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html

> I have used Task Manager to check for running programs and it is not there.
> I have also looked at the processes but could not find anything suspicious.
> I also looked at the running services, but again did not find anything.
> It seems this started about the time I installed Adobe Elements 8, but that
> may be a coincidence.
>
> I have Googled the problem with no help so far.
>
> Any suggestions would be appreciated.
>
> Ragnar


--
Joe =o)
 
R

Ragnar Midtskogen

Flightless Bird
Thanks Joe,

Ran the Malwarebytes one, it found three items, alarm.exe, and two Registry
entries
Alarm.exe is a legit part of the Chaos Software calendar.
The two Registry entries control warnings if ativirus and firewall is
disabled. McAfee has its own warnig function, so it disabels the Windows one
to avoid confusing users.
So, I guess the problem is not any kind of malware.

Ragnar
 
T

Twayne

Flightless Bird
In news:uHmDtjFmKHA.5520@TK2MSFTNGP06.phx.gbl,
Ragnar Midtskogen <ragnarm@optonline.net> typed:
> Thanks Joe,
>
> Ran the Malwarebytes one, it found three items, alarm.exe, and two
> Registry entries
> Alarm.exe is a legit part of the Chaos Software calendar.
> The two Registry entries control warnings if ativirus and firewall is
> disabled. McAfee has its own warnig function, so it disabels the
> Windows one to avoid confusing users.
> So, I guess the problem is not any kind of malware.
>
> Ragnar


Hmm, that's bad; wonder how many newbies are getting messed up using that?
Funny though; I've run it and not had it show the win firewall off as a
problem.

HTH,

Twayne
 
J

Jose

Flightless Bird
On Jan 18, 2:19 pm, "Twayne" <nob...@spamcop.net> wrote:
> Innews:uHmDtjFmKHA.5520@TK2MSFTNGP06.phx.gbl,
> Ragnar Midtskogen <ragn...@optonline.net> typed:
>
> > Thanks Joe,

>
> > Ran the Malwarebytes one, it found three items, alarm.exe, and two
> > Registry entries
> > Alarm.exe is a legit part of the Chaos Software calendar.
> > The two Registry entries control warnings if ativirus and firewall is
> > disabled. McAfee has its own warnig function, so it disabels the
> > Windows one to avoid confusing users.
> > So, I guess the problem is not any kind of malware.

>
> > Ragnar

>
> Hmm, that's bad; wonder how many newbies are getting messed up using that?
> Funny though; I've run it and not had it show the win firewall off as a
> problem.
>
> HTH,
>
> Twayne


MBAM will report if one of the three Windows Security reporting
mechanisms (Alert Settings) is disabled, not if it is turned off.

It will look like this in the MBAM report:

Registry Data Items Infected:
HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and
deleted successfully.

Looks like some kind of infection, but it isn't and nothing gets
deleted or changed until you say so.

With your permission, MBAM will change the registry entries back to 0,
enabling the warning again.

This is frustrating for folks that don't want to see for example, the
Automatic Updates warning, disable it on purpose, run MABM, they don't
read the message, let MBAM just fix everything and then they start
seeing the warning messages again. Therefore, the conclusion is their
system is afflicted or MBAM/Windows is broken.

SAS doesn't seem to mind.
 
R

Ragnar Midtskogen

Flightless Bird
Thanks Joe,

Ran the Malwarebytes one, it found three items, alarm.exe, and two Registry
entries
Alarm.exe is a legit part of the Chaos Software calendar.
The two Registry entries control warnings if ativirus and firewall is
disabled. McAfee has its own warnig function, so it disables the Windows one
to avoid confusing users.
So, I guess the problem is not any kind of malware.
In fact, I suspect the program running was part of Adobe Elements' backup
function. When I disabled it the problem went away.

Ragnar
 
E

Elmo

Flightless Bird
Ragnar Midtskogen wrote:
> Thanks Joe,
>
> Ran the Malwarebytes one, it found three items, alarm.exe, and two Registry
> entries
> Alarm.exe is a legit part of the Chaos Software calendar.
> The two Registry entries control warnings if antivirus and firewall is
> disabled. McAfee has its own warning function, so it disables the Windows one
> to avoid confusing users.
> So, I guess the problem is not any kind of malware.
> In fact, I suspect the program running was part of Adobe Elements' backup
> function. When I disabled it the problem went away.
>
> Ragnar


That makes sense.. thanks for reporting back.

[Previous discussion]

Ragnar Midtskogen wrote:
> > Hello,
> > I am running WinXP Pro on a Dell XPS desktop. It is on a home

network behind
> > a router.
> > For the last few days I get a message on shutdown that program so

and so is
> > running.
> > The name of the program varies but it is always three characters or
> > numerals, like n1a or ml8.
> > I have McAfee, automatically updated and I also did a full scan, but
> > nothing was found.


It might not be malware, but if it is, it would disable your current a/v
software. Run these as a test:

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html

> > I have used Task Manager to check for running programs and it is not

there.
> > I have also looked at the processes but could not find anything

suspicious.
> > I also looked at the running services, but again did not find anything.
> > It seems this started about the time I installed Adobe Elements 8,

but that
> > may be a coincidence.
> >
> > I have Googled the problem with no help so far.
> >
> > Any suggestions would be appreciated.
> >
> > Ragnar


--
Joe =o)
 
Top