Computer Hope
Microsoft => Microsoft Windows => Windows XP => Topic started by: Jp on March 11, 2007, 07:41:26 PM
-
Hey Hows it goin ! ::)
Have any idea why I am getting this, when analyzing my start up conf. ?
Does it mean ? what it says ?
Name: AolSoftware
Filename: aolsoftware.exe
Command: C:\Windows\aolsoftware.exe
Description: Added by the W32/Tilebot-CL worm and IRC backdoor. This infection should not be confused with the legitimate AOL file which can be found here.
File Location: %WinDir%
Startup Type: This startup entry is installed as a Windows NT, 2000, 2003, or XP service.
Service Name: aolsoftware
Service Display Name: AolSoftware
HijackThis Category: O23 Entry
Note: %Windir% refers to the Windows installation folder. By default, this is C:\Windows for Windows 95/98/ME/XP or C:\Winnt for Windows NT/2000.
Removal Instructions: How to remove a Trojan, Virus, Worm, or other Malware
This is an undesirable program.
This file has been identified as a program that is undesirable to have running on your computer.
This consists of programs that are misleading, harmful, or undesirable.
If the description states that it is a piece of malware, you should immediately run an
antivirus and antispyware program.
MY OS: Microsoft Windows XP
Home Edition
Version 2002
AOL is my IS ? :-?
Jp
-
Sounds accurate.
-
patio,
Can you give me an idea, why it is called AOL software ?
I mean do you know what this is ? is it part of my AOL Internet access ?
What's it all about, why would AOL do this ?
Jp
-
It's called that because a lot of people who make malware try to disguise it as legitimate programs. Just because it's called AOLSoftware, that doesn't mean it was put on your computer by AOL. AOL does add an AOLSoftware.exe, but usually somewhere in the Common Files folder. You should only have to worry if you find it in your C:\Windows folder.
-
CBMatt,
Thanks, mind if I try to get a little more info ?,. . .
Appreciate it if you would take a look at this;
Startup Item Command
AOLSoftware C:\Program Files\Com
Location
HKLM\Software\Microsoft\Windows\CurrentVer...
Can you tell me what location is this ?
Why has this not been detected by the Prevx 1 Console installed of my system?
What is it therefore, i.e., what mischief is it up to ?? >:( !!
Jp
-
I'm sure it's not exactly the same on all computers, but according to HijackThis, my aolsoftware.exe is located in the C:\Program Files\Common Files\AOL\1150582181\ee folder. Yours should be in a similar folder. If not, simply do a system-wide search for the file. When you find it, go to VirusTotal (http://www.virustotal.com), click on Browse (near the top of the page), select the file, and click on Send. This will scan the file for you and should hopefully put your worries to rest.
Prevx1 probably isn't detecting the file because the one you have is legitimate and not malware.
That HKLM location is referring to the file's registry entry, which is HKEY_LOCAL_MACHINE\Software\Microsoft\CurrentVersion\Run\HostManager.
Keep in mind that there are TWO versions of AOLSoftware.exe. One is a trojan (look here (http://www.bleepingcomputer.com/startups/aolsoftware.exe-13800.html)). One is a normal AOL file (look here (http://www.castlecops.com/s12420-AOLSoftware_exe.html)) that is used for pre-loading AOL so that when you go to open the program, it will open faster.
I understand your concern, but it is most likely nothing to worry about. However, if you're still worried, you can remove the file. It's not essential to make AOL work; it simply makes it load faster.
-
Command: C:\Windows\aolsoftware.exe
We already know it's in his C:\Windows\ directory. Download Anti-virus / Anti-Spyware software and run it. That should get rid of it.
-Rock
-
CBMatt,
So far this is the information found on this file;
Name
AOLSOFTWARE.EXEC-1D415B...
In Folder Size TYpe Date Modified
C:\WINDOWS\Prefetch 36KB PF File 3/10/2007 2:46 PM
I went to VIRUSTOTAL and when I went to browse and entered
Local Disc(C:) (I don't no why the happy face got in here?)
placed the title, AOLSOFTWARE.EXEC-1D415B...
Pressed open and got;
File not found, please verify correct name and re-enter.
Have any idea what is wrong ?
Jp
-
Jp,
Your search didn't turn up any other results? What you're trying to scan is just a prefetch. A prefetch basically just stores information about a .exe file to help it load faster. You need to do the search again and find the actual aolsoftware.exe file.
And to stop the smiley from showing up, you'll need to check Check this if you'll be adding code (or don't like similies). before posting.
Command: C:\Windows\aolsoftware.exe
We already know it's in his C:\Windows\ directory. Download Anti-virus / Anti-Spyware software and run it. That should get rid of it.
-Rock
Rock,
I believe he is quoting this info from a web site. What he posted is basically the exact same info on Bleeping Computer.
-
CBMatt,
[highlight]Rock,
I believe he is quoting this info from a web site. What he posted is basically the exact same info on Bleeping Computer. [/highlight]
Correct.
Search Results;
aolsoftware C:\Program Files\Common Files\...
LM_AOLsoftware C:\Program Files\Common Files\...
aolSoftwareStrings C:\Program Files\Common Files\...
Jp
-
aolsoftware C:\Program Files\Common Files\...
That's the one you want to scan.
-
CBMatt,
I pasted this to select file and pushed send, the following is what I got, . .What's it mean, please ?
0 bytes size received / Se ha recibido un archivo vacio
Jp
-
That means you didn't properly specify the location. You can't just copy "C:\Program Files\Common Files" because that's not the whole location. See the "..." at the end? That means there's more. Open up the search again and right click on aolsoftware.exe and go to Properties. You'll then want to copy the Location. I've attached a picture of what I'm talking about. See the blue highlighted line? You'll want to copy that WHOLE section (left-click at the beginning, hold down the button, and move your mouse to the right until you get to the end of the text...then copy it). However, that's only the folder that holds the file. After you paste that, you'll have to add \aolsoftware.exe to the very end of it. Then you can click on Send.
To make this easier...when you copy the Location, post it in this thread and I can show you what to do.
-
CBMatt,
Thanks Much, but I think there is no viruses found;
C:\Program Files\Common Files\AOL\1143471933\EE\aolsoftware.exe
STATUS: FINISHEDComplete scanning result of "aolsoftware.exe", received in VirusTotal at 03.13.2007, 06:28:16 (CET).
Antivirus Version Update Result
AntiVir 7.3.1.41 03.12.2007 no virus found
Authentium 4.93.8 03.13.2007 no virus found
Avast 4.7.936.0 03.12.2007 no virus found
AVG 7.5.0.447 03.12.2007 no virus found
BitDefender 7.2 03.13.2007 no virus found
CAT-QuickHeal 9.00 03.12.2007 no virus found
ClamAV devel-20060426 03.13.2007 no virus found
DrWeb 4.33 03.12.2007 no virus found
eSafe 7.0.14.0 03.12.2007 no virus found
eTrust-Vet 30.6.3473 03.13.2007 no virus found
Ewido 4.0 03.12.2007 no virus found
FileAdvisor 1 03.13.2007 no virus found
Fortinet 2.85.0.0 03.13.2007 no virus found
F-Prot 4.3.1.45 03.13.2007 no virus found
F-Secure 6.70.13030.0 03.13.2007 no virus found
Ikarus T3.1.1.3 03.12.2007 no virus found
Kaspersky 4.0.2.24 03.13.2007 no virus found
McAfee 4982 03.12.2007 no virus found
Microsoft 1.2306 03.13.2007 no virus found
NOD32v2 2110 03.12.2007 no virus found
Norman 5.80.02 03.12.2007 no virus found
Panda 9.0.0.4 03.12.2007 no virus found
Prevx1 V2 03.13.2007 no virus found
Sophos 4.15.0 03.12.2007 no virus found
Sunbelt 2.2.907.0 03.10.2007 no virus found
Symantec 10 03.13.2007 no virus found
TheHacker 6.1.6.074 03.12.2007 no virus found
UNA 1.83 03.12.2007 no virus found
VBA32 3.11.2 03.12.2007 no virus found
VirusBuster 4.3.19:9 03.12.2007 no virus found
Aditional Information
File size: 50736 bytes
MD5: c482c535cbfefe722ec1eb7f11f680a3
SHA1: 8fa6b9679b43df86947d5f3bd38d3f6ee48fc98 f
What ya think ?
Jp
-
There you go, you got it right this time. And according to the results and the location of your file, it looks legitimate. You can delete the file if you really want to, but it's totally harmless. I hope all of this puts your worries to rest.
-
CBMatt,
Thanks Man, I appreciate your time and efforts.
I do have another question in the same area, if you have the time, . .
While in Systems Configuration Utility,
I was attempting to disable Prevx1, I got a message box with;
Systems Configuration
An Access Denied error was returned while attempting to change a service. You may need to log
on using an Administrators account to make specified changes.
I am the administrator as far as I know, since I am the one and only user since the computer came out of the box.
I have two users on the log in page, I use one and the other has no user.
When the log on page appears after start up, I just go to my user name and click on.
What to do about the message box, since I probably will be disabeling some programs.
Jp
-
Unfortunately, that's a bit out of my range of knowledge. Although I've learned a lot in the last few months, I'm still learning. I would suggest making a new thread/topic for your question. It might go unnoticed in this current one.
-
As much as i hate trying to sell programs to people go to www.iolo.com and dlled the trial version of system mechanic 6 or 7 pro. They have a decent software remover in there that can also clean the registry of it. Try using that. Ive used it and its great. If you want more info on it go to CNET.com Id recommend trying to get a trial version of 6 first though because of the fact that 7 is still new and people are having problems with it.
-
A registry cleaner can be a dangerous tool...