unknown file...

  • Thread starter Thread starter RxK
  • Start date Start date
R

RxK

Any idea what this file is ?
C:\hdfjawja.sys
hrs flags are on.
Gogl comes up blank.
Virustotal reports nothing unusual.

...can't find my darned hex editor to see what's in it...

TIA

regards, Richard
 
Why do you ask, Richard?

What anti-virus application or security suite is installed? What
anti-spyware applications (other than Defender)? What third-party firewall
(if any)?
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


RxK wrote:
> Any idea what this file is ?
> C:\hdfjawja.sys
> hrs flags are on.
> Gogl comes up blank.
> Virustotal reports nothing unusual.
>
> ..can't find my darned hex editor to see what's in it...
>
> TIA
>
> regards, Richard
 
http://tinyurl.com/4zvcq5



--

db·´¯`·...¸><)))º>

"RxK" <nospam@hotmail.com> wrote in message
news:e0oplMPnIHA.4536@TK2MSFTNGP06.phx.gbl...
> Any idea what this file is ?
> C:\hdfjawja.sys
> hrs flags are on.
> Gogl comes up blank.
> Virustotal reports nothing unusual.
>
> ..can't find my darned hex editor to see what's in it...
>
> TIA
>
> regards, Richard
>
>
>
 
....can anyone recommend a malware free hex-editor download, ...mine seems to
have vansiehd into thin air !

TIA

regards, Richard


"RxK" <nospam@hotmail.com> wrote in message
news:e0oplMPnIHA.4536@TK2MSFTNGP06.phx.gbl...
> Any idea what this file is ?
> C:\hdfjawja.sys
> hrs flags are on.
> Gogl comes up blank.
> Virustotal reports nothing unusual.
>
> ..can't find my darned hex editor to see what's in it...
>
> TIA
>
> regards, Richard
>
>
>
 
BiiiiIIIIIIIIg thanks Pegasus, am much obliged :-)
.....I recognised it {..by desktop icon } ...straight aways when I
right-clicked the XVI32.exe file "Send to Desktop | Create Shortcut,"
....that's the hex editor I'd used for ages, ...well older version I suppose,
.....the I used to have - and couldn't find - how perceptive of you !

regards, Richard


"Pegasus (MVP)" <I.can@fly.com.oz> wrote in message
news:OFhQA5SnIHA.4684@TK2MSFTNGP06.phx.gbl...
>
> "RxK" <nospam@hotmail.com> wrote in message
> news:uDzKWTPnIHA.3572@TK2MSFTNGP02.phx.gbl...
>> ...can anyone recommend a malware free hex-editor download, ...mine seems
>> to have vansiehd into thin air !
>>
>> TIA
>>
>
> http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm
>
 
RxK wrote:
> Any idea what this file is ?
> C:\hdfjawja.sys
> hrs flags are on.
> Gogl comes up blank.
> Virustotal reports nothing unusual.
>
> ..can't find my darned hex editor to see what's in it...
>
> TIA
>
> regards, Richard

I submitted a file to virus total and came up blank as well, a week later I
resubmitted it and got several hits, something new needs time to be
discovered, try it again.

--
Mike Pawlak
 
....after more time on this hdfjawja.sys file,
http://www.all-nettools.com/forum/archive/index.php/t-242.html
....seems to have one with a similar filename - the contents of the file seem
to be several strings like:-
!ATYN1FZMH4DPG3QSBU81LSO6AD0CRMF3ZTJE4VHK*

I'm wondering if it's something to do with PerfectDisk.

....regards, Richard



"RxK" <nospam@hotmail.com> wrote in message
news:e0oplMPnIHA.4536@TK2MSFTNGP06.phx.gbl...
> Any idea what this file is ?
> C:\hdfjawja.sys
> hrs flags are on.
> Gogl comes up blank.
> Virustotal reports nothing unusual.
>
> ..can't find my darned hex editor to see what's in it...
>
> TIA
>
> regards, Richard
>
>
>
 
....after a bit more research, I'll be keeping a closer eye on BCwipe, when I
use it, I think it's this program that drops a *sys file into my boot-drive
root-directory !

regards, Richard


"RxK" <nospam@hotmail.com> wrote in message
news:OzuLicwnIHA.1204@TK2MSFTNGP03.phx.gbl...
> ...after more time on this hdfjawja.sys file,
> http://www.all-nettools.com/forum/archive/index.php/t-242.html
> ...seems to have one with a similar filename - the contents of the file
> seem to be several strings like:-
> !ATYN1FZMH4DPG3QSBU81LSO6AD0CRMF3ZTJE4VHK*
>
> I'm wondering if it's something to do with PerfectDisk.
>
> ...regards, Richard
>
>
>
> "RxK" <nospam@hotmail.com> wrote in message
> news:e0oplMPnIHA.4536@TK2MSFTNGP06.phx.gbl...
>> Any idea what this file is ?
>> C:\hdfjawja.sys
>> hrs flags are on.
>> Gogl comes up blank.
>> Virustotal reports nothing unusual.
>>
>> ..can't find my darned hex editor to see what's in it...
>>
>> TIA
>>
>> regards, Richard
>>
>>
>>
>
>
 
I'd start from decompiler rather then from hex editor. IDA Pro is an
excellent utility. If you have to chance to get it, you can at least use
Depends Walker to see the import table of driver to analyze in general what
it does.

--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.
"RxK" <nospam@hotmail.com> wrote in message
news:ehCnJyXnIHA.5208@TK2MSFTNGP04.phx.gbl...
> BiiiiIIIIIIIIg thanks Pegasus, am much obliged :-)
> ....I recognised it {..by desktop icon } ...straight aways when I
> right-clicked the XVI32.exe file "Send to Desktop | Create Shortcut,"
> ...that's the hex editor I'd used for ages, ...well older version I
> suppose, ....the I used to have - and couldn't find - how perceptive of
> you !
>
> regards, Richard
>
>
> "Pegasus (MVP)" <I.can@fly.com.oz> wrote in message
> news:OFhQA5SnIHA.4684@TK2MSFTNGP06.phx.gbl...
>>
>> "RxK" <nospam@hotmail.com> wrote in message
>> news:uDzKWTPnIHA.3572@TK2MSFTNGP02.phx.gbl...
>>> ...can anyone recommend a malware free hex-editor download, ...mine
>>> seems to have vansiehd into thin air !
>>>
>>> TIA
>>>
>>
>> http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm
>>
>
>
 
Back
Top