Are these dangerous?

  • Thread starter Thread starter David
  • Start date Start date
D

David

Running W2K and found two items I'm unsure about.
First is 'internat' located in
HKCU\SOFTWARE\Miscrosoft\Windows\CurrentVersion\Run and
command is 'internat.exe'
Second is 'NvCpl' located in
HKLM\SOFTWARE\Miscrosoft\Windows\CurrentVersion\Run and
command is 'RUNDLL32.EXE C:WI....'
Grateful for any help
David
 
David wrote,
in post news:[email protected] :
Running W2K and found two items I'm unsure about.
First is 'internat' located in
HKCU\SOFTWARE\Miscrosoft\Windows\CurrentVersion\Run and
command is 'internat.exe'
Second is 'NvCpl' located in
HKLM\SOFTWARE\Miscrosoft\Windows\CurrentVersion\Run and
command is 'RUNDLL32.EXE C:WI....'
Grateful for any help
David
Click to expand...


Bill gave you the links I was going to give. Are you bilingual and have
any bilingual related software that you use? Anyway, read the links
and you'll see what I'm referring to. The NvCpl is definitely a worm.
The 'internat' I'm not sure about. Tough one. Good luck...
PZ
-
 
Roel said:
I thought NvCpl was something from NVidia?
Click to expand...

Yes, also thougt that. but we cant see from start message
it it is NvCpl.dll or NvCpl.exe. .exe i malicious.

RUN string on my XP machine, nvidia

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

NVIDIA Compatible Windows 2000 Display driver, Version 66.93

--
 
It just isn't clear, and may not be even with precise filenames given--files
are easily renamed, names sound/look alike, etc. Same named file in one
location is bad, in another location it's legitimate.

As Mark says, you can disable everything in the Run statement and not
disable the OS, so it won't hurt to use, say MSCONFIG, or Microsoft
Antispyware's System Explorers to do that while you check the files out
further.

You can also use the Advanced File Analyzer to check out further information
about a given file--and also to compare that file to a known good file.
 
Back
Top