SuzukiGSX1300R08
New Member
exec.exe. What is it and why does a box asking me for permission to let it run pop up every once in a while? I just got the comp today but now its annoying me.
Windows Vista and...
- Thread starter SuzukiGSX1300R08
- Start date
Are you enjoying the new "User Account Control" feature now seen in Vista? This can be simply unchecked since it will prompt for just about everything even when going to run a game or other program you have already installed onto the system. It acts more like a super firewall where you are constantly prompted to allow, deny, or close "anything" that you go to startup.
To disable the new security feature now included in Windows you simply go into the Control Panel and double click on the user accounts icon. Once that screen opens look at the bottom of the list of options for enabling or disabling the user control feature. In the following window you simply unchech the box that enables it.
To disable the new security feature now included in Windows you simply go into the Control Panel and double click on the user accounts icon. Once that screen opens look at the bottom of the list of options for enabling or disabling the user control feature. In the following window you simply unchech the box that enables it.
SuzukiGSX1300R08
New Member
What is EXEC.EXE? i was told it is a virus and i was also told its from net zero, which has never been on my computer. Could you help me out im going crazy cuz its brand new!
SuzukiGSX1300R08
New Member
Anybody?
You will want to read this blog for sure. The author ran into the same thing.
September 22, 2006
Did Windows Vista's most irritating feature save my butt?
Of all the new features in Windows Vista, few have drawn as much apprehension and scorn as the User Account Control. Designed to prevent malicious programs from taking action at the system level, it prompts users for permission to do things that wouldn't invoke a dialog box in earlier Windows versions.
I've not been a fan of it either . . . until today.
While working on my Vista-RC1-equipped home desktop this morning, my screen suddenly dimmed and a dialog box appeared. UAC was telling me that a program called exec.exe wanted to run. The dialog gave me several choices, including not to run it. I wasn unsure what this was, and I had not clicked on anything to launch a program, so I said no.
I then did a search on Google and discovered that exec.exe is one of two things: a component of the NetZero Internet-access service's software, or a part of the W32/Spybot-Z trojan.
Given that I've never installed NetZero on this machine, I have to presume that something was trying to install that trojan. Either that, or it was some kind of bizarre false-positive, which seems very unlikely.
I did a search on my PC for exec.exe and found nothing. A search on other computers on my network also came up empty, except for a reference to exec.exe in the form of a file in the Prefetch folder on another system. This was not the executable itself, mind you, but rather a .pf file, a kind of marker for programs that have been run in the past. But neither the registry nor the hard drive showed any evidence of that program ever having been in place, and antivirus and spyware scans came up clean, so I'm mystified.
I'll do more poking around later with some advanced tools.
But one thing I am happy about -- the enhanced security features in Windows Vista appear to have worked as advertised. http://blogs.chron.com/techblog/archives/2006/09/did_windows_vis.html
September 22, 2006
Did Windows Vista's most irritating feature save my butt?
Of all the new features in Windows Vista, few have drawn as much apprehension and scorn as the User Account Control. Designed to prevent malicious programs from taking action at the system level, it prompts users for permission to do things that wouldn't invoke a dialog box in earlier Windows versions.
I've not been a fan of it either . . . until today.
While working on my Vista-RC1-equipped home desktop this morning, my screen suddenly dimmed and a dialog box appeared. UAC was telling me that a program called exec.exe wanted to run. The dialog gave me several choices, including not to run it. I wasn unsure what this was, and I had not clicked on anything to launch a program, so I said no.
I then did a search on Google and discovered that exec.exe is one of two things: a component of the NetZero Internet-access service's software, or a part of the W32/Spybot-Z trojan.
Given that I've never installed NetZero on this machine, I have to presume that something was trying to install that trojan. Either that, or it was some kind of bizarre false-positive, which seems very unlikely.
I did a search on my PC for exec.exe and found nothing. A search on other computers on my network also came up empty, except for a reference to exec.exe in the form of a file in the Prefetch folder on another system. This was not the executable itself, mind you, but rather a .pf file, a kind of marker for programs that have been run in the past. But neither the registry nor the hard drive showed any evidence of that program ever having been in place, and antivirus and spyware scans came up clean, so I'm mystified.
I'll do more poking around later with some advanced tools.
But one thing I am happy about -- the enhanced security features in Windows Vista appear to have worked as advertised. http://blogs.chron.com/techblog/archives/2006/09/did_windows_vis.html
SuzukiGSX1300R08
New Member
ll right, well for anybody who comes across this issue also, i talked to dell and did some research along with reading that blog. If you have AIM or AOL its nothing to worry about and i guess microsoft is working for a fix for it. They still recommend not letting it run, but if you have no worries.
Another thing besides preventing it from running is that if it is a bug it was written mainly for XP/2000 not Vista. The finished product has only been out for a little over a month at this point even though beta versions came out in late Sept. 2006. One description for this is found at a software site as follows.
Description:
exec.exe is a process which is registered as W32/Spybot-Z Trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system. Please see additional details regarding this process.
Note: exec.exe could also be a process which belongs to the . This program is a non-essential process, but should not be terminated unless suspected to be causing problems.
Determining whether exec.exe is a virus or a legitimate Windows process depends on the directory location it executes or runs from in WinTasks. http://www.liutilities.com/products/wintaskspro/processlibrary/exec/
They offer a free system scan at the link there to see if that is a valid system process, software file for NetZero or some other ISP, or a trojan like the one described. 3spyware.com and other sites also have their own variations on this.
exec.exe definition, relationships, removal:
ask
exec.exe
This file can be related to ordinary applications and malwares. It can be a component of various backdoors, trojans and non-legitimate remote access utilities. It is recommended to use special security related software in order to remove exec.exe from the system or to leave it alone (in case, if it is a part of an ordinary program). File exec.exe is related to trojan Executor Trojan. File exec.exe is related to Executer 1. File exec.exe is related to Fictional Daemon 4.4.
http://www.2-spyware.com/file-exec-exe.html
Description:
exec.exe is a process which is registered as W32/Spybot-Z Trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system. Please see additional details regarding this process.
Note: exec.exe could also be a process which belongs to the . This program is a non-essential process, but should not be terminated unless suspected to be causing problems.
Determining whether exec.exe is a virus or a legitimate Windows process depends on the directory location it executes or runs from in WinTasks. http://www.liutilities.com/products/wintaskspro/processlibrary/exec/
They offer a free system scan at the link there to see if that is a valid system process, software file for NetZero or some other ISP, or a trojan like the one described. 3spyware.com and other sites also have their own variations on this.
exec.exe definition, relationships, removal:
ask exec.exe
This file can be related to ordinary applications and malwares. It can be a component of various backdoors, trojans and non-legitimate remote access utilities. It is recommended to use special security related software in order to remove exec.exe from the system or to leave it alone (in case, if it is a part of an ordinary program). File exec.exe is related to trojan Executor Trojan. File exec.exe is related to Executer 1. File exec.exe is related to Fictional Daemon 4.4.
http://www.2-spyware.com/file-exec-exe.html
SuzukiGSX1300R08
New Member
Hey everyone, im back. I uhh found this file path for the file. C:\users\CHRIST~1\AppData\Local\Temp\Exec.exe . I read somewhere the uppercased E is a virus and the lowercased E is nothing to worry about. Im running Mcafee and windows defender and i havent gone on any bad sites, and the only sites i have gone on are the ones i went on with my windows xp pc but i never got this on there. Any thoughts?
tlarkin
VIP Member
behold the power of google (or cheese)!
http://www.liutilities.com/products/wintaskspro/processlibrary/exec/
symantec says
http://sarc.com/avcenter/venc/data/pf/adware.affilred.html
http://www.liutilities.com/products/wintaskspro/processlibrary/exec/
symantec says
http://sarc.com/avcenter/venc/data/pf/adware.affilred.html
SuzukiGSX1300R08
New Member
See, i looked through my registry and under startup in msconfig and couldnt find it. No, i had it explained to me that the exec.exe that you found on symantec and the utilities website are Windows XP problems, but not vista issues. I am just wondering what it is, dell says its a compatability issue with AOL or AIM but if so, then why do i get the message randomly?
The advice given across the board on this is not to allow this to run. With the file still on the system something is still trying to run it. Are you using one of the AOL, AIM, or Netzero services? If you caught a trojan meant for XP it is simply failing to worm itself around while still trying due to Vista's newer security features. The following would be advised for XP and 2003 but not Vista. You will have to manually locate and remove it if you are not running any of the services mentioned here.
This section tells you how to remove the threat.
Please follow the instructions for removing worms.
Windows NT/2000/XP/2003
In Windows NT/2000/XP/2003 you will also need to edit the following registry entries. The removal of these entries is optional in Windows 95/98/Me. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
eth0 driver = exec.exe
and delete it if it exists.
Each user has a registry area named HKEY_USERS\[code number indicating user]\. For each user locate the entry:
HKU\[code number]\Software\Microsoft\Windows\CurrentVersion\RunOnce\
eth0 driver = exec.exe
and delete it if it exists. Close the registry editor and reboot your computer.
|
http://www.sophos.com/security/analyses/w32spybotz.html
This section tells you how to remove the threat.
Please follow the instructions for removing worms.
Windows NT/2000/XP/2003
In Windows NT/2000/XP/2003 you will also need to edit the following registry entries. The removal of these entries is optional in Windows 95/98/Me. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
eth0 driver = exec.exe
and delete it if it exists.
Each user has a registry area named HKEY_USERS\[code number indicating user]\. For each user locate the entry:
HKU\[code number]\Software\Microsoft\Windows\CurrentVersion\RunOnce\
eth0 driver = exec.exe
and delete it if it exists. Close the registry editor and reboot your computer.
|
http://www.sophos.com/security/analyses/w32spybotz.htmlSuzukiGSX1300R08
New Member
Yes, i am using AIM but i have gotten this prompt less than 10 times in the last 2 days, probably around 6 or 7 times total. Well, thanks for the help, i have been looking in the registry but havent found it, i dont think its in there, it seems to reside in the temp folder of my user name. STUPID VISTA lol.