Jump to content


Photo

explore untrusted revisited


  • Please log in to reply
2 replies to this topic

#1 leobolfac

leobolfac

    Active Member

  • Active Members
  • 13 posts

Posted 28 March 2012 - 11:31 PM

today seeing same thing ref msg posted 02mar. early this morning I rebooted XP all was running well. my wife was home today and I assume she used the XP (she's not here at moment), I returned to find dw reporting that \windows\explorer.exe was untrusted. it appeared that EAM 6.0 was disabled or off and the mouse was not working properly. I think I saved the log or part of the log before I rebooted, and if you need more info, I can look for it. No way my wife did this on purpose, but I'm clueless what she does to make this happen. log text follows. Only thing I know, is that she was most likely using an old copy of MS Money. Security-wise also running AppGuard <lockdown>. I run XP with this config all the time and I never see a hiccup like this.
***
DefenseWall log file

03.28.2012 17:41:20, module C:\WINDOWS\explorer.exe, Attempt to open process C:\Program Files\DefenseWall\defensewall.exe (Process)

03.28.2012 17:41:17, module C:\WINDOWS\explorer.exe, Attempt to open process C:\WINDOWS\system32\ctfmon.exe (Process)

03.28.2012 17:41:15, module C:\WINDOWS\explorer.exe, Attempt to open process C:\WINDOWS\system32\ctfmon.exe (Process)

03.28.2012 17:41:16, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Shatter)

03.28.2012 17:41:16, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Shatter)

03.28.2012 17:41:16, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Shatter)

03.28.2012 17:41:16, module C:\WINDOWS\explorer.exe, Attempt to send message 125E into the window of the process C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardGUI.exe (Shatter)

03.28.2012 17:41:16, module C:\WINDOWS\explorer.exe, Attempt to send message 125E into the window of the process C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardGUI.exe (Shatter)

03.28.2012 17:41:16, module C:\WINDOWS\explorer.exe, Attempt to send message 125E into the window of the process C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardGUI.exe (Shatter)

03.28.2012 17:41:16, module C:\WINDOWS\explorer.exe, Attempt to send message 125E into the window of the process C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardGUI.exe (Shatter)

03.28.2012 17:41:12, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:13, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:13, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:13, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:13, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:13, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:13, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:13, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:13, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:13, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:13, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:13, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:13, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:13, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:13, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:10, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:10, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:10, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:10, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:11, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:12, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:12, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:12, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:12, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:12, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:12, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:08, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:08, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:08, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:08, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:08, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:08, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:08, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:09, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:09, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:09, module C:\WINDOWS\explorer.exe, Attempt to send message 466 into the window of the process C:\Program Files\V\v.exe (Shatter)

03.28.2012 17:41:05, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:05, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:05, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:06, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\vws\VWSaprs.exe (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:03, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:04, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:04, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:04, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:04, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:04, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:04, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:04, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:04, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:04, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:04, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)

03.28.2012 17:41:04, module C:\WINDOWS\explorer.exe, Attempt to send message 401 into the window of the process C:\Program Files\Microsoft Money\System\REMINDER.EXE (Shatter)



#2 leobolfac

leobolfac

    Active Member

  • Active Members
  • 13 posts

Posted 29 March 2012 - 02:00 PM

update to last. I spoke with my wife. she was using both usb flash drive and a CD, so I suspect they somehow caused explorer to become untrusted, although I have not been able to duplicate it using her flash drives or CD? Those devices are scanned and have no suspicious files. Using the usb flash, I opened a MSWord file and it appeared that Word opened as trusted even though all the files from the flash should be considered untrusted, or Word in its banner did not say "untrusted" but I did not have the chance last osenight to dig more deeply into it & the usb drives are not here now. I did open the CD this morning, and it ran untrusted as expected and no side effects seen. I just used one of my usb flash drives and opened a pdf file and the pdf read opened untrusted as expected so still not obvious what my wife did to have dw determine that explorer was untrusted and basically crash the system.

#3 Ilya Rabinovich

Ilya Rabinovich

    - DefenseWall -

  • SoftSphere Technologies
  • 4,954 posts

Posted 29 March 2012 - 04:26 PM

Weird. Check with Task Manager, how many explorer.exe processes do you have running at your system.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users