Feedback
Skip to content

Why donate?

Which type of operating system are you running?



31 March 2009

Malware or legitimate?

Are you struggling to figure out if a file listed in FreeFixer's File Database is malware or a legitimate file that you want to keep on your computer? Hopefully this guide will help you:

Comparing two files, side by side

Let's look at firefox.exe, which is a legitimate file, and compare it to olhrwef.exe which is malware. These two files are great candidates for typical legitimate and malware behaviour:

firefox.exe

firefox.exe was added to FreeFixer's database on the 30 Mar 2009. The most recent search for this file was done on 30 Mar 2009. firefox.exe is located in the 'C:\Program Files\Mozilla Firefox\' folder and has a size of 307704 bytes.

So far there has been 2 searches for firefox.exe.

olhrwef.exe

olhrwef.exe was added to FreeFixer's database on the 13 Mar 2009. The most recent search for this file was done on 13 Mar 2009. olhrwef.exe is located in the 'C:\WINDOWS\system32\' folder and has a size of 106199 bytes.

So far there has been 1 search for olhrwef.exe.

File names and folder information is what appears on top for each file in the file database. Legitimate software developers give their files meaningful names that users recognize, while many malware programs use names that seems to be a number of randomized letters. Malware use this technique to avoid detection based on filenames. Legitimate programs are in most cases installed under 'C:\Program Files\', while malware has a tendency to end up in the Windows system directory 'C:\WINDOWS\system32\'. Please keep in might that there is nothing that prevent a malware author from giving their files meaningful names, or even the same name as another legitimate file.

Now, let's have a look at the version information for firefox.exe and olhrwef.exe:

Vendor and version information

The following is the available information for firefox.exe:

PropertyValue
Product nameFirefox
Company nameMozilla Corporation
File descriptionFirefox
Internal nameFirefox
Original filenamefirefox.exe
Legal copyright©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.
Legal trademarkFirefox is a Trademark of The Mozilla Foundation.
Product version3.0.8
File version1.9.0.8

Vendor and version information

This file does not have any version or vendor information.

The vast majority of legitimate software developers take the time to fill in the version and vendor data for each file in their product, which the developers of Firefox have done. Version information is missing for olhrwef.exe, which I would say is typical malware behaviour. But keep in mind that there is nothing that stops a malware author from adding version information that seems legitimate. Also keep in mind that there are a few cases where legitimate software is missing version information.

Digital signatures

This file has a valid digital signature.

PropertyValue
Signer nameMozilla Corporation
Certificate issuer nameThawte Code Signing CA
Certificate serial number1ee2bfb90ae659c80cb7ea4c606ff03e

Digital signatures

This file is not signed.

The digital signature is a great tool for determining if a file is legitimate. Nowadays many of the big software publishers, such as Microsoft, Adobe and Google are signing their files. firefox.exe has a valid digital signature, which means that firefox.exe files comes from the company/person listed as "Signer name", in this case the Mozilla Corporation. A valid digital signature also implies that no one has manipulated the file in any way. The absence of a digital signature does however not imply that the file is malicious. Many small scale software developers, like myself, does not yet sign files.

Now you should have a pretty good idea if the file on your computer is legitimate of malware, but there is more you can do:

Using the online virus scanners

There are a few great free online services that will scan suspicious files. I highly recommend using these online scanners to further investigate the files on your computer. These scanners will run the file through a big number of anti-virus engines:

Well, now you have loads of information to determine if that file on your computer is malware or legitimate. Me and all other FreeFixer users would greatly appreciate if you share your findings by posting comments or voting on the thumb up icon keep / thumb down icon remove polls for each file you investigate. Thank you!

Comments

Craig Barbre writes

68 thumbs

I found your web site very informative and much easier to understand than other sites,it is also straight forward and to the point. thanks I WILL recommend it to others in need. thanks again Craig

# 26 May 2009, 4:07

Roger Karlsson writes

17 thumbs

@Craig Thank you!

# 27 May 2009, 2:12

Lance writes

1 thumb

Hi i need to download keenfinder.exe because every time i open my computer an error box appears saying keenfinder.exe not found. Please help me to fix this. Thanks

# 6 Jun 2009, 7:01

stacie writes

9 thumbs

Thank this was very helpful.

# 18 Jun 2009, 21:58

Roger Karlsson writes

3 thumbs

@Lance: Keenfinder.exe is a program that redirects you to keenfinder.com if you type in a search in the browser's address bar. Keenfinder is sometimes referred to as Adware.Onestep.

More information on Keenfinder.exe is available here:

http://www.freefixer.com/library/file/30422/

# 1 Jul 2009, 1:21

Jim Vermillion writes

17 thumbs

Thank you for the labor of love that you have invested in this very informative, clear and understandable site. You answered my need. I am very grateful.

I live only by the grace of GOD in His Beloved Son JESUS who came into the world to save sinners, even tjhe worst. Praise be to HIM forever.

Jim Vermillion

# 5 Aug 2009, 11:54

Helen Long writes

4 thumbs

THANKS for your helpful website! I'm not sure about a file named ld12 that just began appearing as an error as I was shutting down my pc yesterday, and again this a.m., after an Avast antivirus update was installed. The error made me wonder what this file (new to me) was for so searched Google and found your review. I deleted it and now hope it isn't one I may need somewhere. Does anyone have info on it, or suggestions of where else to look?

# 19 Aug 2009, 8:21

Chiku writes

Show comment -6 thumbs

Holly Stallings writes

6 thumbs

Your website gets 5 *'s from me. I can actually understand what your talking about. This is going on my favorites list. I would put it in my google bookmarks, but for some reason my booksmarks and my form filler disappear everytime I download the google toolbar. I even made google my homepage, but those two things are gone.

# 29 Aug 2009, 16:19

Pchopat writes

2 thumbs

Hello folks and thanks to the person who brought that information to all of us. Here is my question. I am using Webroot spy sweeper for cleaning viruses and other harmful n suspicous files. So far i am so happy about the work of that small and not that famous anti-viruses program. However recently i don't know how but i catch on my pc an adware which pops up so many different advertisments which kill the speed of my pc. So when i ran the program it finds that adware but when i put in quaranteen i still receive those pops up advertisments. Hope you can give me some advices which program will it help me because i have tried the famous anti-viruses programs and i end with the conclusion that there is no any anti-viruses program which can find all of the harmful files and viruses.

Thanks for you help and advices

# 29 Aug 2009, 16:43

manawizard writes

3 thumbs

Pchopat

try http://www.malwarebytes.org

hope this helps your situation.

# 29 Aug 2009, 17:57

Shawinds writes

0 thumbs

Your wonderful site has now been bookmarked...wonderful clear information that actually answers my questions..Refreshing!! Thanks

# 1 Sep 2009, 5:06

Roger Karlsson writes

1 thumb

@Pchopat: You can also give FreeFixer a try. It scans many locations where unwanted software has a known record of appearing or leaving traces. More info here:

http://www.freefixer.com/

# 1 Sep 2009, 9:38

Åsa Möller writes

-1 thumb

En bra sida och jag hoppas att jag har fått hjälp.

# 19 Oct 2009, 8:35

jim writes

2 thumbs

seems pretty good so far i will test it further. also good is old macdonalds farm auto eater and spybot search and destroy both free programs ... the auto eater stops the malware from executing .. spybot is not good at removing all malware

# 7 Nov 2009, 18:16

Mahesh writes

-1 thumb

i am having the error of MSVMCLS64.exe what is this and why do it occur?

having problem.

thanks

# 10 Dec 2009, 2:41

Roger Karlsson writes

0 thumbs

@Mahesh: msvmcls64.exe looks like malware to me. What does the error message say? Please post here:

http://www.freefixer.com/library/file/46046/

# 10 Dec 2009, 3:07

Jonas writes

-1 thumb

is yahooservice.AU a virus? or will it Block me from going in my E-mail if I block access?

# 14 Dec 2009, 2:28

Jackson writes

0 thumbs

My virus software has told me that I have an infected file c:\windows/system32/sshnas.dll. I cannot find this file anywhere. Is it a legitimate file that is infected or a malware file?

# 20 Dec 2009, 14:45

Roger Karlsson writes

1 thumb

@jackson: sshnas.dll is a malware file. You can find more info about it here:
http://www.freefixer.com/library/file/45164/

# 20 Dec 2009, 19:37

Brian Van Hoose writes

3 thumbs

I just happened to be cleaning out my Temp folder when I came across several files that I didn't recognize. This site provided information on the files in question in a way that was clear. I was able to feel comfortable with my decision to delete the files.

Thanks for providing this service.

# 18 Feb 2010, 12:14

Scott Lamb writes

1 thumb

I appreciate your page on legetimate vs malware, and I did learn a few things, but I am still stuck with the same question-to remove sfc_os.dll or not. My Mcafee calls it possibly unwanted- possible password stealer. but the last time I removed a dll file, I killed my C drive. FREAKIN'OUT!

# 22 Mar 2010, 15:03

Roger Karlsson writes

1 thumb

@Scott: If McAfee is reporting sfc_os.dll as malware, it's probably right. But in rare cases there can be false positives (legitimate files being reported as malware) so it's always a good idea to upload it to one of the multi-scanner sites such as http://www.virustotal.com and get a scan report there.

# 23 Mar 2010, 2:09

Scott Lamb writes

1 thumb

To Roger Karlsson, thank you very much for your reply. I will give that a try. I really appreciate it. Thanks.

# 23 Mar 2010, 17:27

audrey v. writes

-2 thumbs

I get a Fatal Execusion Engine Error (Ox7927f26e)as soon as I turn my comp. on. How do I get rid of this?

# 27 Mar 2010, 13:05

Scott Lamb writes

1 thumb

To Roger Karlsson, hi, I took your advice and uploaded 2 suspect files to virus total, and I recieved the following 1)W32/Patched.F!tr and 2)Disabled system File Check DLL. I don't know what they mean, but I don't think it sounds very good. Any ideas- Please. Thanks.

# 29 Mar 2010, 13:10

Roger Karlsson writes

0 thumbs

@Scott: Please post the links to the scan results at virustotal.com and I'll have a look at it.

# 30 Mar 2010, 5:29

Scott Lamb writes

0 thumbs

To Roger Karlsson: I don't mean to waist your time with stupid questions, but I recieved an email with the results from virus total, I don't know what you mean by the links?
Sorry, but thanks.(I'm not very computer-savvy).

# 31 Mar 2010, 8:28

jerry writes

-1 thumb

thanks for a great friendly site. i just got 'Security Tool' virus in my machine and believe me it is a very unwelcome visitor and extremely difficult to get rid of.

# 7 Apr 2010, 6:04

Dan writes

0 thumbs

I'm getting a Missing library file notice for "cryptscruntime.dll" every time I boot my Win7 machine. This file was deleted by my CalmWin antivirus since it was flagged as a threat. Any ideas?

# 7 Apr 2010, 6:32

Jenny writes

0 thumbs

I keep getting a warning message that tells me that ie3sh application has stopped working, what is this?

# 9 Apr 2010, 8:12

Richard Sweet writes

1 thumb

Hi Roger, I am wrestling with a virus problem at the moment and just found your site. It looks like a breath of fresh air to me - straightforward and accessible to us non-techies.
Will report how I get on! Rick

# 9 Apr 2010, 19:44

Monaco writes

3 thumbs

ROGER !!! You are a GOD SEND !! This is the best site I have come across in regard to viruses,ad/spyware,and detailed PC trouble shooting. You are AMAZING !! You explain the info so concisely and clearly that even a Caveman can do it !!! Ha Ha!!
Thank you for all your hard work in keeping this site available. I will be donating in the future....( need to wait for next paycheck...)
With Much Appreciation,
MARY*

PS: I am sending this site to all my friends!!

# 2 May 2010, 10:59

Chung writes

-1 thumb

Thank you very much!

# 9 May 2010, 9:22

Cuong writes

1 thumb

It's very useful. Thank you very much!

# 28 Jun 2010, 3:03

Vikas writes

0 thumbs

when i start my pc, a text-box appear inwhich it is written that DLL run as an app,windows has some problems with it. Plz, tell me about this problem.Another problem is that my pc does not eject the pendrive. when i tried to eject the pen drive, it always said that it is used by another program

# 14 Jan 2011, 7:41

holveck writes

0 thumbs

bonjour j'ai un disfonctionnement dans windows microsoft
il me marque OUCore.exe windows a trouvé un problème mais ne me donne pas de réponse pour le réparer merci pour votre aide je ne suis pas une spécialiste en informatique

# 6 Feb 2011, 3:56

Margie writes

1 thumb

Hey, Free Fixer, where do I send my donation? Your website is awesome. Thanks and keep up the great work.

# 20 Mar 2011, 9:08

Brandi Johnston writes

1 thumb

thank you verymuch for ALL your info, it was so very helpful, easy to read & understand. I will definately tell everyone!

# 21 May 2011, 14:50

Robb writes

0 thumbs

Great Site! Thanks! Now, can you tell me what happened to Post-it Pal?

# 20 Sep 2011, 3:32

Carlos writes

0 thumbs

Congratulations on such an interesting website. My apologies in advance for my total ignorance on the issue of adware, malware, spyware and all those critters planted on the web. The answers offered here seem a bit ambiguous to the point that leaves me with the enormous question of what to do. Scott's case is the same I have: sfc_os.dll. The last time I ventured to delete files suggested by a review of Hijack Emsisoft cost me to reinstall the operating system and some days not dedicate to my work..

If you could be so kind and tell me exactly what I do based on the VirusTotal report here the link:

http://www.virustotal.com/file-scan/report.html?id=d55f4984bd5c619fa1af495f03577d60029968aec56b94ae185722262a0cc8de-1316840198

For the attention you kindly give to my request, I am very grateful

# 23 Sep 2011, 23:16

Roger Karlsson writes

2 thumbs

@Carlos: Sounds like sfc_os.dll has been patched to allow modifications of other system files. Please try Microsoft's System File Checker tool. It verifies the integrity of your system files and if it finds any modified system files it will ask you to replaced them with a clean copy from your installation media.

You can start the system file checker by
1. Windows button + R
2. Type in "sfc /scannow" without the quotes. Press Enter.

Did that solve the problem?

# 3 Oct 2011, 2:14

chris writes

0 thumbs

I agree with the fact that this is very understandable haven't tried any suggestions yet will let you know

# 11 Oct 2011, 8:26

Michelle writes

-1 thumb

Hello Roger,

I have registry errors on my mother's laptop that I am trying to correct. My sister told me of a legitimate virus protection site to download a free trial, Kaspersky, but while downloading their virus scanning system, I received this message: 9798428.exe - Unable To Locate Component This application has failed to start, because FLTLIB.DLL was not found. Re-installing the application may fix this problem. Please help I borrowed my mother's computer and would like to fix this for her. I need help as I have spent almost 1-week trying to fix this issue. One omitted registry or defect sends me from one place to another, and I have absolutely NO idea, if these sites are legitimate! I believed this computer got these registry errors that have corrupted the harddrive when the old Norton protection expired, and these problems will not let me download any protection. And Firefox keeps sending me messages that it keeps crashing. Can you help me fix this re-installation problem, so that I can download protection. I've gone to microsoft downloads, but things can get complex. I have found www.DLL-files.com, but when I tried to download I rcv'd a message of its legitimacy. I sincerely NEED to fix this to help run my business, until I receive my own computer.

Sincerely,
Need Sleep (Help!)

# 4 Feb 2012, 23:42

Roger Karlsson writes

0 thumbs

@Michelle: FLTLIB.DLL is a system file that comes with Windows. For some reason it seems to be missing on your mother's computer. Generally I think it is a bad idea to download missing DLLs from other parties than Microsoft, since it is difficult to known if you get a legitimate file and that you get the correct version of the DLL for your operating system.

Instead I recommend you to try Microsoft's System File Checker tool. It verifies the integrity of your system files and if it finds any modified or missing system files it will ask you to replaced them with a clean copy from your installation media.

You can start the system file checker by
1. Windows button + R
2. Type in "sfc /scannow" without the quotes. Press Enter.

You can also start the Microsoft System File Checker from FreeFixer from the Tools tab.

Did that solve the problem of the missing FLTLIB.DLL file?

# 7 Feb 2012, 23:28

christina montuori writes

0 thumbs

Hej Roger,
Jag har inte kollat min pc (malware!)med "freefixer.com" annu. Men jag har STORA forhoppningar, att jag kan fixa pc fran att "boot" upp sa langsamt!
To be continued!

# 1 Apr 2012, 12:47

raymond writes

1 thumb

i have a 64bit dell running vista .. my flash player crashed and i can't find a compatable one to replace it .. any ideas?

# 30 Apr 2012, 15:37

Ben writes

0 thumbs

It was easy to understand, as I am about as unknowledgeable about this type of thing as a cat!
I ran it, but I never did find anything about the "LxrAutorun" that appeared on my PC....however I'll keep trying.
I am thankful for people as yourself who care about others and try to help. Ben

# 6 Oct 2012, 11:29

Paul Graham writes

1 thumb

HI: I have been researching this DTUPDATE.EXE and so far nobody knows anything? Thats pretty amazing? So, I guess I'll try AVG as my firewall alert window asks me to confirm it but only because its not in my list of safe networks? Well if you can't help with that, maybe you can try telling me, why do I "Frequently get a popup window to download I.E.8, when in my list of software programs I am using I.E.8? Why is I.E. server always telling me I'm not running it already? NOW, that really is weird. Thank you and I hope you'll help.

# 10 Oct 2012, 14:43

Roger Karlsson writes

0 thumbs

@Paul: I've posted some info on the DTUPDATE.EXE file here:
http://www.freefixer.com/library/file/80076/#comment4389

Hope this answered your questions about DTUPDATE.EXE.

Regarding Internet Explorer 8.0 and the pop-up, I found the following support thread over at Microsoft where a user got the same problem:

http://answers.microsoft.com/en-us/ie/forum/ie8-windows_other/internet-explorer-8-popup/f7507a62-a33b-4835-bab6-62d53e4b3d8a

Did the steps outlined there solved the pop-up problem?

# 11 Oct 2012, 4:28

Hans F. Milo writes

2 thumbs

Windows File Protection wants the Windows Professional CD. This is a used computer that was not accompanied by any CDs. I'm trying to follow your suggestion to run sfc /scannow, but I cannot exit the program and I do not have any CDs to give it. I have to unplug the computer to get out of it. All because I downloaded Firefox. I got the DATAMN~I.EXE after I left the computer on overnight, the first time after getting Firefox. I always leave it on...

# 24 Oct 2012, 9:46

STEVE A. writes

-2 thumbs

THANKS FOR THE INFO ON THE FILE YOUR SCANNERS WERE VERY HELPFULL IN MAKING ME FEEL BETTER THAT THIS FILE WASN'T MALWARE. AGAIN THINK YOU.

# 23 Jan 2013, 0:47

David Gillespie writes

0 thumbs

Roger,
The file "C: Program Files (x86) OApps\SelectionLink dll." is missing. DoI need to replace it? If so how?

Thank you
Gus

# 12 Jun 2013, 15:55

Roger Karlsson writes

0 thumbs

@David: I think SelectionLinks.dll is some sort of adware that shows ads, probably in your web browser. SelectionLinks is typically bundled with other software, such as when downloading software from CNET's Download.com.

If I had SelectionLinks on my computer I would uninstall it.

# 13 Jun 2013, 1:14

Fouad Aldany writes

0 thumbs

certificate details: Not reachable.
To me it is Malware, until proves otherwise.

# 12 Nov 2013, 14:34

Leslie Isgrigg writes

0 thumbs

Most interesting, thanks

# 16 Nov 2013, 7:56

max kellerman writes

0 thumbs

My PC ist invaded by DO SEARCHES. Have erased Mozilla Firefox and Google Chrome.In Internet explorer I was unsuccessful...I can not get rid,you can erase it but it will come up again ! I am searching for HELP.

# 19 Nov 2013, 16:03

ulrich krauskopf writes

1 thumb

i was more looking for an answer explaining how widevinecdmadapter.dll was loaded onto my computer without my permission

# 26 Nov 2013, 12:26

Morris Fox writes

0 thumbs

When I log on I get this error message:
Windows is missing file
C:\Users\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
Is this file necessary? If so how do I load it?
Thanks for your help, Morris Fox

# 29 Nov 2013, 9:49

Zolushka Roussel writes

-1 thumb

REF: S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433

File version: 16.4.4406.1205

Microsoft.windowscommunicationsapps_16.4.4406.1205_x64_8wekyb328bbwe

Shared: bici.dll, bici.xml

Feature: "DynamicConfiguration"
Replicator (https://g.live.com/lrecfg/md?!/~Live.ConfigServer.ModernMetadata

In SECURITY this is shown as UNKNOWN APPLICATION. However it appears impossible to delete it.

My NETWORK SECURITY MAP (Norton 360) keeps showing unknown computers - all unknown. Most IPs appear to be Virgin Media customers but two regular are 'unidentified protected networks' with IP info totally untraceable.

Norton 360 is not identifying any problem but the version handling the virus protection and scans is not the version I purchased.

Could my SYSTEM have been hijacked? Any ideas as to what I should do. Thank you for any help.

Zolushka

# 24 Dec 2013, 3:42

Thomas writes

0 thumbs

some junk from microsoft is junk and makes my mechine crash or over work system(spy ware)can't stand the madness

# 6 Feb 2014, 13:03

Steve writes

0 thumbs

I love this site. I'm telling everyone I know about it.

*Actually I am searching for answers to two problems. The first being an error I receive stating a problem starting backgound container.dll. It is related to "Conduit" which I am not familiar with. How can I get rid of this error?

My 2nd question is related to my screen. The left half has a normal appearance, brightness, etc., but the right half is shaded and although you can still read text, etc it puzzles me as to whether this is a hardware issue or if I have a virus which is causing it. When I hook to external monitor, the problem goes away. Please help if you can.

# 6 Mar 2014, 19:08

Roger Karlsson writes

-1 thumb

@Steve & @Morris: Here's a blog post and a video on how to remove the backgroundcontainer.dll RunDll error:

http://www.freefixer.com/b/rundll-backgroundcontainer-dll-error-startup-conduit/
https://www.youtube.com/watch?v=4f5tMZ1JrkA

@Steve: The problem with your monitor sounds like a hardware issue.

# 6 Mar 2014, 22:06

Vin Francis writes

1 thumb

You are an honest help provider. Your business will well blessed and grow strong and on good footing. I will proceed to use the clear cut information passed on to me. God bless you.

# 7 Mar 2014, 6:48

Mickey Stevens writes

0 thumbs

I am not blaming you but I still don't get what the messageIType,Exe has stopped working means. I am not a computer geek and don't know what to do about it. It comes up evertime I go on the net then disappears. I am on Vista and I use Explorer as my browser. Does it have a purpose or? if it is eliminated will I lose something?

# 15 Mar 2014, 14:01

Roger Karlsson writes

0 thumbs

@Mickey: Do you have a keyboard from Microsoft? iType.exe is probably part of Microsoft's IntelliType keyboard software:

http://en.wikipedia.org/wiki/IntelliType
http://www.freefixer.com/library/file/itype.exe-5500/

The "iType.exe stopped working" usually means that there's a software bug in iType.exe, which made the iType.exe process crash. Please try to get all updates from Windows Update to see if that solves the problem.

@Vin Francis: Thank you very much!

# 16 Mar 2014, 2:27

rama writes

0 thumbs

when i open the computer.it shows disk checking,finally recoving the word is non stop running.if i not giving disk checking it show in notification mystart anti pishing corrupt file.

# 8 Apr 2014, 23:27

roberto writes

0 thumbs

no puedo iniciar mi computadora dice un mensage que necesito el archivo sl2.dll que lo instale y lo vuelva a intentar alguien me puede ayudar

# 26 May 2014, 13:17

Roger Karlsson writes

1 thumb

Roberto writes: "I can not boot my computer a message says I need the file to install sl2.dll and retry someone can help me."

Does your computer boot in Safe Mode? If so, it might be possible to start the System File Checker tool to restore the sl2.dll file.

More info on the System File Checker tool:
http://support.microsoft.com/kb/929833

Did that solve the sl2.dll problem?

# 27 May 2014, 12:00

Paulie Hyland writes

0 thumbs

is the remove Malware-free program below a legit File im leary to download it,what say you? any info would be greatly appreciated,sincerly Paul v Hyland, please feel free to respond to my email for me,on this peice o' shit.

# 2 Jun 2014, 22:52

Roger Karlsson writes

1 thumb

@Paulie: What malware removal program are you referring to?

# 7 Jun 2014, 10:45

tEX writes

0 thumbs

This website is useless. I came to find information about LMI_RESCUE_SERV.EXE.
Is it malware? How to remove it?
This website talks a lot about it but says nothing about what it is, if it is malware, or how ro remove it.

# 20 Jul 2014, 15:11

jeanette childress writes

0 thumbs

You have a wonderful informative site, hoping you can and will help me too. the following msg comes up
C:\Progra~1\Common~1\System\SysMenu.dll

Do i need this if so where can i get it. My computer is win 7
hp and when i leave my computer up and come back with in 15 min or longer it will not come back up i have to hard boot and then it runs thru all the dll files and come back up.

# 12 Aug 2014, 22:51

jeanette childress writes

0 thumbs

You have a wonderful informative site, hoping you can and will help me too. the following msg comes up
C:\Progra~1\Common~1\System\SysMenu.dll

Do i need this if so where can i get it. My computer is win 7
hp and when i leave my computer up and come back with in 15 min or longer it will not come back up i have to hard boot and then it runs thru all the dll files and come back up.

# 12 Aug 2014, 22:52

Roger Karlsson writes

0 thumbs

@Jeanette: Thank you for the feedback. Happy to hear you like the web site.

Please check out the info page on SysMenu.dll here:

http://www.freefixer.com/library/file/SysMenu.dll-107937/

where a few users have run into the same problem as you did.

# 13 Aug 2014, 12:57

polly writes

0 thumbs

I have clickfree on windows 8.1 installed on new Toshiba pc.
AVG continually pops a window to say Threat found Win323/DH{gRHBEQOEuE3E}\clickfreeSoftware\BoxSoftware\SacReinder.exe
Can you please tell me what to do.
Thank you Polly

# 15 Aug 2014, 20:11

Roger Karlsson writes

-1 thumb

@Polly: Please upload your copy of the file to virustotal.com to see what the other anti-virus programs says about the file, and post a link to the scan result. I'll have a look at it to see if it should be removed. Is the file named SacReinder.exe or SacReminder.exe?

# 20 Aug 2014, 7:19

Sue writes

0 thumbs

Hi just want to know about dock bar keeps coming up stopped working ,do I need this in my computer, if not how do I remove same many thanks Sue.

# 30 Nov 2014, 5:46

Santana writes

0 thumbs

So my security has had to protect my computer from smdmfservice.exe, five or more times now, and it is saying it is a high risk. Would deleting this file do anything to my computer? I honestly don't need my computer crashing, cause it is only a couple months old.

# 19 Dec 2014, 8:05

Roger Karlsson writes

3 thumbs

@Santana: I think smdmfservice.exe should be removed.

# 9 Jan 2015, 1:48

Liz Rich writes

0 thumbs

Hi, Roger I have been reading the questions and answers, but have not seen anything related to my issue. Periodically a message shows up as follows: "Status Monitor Application has stopped working". I looked it up on google and I discovered that has to do with devices and printers. I have a Brother MFC 736ON Laser printer and I believe this is what the message alludes to. However, I have no idea what to do to fix the issue. can you help? Btw I recently purchased Malwarebytes Anti-Malware software, but I think this message was appearing before that.

# 10 Jan 2015, 7:15

Roger Karlsson writes

0 thumbs

@Liz: Yeah, it sounds like the software that monitors your printer crashed. Probably caused by a software bug. I'd check with the printer manufacturer to see if they have some software update that solves the problem.

# 14 Jan 2015, 12:45

John Kaye writes

1 thumb

e-mail with virus attachment detected by Kaspersky. Not opened but seemingly activated and these are coming quite regularly from apparent different sources. Removed by Kaspersky but now have message every time computer is booted; "can't run application because MOUDL31A.DLL is missing". How to stop this message appearing would be useful. Any ideas?
John Kaye

# 20 Jan 2015, 4:14

Roger Karlsson writes

0 thumbs

Does the error message give you some more information, such as which program that could not start, because of the missing MOUDL31A.DLL file?

# 20 Jan 2015, 7:23

John Kaye writes

0 thumbs

Yes; mouse32a(dot)exe. I see that it could be quite safe but suspect it may be a screen logger as Kaspersky identified it in an e-mail and removed the DLL file and my wireless mouse and keyboard are still working.

# 24 Jan 2015, 9:29

Roger Karlsson writes

0 thumbs

@John: Sounds suspicious. I'd upload that mouse32a.exe file to VirusTotal.com to check if its malware, and if so remove it.

# 25 Jan 2015, 12:24

Tom writes

0 thumbs

I don't know if this really deleted pmropn.exe or not, but here is how I did it: I searched my computer for it, right clicked and from the pop up window I selected "delete." Like I said, not sure it is gone but it isn't showing up anymore.

# 1 Mar 2015, 16:11

mathew writes

0 thumbs

i cant paly dayz because i have started geting this error pop up can you help me c:/windows/syswow64/plsapp.dll

# 3 Apr 2015, 15:22

Artie writes

0 thumbs

Hi Roger,
First of all, all my gratitude and congrats for this generous and helpful website. Going to the point...
1.- After running SFC /SCANNOW this similar message appeared:
"Some errors not repaired; check CBS.LOG file for further data"
2.- Editing/reviewing CBS.LOG I discovered something wrong with SYSTEMSETTINGS.EXE.MUI file; summarizing the error:
this file is located into two different folders, both within C:\Windows\..., and there are mismatches between them.
3.- Could you please guide me on how trying to solve this issue?
Thank you

# 4 Apr 2015, 15:39

Marlene Boyarzin writes

1 thumb

Thanks much for the information. Not only helps with the standby.exe file but with others I have encountered. I have removed it from my system. Thanks for the online scanner information.

# 18 Apr 2015, 17:01

adrian aguilar writes

1 thumb

does it affect my current antivirus on my computer?

# 20 Apr 2015, 21:17

paul writes

1 thumb

thank you for providing such a easy to understand help site

# 3 May 2015, 22:29

robin lord writes

0 thumbs

Brilliant website along with the freefixer software, I only found it recently, I wish I had known about it years ago. So easy to use and does nothing unless you want it to, much better than other apps which delete things automatically. Have already sorted out PCs for two friends with badly affected machines

# 6 May 2015, 5:12

Dixie Perez writes

0 thumbs

If I delete malware 3.4.3_40298.exe from bit torrent - torrenting com etc, will it effect the use of the site? I still like the site - but - I've had some issues that are reallly sneeeeaky. Also, Malwarebytes, also a cleverbridge company, detected this program as outbound malicious - yet after running a full scan? Not a darn thing was present as malicious - rather, that needed to be quarantined. Please advise as what to do here -

# 16 May 2015, 14:15

Dixie Perez writes

1 thumb

If I delete malware 3.4.3_40298.exe from bit torrent - torrenting com etc, will it effect the use of the site? I still like the site - but - I've had some issues that are reallly sneeeeaky. Also, Malwarebytes, also a cleverbridge company, detected this program as outbound malicious - yet after running a full scan? Not a darn thing was present as malicious - rather, that needed to be quarantined. Please advise as what to do here -

# 16 May 2015, 14:18

Jane writes

0 thumbs

Jeg har en fil på min bærbare computer, der hedder host app service pokki
Og jeg har nogle problemer med at lukke internettet ned, er der en sammenhæng til ovennævnte fil? Skal jeg bare slette den?
Knus fra en lidt uøvet bruger
Jane

# 13 Jun 2015, 2:36

DAVID writes

0 thumbs

HI,I RECEIVE THE SEARCHBASE POPUP EVERYTIME I SWITCH MY COMPUTER ON. IT SAYS SEARCHBASE ENCOUNTERED A PROBLEM AND NEED TO CLOSE.I NEED TO REMOVE OR CLOSE IT.PLEASE MAIL ME AT diaslegal@mweb.co.za; THANKS, David

# 24 Jun 2015, 5:52

Roger Karlsson writes

0 thumbs

Sorry for the delay. Thank you very much for the feedback!

@Mathew: What does the error message say related to plsapp.dll?

@Artie: Last time I tried SFC it asked for my installation DVD and then automatically repaired the problem. Does the log give any clues why SFC could not repair the problem?

@Adrian: FreeFixer should run fine side by side with your current anti-virus program.

@Dixie: Please upload the file to VirusTotal.com to have it checked. If the file is detected, I would delete it ASAP.

@Jane: Sorry, I'm not sure what you are asking, but you should be able to uninstall Pokki from the Windows Control Panel if you don't like the software. Is it a Lenovo laptop?

@David: Is this the file you have on your machine? http://www.freefixer.com/library/file/SearchBase.exe-188400/ Then you should probably remove it. FreeFixer can do it for you if you like.

# 27 Jun 2015, 9:24

bill jonas writes

0 thumbs

My last apparent usage was several yrs ago so deletion is my
next step

# 13 Jul 2015, 19:59

roetjo writes

0 thumbs


j ai viré simple pass

# 16 Jul 2015, 12:33

Ken Switzer writes

0 thumbs

I run windows 7 and surf IE. Can you steer me to a clue as to why some of my favorite favorites stop working?

# 2 Aug 2015, 13:18

Roger Karlsson writes

1 thumb

@Ken: Do see some error message when clicking on your favourites? Are these favourites located on your desktop or in Internet Explorer?

# 16 Aug 2015, 5:19

larry newman writes

0 thumbs

every since i tried to up grade to windows10 i have been getin pop up sayin need to back up all info hard drive is bad but only apperred after the 4rth time of failing to install all the wayi went and finally found it its called DFDWiz and when comparded with the right way the sisciption should look there are some differences like there was things out of order and things that didnt match like file dissciption one i got says DFDWiz.exe and not DFDWiz.exe.mul so what do i do delete or keep i would think malwear if someone could help u would owe you one .

# 16 Aug 2015, 10:09

Ken Switzer writes

0 thumbs

unresponsive favourites are in IE-I see no errors. just click and....nothing happens. Fishy enough to make me wonder if somethings up.

# 18 Aug 2015, 17:18

jessica writes

1 thumb

ever since i got the windows 10 ive been having problems with my laptop. i have some malware on it and im not sure if it was from before windows 10, but among my problems i have mant versions of "cuttheprice" putting extentions on my web browsers, i did however find them in my laptop under windows (C:) but i have "internetpirt3" that is giving me some trouble, i have no clue what it is but it put more malware and what not on my laptop... i also let one of my family members use my laptop and they downloaded movies off of some movie download whatever. torrents or what not. im sure that has alot to do with it as well. does anyone have any clue? i really dont have the money to spend to take it to some computer tech o buy subscriptions for anti malware stuff.

# 25 Sep 2015, 21:07

william writes

0 thumbs

I am not really good at computers...........however, yours is the first sight that explains everything very understandably! It is a really unique sight , thankyou immencely........bill rice

# 7 Oct 2015, 15:10

Andre writes

0 thumbs

Greetings! Last week I started getting the following RunDLL error message box at startup:

"There was a problem starting C:\User\%username%\AppData\Local\Video Ball\zBin\VideoBall.dll"
The specified module could not be found"

Computer is running Kaspersky in the Detailed Reports/Application Control section reads:

Application added to the Low Restricted group;C:\Users\%username%\AppData\Local\Video Ball\zBin\VideoBall.dll;
on 11/20/2015 16:32:46

There is a Video Ball program (by Junimong Corp) listed in the control panel's list of programs. Looks like it got installed on the same date as my Windows 10 upgrade installation. Every attempt to uninstall it produces the same RunDLL error as above.

I've tried searching for Video Ball, Junimong Corp, nothing relevant appears.

It looks like Kaspersky made the .dll unaccessible or I may have inadvertently deleted it.

This problem started last week after I mistakenly allowed a program to download which also had malware/adware which attacked my computer with every browser I opened. So it's possible during my attempts to remove suspect files I may have removed the required registry file.

Did the Video Ball get downloaded with Windows 10?

What is Video Ball?

Where/How can I get the missing VideoBall.dll file?

Please Help!

Thank you to all for your help

# 1 Dec 2015, 21:59

Piet writes

0 thumbs

bsdriver.sys is a nasty virus/trojan horse program, that creates ads, etc. It is as far as I tried not removeable on anyway, even not with administrator rights in windows 10! Even Freefixer can´t remove it, with reply: Access denied. Error code: 5.
So the problem is still in my computer at C:\windows\system32\drivers}bsdriver.sys

# 27 Dec 2015, 7:48

Julie writes

0 thumbs

Very informative

# 13 Jan 2016, 16:04

Pedro writes

0 thumbs

Your site seems the best for clear understandable information on problems with our computers, that confound us, however, It puzzles me that absolutely no one can tell us what XPATLCOM.dll is, or what it actually does? my Norton 360 on my Satellite laptop with windows 8.1 shows it was found, and was downloaded 2 days ago, but gives no more info, bad good or ugly. I seems that someone somewhere should have at least some information about what it is for, or why its there. If we cannot determine if it is malware, perhaps someone knows what it could relate to, or what function it could possibly have? If it could not possibly have some needed function, then I will get rid of it. but I frankly hate windows 7,8, and the key logging, Orwellian, 10, they are both designed to force us into using against our will. They give us no System Disk, no info and no way to determine what's happening on our own computers, or to deal with it ourselves, and Microsoft seems poor at dealing with it. Additionally they block us from booting from other media, in an attempt to repair things that do often go wrong in these systems.

# 6 Feb 2016, 9:25

Randall Green writes

0 thumbs

why can't the software companies put something in place to show which file belongs to which program? It's the same with the virus programs, it throws up a named file that it does not recognise and asks whether I want to allow, or, block. If it told people what program it is from, it would save a lot of time.

# 7 Mar 2016, 3:02

KimG writes

0 thumbs

Thanks for providing this forum to help the IT community better understand and resolve issues. Great!!! I have a number of issues on my Window7 HP but I'll start with this one...

What is comsurrogate? I have an account on my PC that when used, several instances of comsurrogate launch and more instances continue to launch. I would end each process from the Task Manager but another starts up and starts eating memory. I had to create a new account. So far, comsurrogate hasn't resurfaced after several months; I avoid using that account. Any ideas?

# 22 Mar 2016, 4:03

Rose writes

0 thumbs

Is the format package published by Qi Wang safe? It appeared on my desktop after an update and I'm not sure if it is safe.... I don't want to uninstall it if it needed to make the system run better

# 2 May 2016, 14:39

Roger Karlsson writes

1 thumb

@Roes: Here's the scan results I have for Qi Wang files:

http://www.freefixer.com/library/publisher/Qi%20Wang/

It does not seem to be anything malicious, but on the other hand not something that is necessary to run your system.

# 20 May 2016, 5:00

NEED HELP plz writes

0 thumbs

I have bytefence I need help!!!

# 9 Jun 2016, 18:28

Arlette writes

0 thumbs

I am SO GLAD I found your website it is a source of well written information. Thank you for this.
I want to read it all before I ask a question just in case it was already addressed.I am hanging on to Win7 but I will have to give it up as Microsoft keeps trying to kill it with falsely named updates. The poor OS is in shamble.
I will be back soon.
[Merci Beaucoup]

# 2 Aug 2016, 19:36

Corinne Larimore writes

0 thumbs


The pest again. I have to do this over as I don't think I downloaded it right. Plus what do we do when we don't know which choice type make as I don't know anything about registries ...... so what are we supposed to say. I don't
know what to say on a lot of my errors.

I apologize if this is the wrong place to be asking these types of questions but it's not clear where we SHOULD be asking them, plus this has been a lot of work.

Warmly,
Corinne

P.S. Plus I wish we could copy and paste as there are so many things I'd like
to take notes as it's simply too time consuming to stop, type some notes and
then go back as there's so much information, it would take forever without
copying and pasting.

# 10 Aug 2016, 21:56

Roger Karlsson writes

0 thumbs

@Corinne: Thank you for the feedback on the copy/paste issue.

To get more info about an item, please click the "More Info" links in the scan result. That will pop up a web page, where you can find a scan result from VirusTotal (if its a file you clicked) and hopefully comments from other users about the item. You can also post questions there. Other users or me will try to answer your question there.

Hope that answered your questions.

# 12 Aug 2016, 6:13

Roger Karlsson writes

0 thumbs

@Arlette: Thank you very much!

# 12 Aug 2016, 6:14

Corinne Larimore writes

1 thumb

I've had a hard time ever since I went to Windows 10 .... I really don't like it and I know I shouldn't but I've kept part of IE11 as I didn't know stupid me that you should never change the home page in the old Internet Explorer. I always, always find this stuff out AFTER I've done something as I would always go to Google anyway but I really miss Internet Explorer 11 now plus Windows 8.1. I just might go back as I'm not technical at all and for me, Windows 10 and even 8.1 and 8 Microsoft expects us to know too much about technical things. Joe's Mother doesn't even try to do anything on the PC except email as she's 80+ years old and very smart, but this stuff is way beyond her. Plus I do resent Microsoft pretty much forcing us to get Windows 10. I would have been perfectly happy to stay with Windows XP ....... I don't know why Microsoft keeps trying to make things better as most people don't know this kind of stuff.

Thank you for your kind comment.
Warmly,
Corinne

# 12 Aug 2016, 13:28

Bernie writes

0 thumbs

Thank You !

# 12 Oct 2016, 6:17

ana lúcia madeira writes

0 thumbs

gostei da página, porém vim em busca de uma informação(anerwut.exe) e consta que não é malicioso. escaniei minha máquina com MALWAREBYTES e ele acusou positivo.

# 1 Dec 2016, 17:36

Gzus Criest writes

0 thumbs

HitmanPro identified

nvvad64v.sys as suspected malware because

The file is hidden from Windows API. This is typical for malware.

The file is completely hidden from view and most antivirus products. It may belong to a rootkit.

Starts automatically as a service during system bootup.

The file is located in a folder that contains core operating system files from Windows.

C:\WINDOWS\system32\drivers

This is not typical for most programs and is only common to system tools, drivers and hacking utilities.

The file is a device driver. Device drivers run as trusted (highly privileged) code.

entire report in case you want more info

Properties
Name nvvad64v.sys
Location C:\WINDOWS\system32\drivers
Size 44.9 KB
Time 207.3 days ago (2016-06-09 18:09:56)
Entropy 6.4
Product NVIDIA Virtual Audio Driver
Publisher NVIDIA Corporation
Description NVIDIA Virtual Audio Driver
Version 3.40.1
Copyright (C) NVIDIA Corporation. All rights reserved.
Service nvvad_WaveExtensible
LanguageID 1033
SHA-256 D0BE8343784DDD2B7CADFC85779CC72C78D49601E9C746D13D8134CE38DD920F

Scoring (45.0)
The file is hidden from Windows API. This is typical for malware.
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.

Startup
HKLM\SYSTEM\CurrentControlSet\Services\nvvad_WaveExtensible\

Maybe I'm a bit paranoid, but maybe I'm not paranoid enough (normally I solve this stuff by myself, but this file is even invisible whit "show hidden files" active
So I thought, Better safe than sorry, can you help me out?

# 2 Jan 2017, 16:46

Eric Gaither writes

0 thumbs

GREETINGS ALL,

@ Corinne Larimore: Other than when buying a new Computer with Windows 10 installed, NO ONE forces anyone to install windows 10.
I HAD voluntarily installed windows 10 on my laptop and after a few weeks UNINSTALLED IT as it isn't (to ME) a good system since "some options" are unavailable for laptops.
I prefer 8.1!!
I Hope your problems are resolved.
CHEERS!!

# 8 Feb 2017, 7:12

tlhabane Skhosana writes

0 thumbs

i am trying to install Vodafone Mobile Broadband Router on computer and it keep on telling me that c:\ProgramFiles\Vodafone Mobile Broadband\Vmbnotefier.exe is not a valid Win32 application. i am using Windows XP Delux 2009 on my computer. Please help.

# 8 Feb 2017, 14:58

Bonnie Pheil writes

0 thumbs

I was going to delete this IadHide5.dll as I've been pre-advised that anything backweb is bad, however I noticed that it times out with the ERDNT AutoBackup I made sure was still working in the background. It seems a shame if I were to work so hard on keeping a way to fix my computer of I fry it again, just to accidently delete an important part. I think maybe I ought to keep it after all.
I thank you so very much for the help with keeping my computer going. I haven't had to wipe it back to factory specifications since I downloaded your program.
Thank you again.
Keep up the good work.
Bonnie Pheil

# 3 Mar 2017, 1:01

Roger Karlsson writes

0 thumbs

@Gzus: Very suspicious that the file is hidden from the Windows API. Usually I recommend that users double check the file by uploading it to VirusTotal before doing the removal. But since the file seems to be hidden by the Window API that will probably not work. Please check if you can see the file nvvad64v.sys in "C:\WINDOWS\system32\drivers". If you can see it, please upload it to VirusTotal to check that it really is malware. Please also check if it is digitally signed by "NVIDIA Corporation". If so, it's most likely not malware.

If it is malware, you can probably remove it with FreeFixer's File Nuker:

http://www.freefixer.com/manual.html

# 18 May 2017, 0:07

Bonnie Pheil writes

0 thumbs

First, I want to thank you for bringing my XP back from the PC Cemetary. I really thought it was a goner that time. (I've been using freefixer for about 2 years but that first time I was sure that this old thing had gone to PC Heaven.) A friend whose intentions were good I'm sure, put IOBit on my computer and had to leave before he was done helping me with the settings. Of course he told me just don't click the optimizer function until he get back to help me finish up. Well you know how things happen. I restarted my computer one day and the little box showed up in the corner and I don't know what I was thinking but I clicked it without thinking. Everything went out and I couldn't figure out how to fix it. In the mean time life goes on and my well intentioned friend forgot and didn't stop back in for 3 or 4 months. My CD/DVD Player was useless. Thank God My WiFi adapter came with a program disk. (I ended up putting an additional CD/DVD Player in)All my Ports were unplugged and I was hopeless concerning my XP. I really love this old thing. I still don't really understand everything about how it works or what I actually need to do to make this old thing work as well as it was manufactured to. I'm sure if I had any true idea what I was doing It really could. This poor things been through fire and flood (unfortunately all the program disks were lost in the fire. They were on the shelf and the shelf didn't make it)I've had to do at least 25 factory restores on it. A huge part of it still being capable of any functions at all is that freefixer is so easy to use. I mean, even I can use it and I'm a computer dim whit. I really just don't get it. Thanks to freefixer, even I still have a working computer. Thank You, Bonnie Pheil

# 18 May 2017, 16:52

Roger Karlsson writes

0 thumbs

Thank you Bonnie! Happy to hear you like the FreeFixer program!

# 22 May 2017, 6:35

SHAMIR KWAHLIF writes

0 thumbs

Hi Roger
Just wanted 2 let u know that today while attempting 2 find exactly wut this (MBAE.SYS) waz, I came across ur site & started reading. I must let u know that once I finished reading ur information posted, I waz highly impressed with all that waz presented & the manner in which is waz presented. Would like u 2 know that u have just picked up another follower...(smile). And I will be tuning in 2 keep up on the latest info u post & 2 remain informed as just wut is happening in the world of cyber threatz. I would also like 4 u 2 know that while wordz r alwayz nice 2 hear & receive, wut u take time out of ur life & devote it 2 helping otherz like myself gain knowledge & understanding who r in the dark about so much highly important information,deservez 2 be shown just how much that which u do is truly appreciated, & I have decided that I will do just that. Keep ur eyez open 4 future donation frm me. Thx a million once again 4 all of ur work & sacrifice on our behalf. Keep doing that which u do, & remain safe. Peace

(SHAMIR KWAHLIF)

# 11 Dec 2017, 12:15

Leave a reply