WinPatrol report

[Dave Davison]

I got an email from a friend yesterday apologising for some emails that had been sent from his computer which he claims he did not send, his conclusion being that he suspects a virus had infected his computer. Just to be sure nothing had taken root on my computer I ran Avira and MalwarBytes which found nothing. Just now I opened WinPatrol (free edition) and note that there are listed over a hundred items under the "Recent" tab. (see attachment) should I delete all on this list please? Thanks Dave.

[HansV]

These don't look like infections, they are all legitimate as far as I can tell. Please don't delete them - you would probably cause Windows and/or applications to stop working correctly.
If WinPatrol really lists these items as "infections" I wouldn't trust it.

[BobH]

Dave's post prompted me to look at what WinPatrol shows on my system.

In the screenshot below, I had sorted the list to show just the HIDDEN files because the only ones that I thought might be malware show up there.

Does anyone know what these files are?
F9T.DAT
MLFCACHE.DAT
ETILQW_ ....... (there are a couple and they change names on each WinPatrol display event)

The remainder looked reasonable to me because the names are familiars or the sources are trusted, but these few looked fishy.

I agree with Hans that the programs suggested by WinPatrol are not all malware. I think that WP put that screen in to help identify and remove malware but leave it up to you to be sure the programs are, indeed, malicious.

[HansV]

I have no idea what F9T.DAT is, but that does not mean it is a problem.
MLFCACHE.DAT appears to be some kind of font cache, so most probably OK.
Files beginning with ETILQS appear to be temporary files created by programs that use SQLITE (see what happens when you reverse it), such as Firefox. So most probably OK too.

[viking33]

BobH,
There is an interesting article on DAT files here:
http://www.online-tech-tips.com/compute ... dat-files/" onclick="window.open(this.href);return false;
You could also try opening it in Notepad to see if there is any clue to it's origin.

[Roderunner]

More info on DAT Files http://filext.com/file-extension/DAT" onclick="window.open(this.href);return false;

[tedshemyers]

Before I run any scans using my various manual scan tools, I always empty all temp files (including temp internet files) This helps to eliminate the possibility of nasties hiding in my temp files. Plus many of these temp files really have little future uses. Several apps can help with this. I choose to use CCleaner and Privacy Mantra for this use. Each find some the other misses.

[Dave Davison]

....thanks for the helpful replies, it appears prudent to simply leave the list alone bearing in mind the old addage; "If it aint broke, don't mend it". Many thanks Dave.

[BobArch2]

I got an email from a friend yesterday apologising for some emails that had been sent from his computer which he claims he did not send, his conclusion being that he suspects a virus had infected his computer. Just to be sure nothing had taken root on my computer I ran Avira and MalwarBytes which found nothing. Just now I opened WinPatrol (free edition) and note that there are listed over a hundred items under the "Recent" tab. (see attachment) should I delete all on this list please? Thanks Dave.

The "First Detected" column is meant to show the date that WinPatrol first recognized the file... installation or add-on. With the Registered version, I see the actual date which is variable for each file. I suspect, as indicated by your snapshot, that the "free" version only depicts the timestamp of the viewing... which in your case always reflect the same date and time.

[BobArch2]

Does anyone know what these files are?
F9T.DAT
MLFCACHE.DAT
ETILQW_ ....... (there are a couple and they change names on each WinPatrol display event)

F9T.DAT... no idea.

MLFCACHE.DAT is reported by "registered" WinPatrol as:

VMedia File Cache – MLFCACHE.DAT

Mlfcache.dat, fntcache.dat and gdifontcache.dat appear to install with Windows 2000 or later and Microsoft Office 97 or later and with some versions of the Adobe PDF software. These files will generally appear in your Windows\System or System32 folder. They may be reference when deleting font cache and media file cache files. If you use WinPatrol 10.x or later, you may see them listed in your Hidden Files.

ETILOW... could not locate as there was no extension provided.

[BobH]

Thanks for all the information, gentlemen.

I harbor no real suspicions that the files I asked about are malware. I asked because I couldn't identify them.

The information about .DAT files leads me to wonder, however, why it shows up as a suspect file. Could a .DAT file harbor malware? My guess is that it could, possibly, but some other code would have to open it and find the code and then cause it to execute.

Idle curiosity, perhaps, but also a chance to learn something new, too.

Thanks again for the info.

[stuck]

I got an email from a friend yesterday apologising for some emails that had been sent from his computer which he claims he did not send

He almost certainly did not send them. The most likely explanation is that his email address has been picked up by a spammer and it is the spammer's system that is sending the emails and inserting your friends address into the 'from' field so that the recipients are less likely to dismiss it out of hand. My old work email address got picked up like this and on occasionally I would get some 'exciting offers' in my Inbox that (apparently) had been sent to me from me!

Unfortunately once an email address ends up on a spammer list there is nothing you can do about it, except switch to a new email address.

Ken

[Dave Davison]

Thanks for the comment Ken, yep, the thought had crossed my mind that my friend simple stop using the obviously harvested address, create maybe a new "live.com" address and inform all those he wants to know about it. Hopefully that should be a simple get round... Regards Dave.