WinPatrol report
-
- SilverLounger
- Posts: 1852
- Joined: 27 Jan 2010, 19:15
- Location: Darlington, Co. Durham. UK
WinPatrol report
I got an email from a friend yesterday apologising for some emails that had been sent from his computer which he claims he did not send, his conclusion being that he suspects a virus had infected his computer. Just to be sure nothing had taken root on my computer I ran Avira and MalwarBytes which found nothing. Just now I opened WinPatrol (free edition) and note that there are listed over a hundred items under the "Recent" tab. (see attachment) should I delete all on this list please? Thanks Dave.
You do not have the required permissions to view the files attached to this post.
-
- Administrator
- Posts: 78549
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: WinPatrol report
These don't look like infections, they are all legitimate as far as I can tell. Please don't delete them - you would probably cause Windows and/or applications to stop working correctly.
If WinPatrol really lists these items as "infections" I wouldn't trust it.
If WinPatrol really lists these items as "infections" I wouldn't trust it.
Best wishes,
Hans
Hans
-
- UraniumLounger
- Posts: 9297
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: WinPatrol report
Dave's post prompted me to look at what WinPatrol shows on my system.
In the screenshot below, I had sorted the list to show just the HIDDEN files because the only ones that I thought might be malware show up there.
Does anyone know what these files are?
F9T.DAT
MLFCACHE.DAT
ETILQW_ ....... (there are a couple and they change names on each WinPatrol display event)
The remainder looked reasonable to me because the names are familiars or the sources are trusted, but these few looked fishy.
I agree with Hans that the programs suggested by WinPatrol are not all malware. I think that WP put that screen in to help identify and remove malware but leave it up to you to be sure the programs are, indeed, malicious.
In the screenshot below, I had sorted the list to show just the HIDDEN files because the only ones that I thought might be malware show up there.
Does anyone know what these files are?
F9T.DAT
MLFCACHE.DAT
ETILQW_ ....... (there are a couple and they change names on each WinPatrol display event)
The remainder looked reasonable to me because the names are familiars or the sources are trusted, but these few looked fishy.
I agree with Hans that the programs suggested by WinPatrol are not all malware. I think that WP put that screen in to help identify and remove malware but leave it up to you to be sure the programs are, indeed, malicious.
You do not have the required permissions to view the files attached to this post.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Administrator
- Posts: 78549
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: WinPatrol report
I have no idea what F9T.DAT is, but that does not mean it is a problem.
MLFCACHE.DAT appears to be some kind of font cache, so most probably OK.
Files beginning with ETILQS appear to be temporary files created by programs that use SQLITE (see what happens when you reverse it), such as Firefox. So most probably OK too.
MLFCACHE.DAT appears to be some kind of font cache, so most probably OK.
Files beginning with ETILQS appear to be temporary files created by programs that use SQLITE (see what happens when you reverse it), such as Firefox. So most probably OK too.
Best wishes,
Hans
Hans
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: WinPatrol report
BobH,
There is an interesting article on DAT files here:
http://www.online-tech-tips.com/compute ... dat-files/" onclick="window.open(this.href);return false;
You could also try opening it in Notepad to see if there is any clue to it's origin.
There is an interesting article on DAT files here:
http://www.online-tech-tips.com/compute ... dat-files/" onclick="window.open(this.href);return false;
You could also try opening it in Notepad to see if there is any clue to it's origin.
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- 5StarLounger
- Posts: 1021
- Joined: 23 Jan 2011, 01:52
- Location: Witness Protection Program.
Re: WinPatrol report
More info on DAT Files http://filext.com/file-extension/DAT" onclick="window.open(this.href);return false;
Windows 11 Home 22H2
Regards,
George.
-
- 2StarLounger
- Posts: 142
- Joined: 20 Jan 2011, 19:54
- Location: Rochester, NY
Re: WinPatrol report
Before I run any scans using my various manual scan tools, I always empty all temp files (including temp internet files) This helps to eliminate the possibility of nasties hiding in my temp files. Plus many of these temp files really have little future uses. Several apps can help with this. I choose to use CCleaner and Privacy Mantra for this use. Each find some the other misses.
Have a Great Day!
Ted
Sony Vaio Laptop, 2.53 MHz Duo Core Intel CPU, 4 GB RAM, 320 GB HD, Win 7 Ultimate 64 Bit
Ted
Sony Vaio Laptop, 2.53 MHz Duo Core Intel CPU, 4 GB RAM, 320 GB HD, Win 7 Ultimate 64 Bit
-
- SilverLounger
- Posts: 1852
- Joined: 27 Jan 2010, 19:15
- Location: Darlington, Co. Durham. UK
Re: WinPatrol report
....thanks for the helpful replies, it appears prudent to simply leave the list alone bearing in mind the old addage; "If it aint broke, don't mend it". Many thanks Dave.
-
- BronzeLounger
- Posts: 1242
- Joined: 25 Jan 2010, 22:25
- Location: Pickering, Ontario, Canada
Re: WinPatrol report
The "First Detected" column is meant to show the date that WinPatrol first recognized the file... installation or add-on. With the Registered version, I see the actual date which is variable for each file. I suspect, as indicated by your snapshot, that the "free" version only depicts the timestamp of the viewing... which in your case always reflect the same date and time.Dave Davison wrote:I got an email from a friend yesterday apologising for some emails that had been sent from his computer which he claims he did not send, his conclusion being that he suspects a virus had infected his computer. Just to be sure nothing had taken root on my computer I ran Avira and MalwarBytes which found nothing. Just now I opened WinPatrol (free edition) and note that there are listed over a hundred items under the "Recent" tab. (see attachment) should I delete all on this list please? Thanks Dave.
Last edited by BobArch2 on 04 Jul 2011, 15:03, edited 1 time in total.
Regards,
Bob
Bob
-
- BronzeLounger
- Posts: 1242
- Joined: 25 Jan 2010, 22:25
- Location: Pickering, Ontario, Canada
Re: WinPatrol report
F9T.DAT... no idea.BobH wrote: Does anyone know what these files are?
F9T.DAT
MLFCACHE.DAT
ETILQW_ ....... (there are a couple and they change names on each WinPatrol display event)
MLFCACHE.DAT is reported by "registered" WinPatrol as:
VMedia File Cache – MLFCACHE.DAT
Mlfcache.dat, fntcache.dat and gdifontcache.dat appear to install with Windows 2000 or later and Microsoft Office 97 or later and with some versions of the Adobe PDF software. These files will generally appear in your Windows\System or System32 folder. They may be reference when deleting font cache and media file cache files. If you use WinPatrol 10.x or later, you may see them listed in your Hidden Files.
ETILOW... could not locate as there was no extension provided.
Regards,
Bob
Bob
-
- UraniumLounger
- Posts: 9297
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: WinPatrol report
Thanks for all the information, gentlemen.
I harbor no real suspicions that the files I asked about are malware. I asked because I couldn't identify them.
The information about .DAT files leads me to wonder, however, why it shows up as a suspect file. Could a .DAT file harbor malware? My guess is that it could, possibly, but some other code would have to open it and find the code and then cause it to execute.
Idle curiosity, perhaps, but also a chance to learn something new, too.
Thanks again for the info.
I harbor no real suspicions that the files I asked about are malware. I asked because I couldn't identify them.
The information about .DAT files leads me to wonder, however, why it shows up as a suspect file. Could a .DAT file harbor malware? My guess is that it could, possibly, but some other code would have to open it and find the code and then cause it to execute.
Idle curiosity, perhaps, but also a chance to learn something new, too.
Thanks again for the info.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Panoramic Lounger
- Posts: 8182
- Joined: 25 Jan 2010, 09:09
- Location: retirement
Re: WinPatrol report
He almost certainly did not send them. The most likely explanation is that his email address has been picked up by a spammer and it is the spammer's system that is sending the emails and inserting your friends address into the 'from' field so that the recipients are less likely to dismiss it out of hand. My old work email address got picked up like this and on occasionally I would get some 'exciting offers' in my Inbox that (apparently) had been sent to me from me!Dave Davison wrote:I got an email from a friend yesterday apologising for some emails that had been sent from his computer which he claims he did not send
Unfortunately once an email address ends up on a spammer list there is nothing you can do about it, except switch to a new email address.
Ken
-
- SilverLounger
- Posts: 1852
- Joined: 27 Jan 2010, 19:15
- Location: Darlington, Co. Durham. UK
Re: WinPatrol report
Thanks for the comment Ken, yep, the thought had crossed my mind that my friend simple stop using the obviously harvested address, create maybe a new "live.com" address and inform all those he wants to know about it. Hopefully that should be a simple get round... Regards Dave.