what is FEDFCFAA_S.DLL ??

[jaufl]

found under WinPatrol, in the "recent" tab:

FEDFCFAA_S.DLL

It is classed as a hidden file.

There are no hits on this thing in google.

Anydoby know what this is?

[Zak Hipp]

I'm assuming there is no 'Program Description' or 'Company' details.

Have you checked its location - right-click -> Open Program properties


Zak Hipp

[JJ]

The fact that it has gibberish file name tells me that it's a malware.
Can you upload it to a file sharing website (e.g.: SendSpace)?
Please compress it using 7Z, RAR or ZIP to minimize download size.

[Tommy]

"JJ" <d...@nah.meh> wrote in message
news:9lliga2uyb2f.10...@40tude.net...

https://www.google.ie/search?q=FEDFCFAA&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-en:official&client=firefox-a
Anyone speaka da lingo in this url
Lots of these combinations appear in widnows - but I don't ever remember
seing them followed with a .dll

Get Mbam in there inahurry - followed by Superantispyware - heh anything
else that you can throw at it as well

Cheers
Tommy
afdffaaa cffa
117.niebardzowiemococichodzi.jupe.pl/?id=291939?
afdffaaa cffa. af cfef � ffaafcc � cfaaaaf � ffdfa � *** fedfcfaa
****
� dfefcc � fcfffe � adffaaa � ffffa. Najlepsza oferta. postheadericon.
adfcbf | ceaadf | bfcebf | cbfadf warfefaeae ...

[p-0''0-h the cat (ES)]

Upload it here now.

http://virusscan.jotti.org/en

--
p-0.0-h the cat

Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat,
Devil incarnate, Linux user#666, BaStarD hacker, Resident evil, Monkey Boy,
Certifiable criminal, Spineless cowardly scum, textbook Psychopath,
the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll inf�me,
the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll,
shyster [pending approval by STATE_TERROR], cripple, sociopath, kook

Honorary SHYSTER and FRAUD awarded for services to Haberdashery.
By Appointment to God Frank-Lin.

[Tommy]

"Tommy" <tommyle...@yohoo.com> wrote in message
news:b0a0tt...@mid.individual.net...

> "JJ" <d...@nah.meh> wrote in message

>

http://www.bankier.pl/wiadomosc/Najlepsza-oferta-internetu-mobilnego-dla-firmy-2833903.html

Just for interest - do you use a portable modem/flashdrive wifi or mifi
utility.....

IWO what kind of internet acessibility have you ?

Cheers
Tommy

[John Corliss q34wsk20-at-yahoo.com is the same as Dave U Random anonymous-at-anonymitaet-im-inter.net.Spam Corliss Please, Corliss Is Chris Caputo. BearPair, when did you stop lying to ACF?!! Tom Potter, when did you stop sniffing Hitlers Panties? Dr Fu Manchu is the main ACF spammer and he works with the PLA Hacker Unit in Shanghai..]

On May 24, 1:47 pm, "Tommy" <tommyleprech...@yohoo.com> wrote:
> "Tommy" <tommyleprech...@yohoo.com> wrote in message

>
> news:b0a0tt...@mid.individual.net...
>
> > "JJ" <d...@nah.meh> wrote in message
>

> http://www.bankier.pl/wiadomosc/Najlepsza-oferta-internetu-mobilnego-...

>
> Just for interest - do you use a portable modem/flashdrive wifi or mifi
> utility.....
>
> IWO what kind of internet acessibility have you ?
>
> Cheers
> Tommy

DO NOT DISCUSS WITH BEAR. HE'LL ASK IF YOU HAVE A PRISTINE BLOW JOB.
THEN HE WANTS YOU TO BEND OVER SO YOU CAN HAVE A NEW ARSH SEX
EXPERIENCE. AND DON'T FORGET, HE'LL WARN YOU OFF FROM LINUX AND
FIEREFOX. BEAR AND JAX WILL FUCK YOU!!!!!!!!!!!!!!!!!!!!
Haby
John Corliss q34wsk20-at-yahoo.com is the same as Dave U Random
anonymous-at-anonymitaet-im-inter.net.Spam Corliss Please, Corliss Is
Chris Caputo. BearPair, when did you stop lying to ACF?!! Tom Potter,
when did you stop sniffing Hitlers Panties? Dr Fu Manchu is the main
ACF spammer and he works with the PLA Hacker Unit in Shanghai..

[jaufl]

There is no info obtainable in WinPatrol.
WP shows it "first detected" on 08/04/2007 which
I think is when I bought the computer.

No description , company or any other information.

I rarely run WP (free, not paid) and was just
playing around in there when I found it.
Dont know how long it's actually been around.

I'm on a Dell Win XP SP2. No fancy wifi or any other devices.
No fancy gadgets or software installations, that I know of.

Ive run AVG, MWB and Superantispyware and none have picked up
on it.

Doesnt show up in any boot or start files or in task manager.

I've done a search of the hard drive and I cant even find it
to examine it or upload it.

The only reference to it is in WP.

weird!

[jaufl]

oops, correction:

that should be FEDFCFAAA_S.DLL

I left out an A on the end, but I still cant
even find it.

[Bear]

jaufl presented the following explanation :

Nothing found with a search at:
http://www.offensivecomputing.net/

--
Bear
http://bearware.info

[Zak Hipp]

WinPatrol detected a modem component in 2008; flagged startup. I removed the modem in 2011 and the entry is still there.
I've just deleted the entry and re-started this machine with no reappearance. That's all I can say.


Zak Hipp

[JJ]

Well, since it's listed in the "recent" tab, it's just history. It doesn't
mean that the file still exist in the system.

Have you checked the file presence from command prompt? e.g.: via DIR
command:

DIR /A "C:\Some Folder\FEDFCFAAA_S.DLL"

If you found it, then the file is just hidden using the HIDDEN file
attribute.

Otherwise, you can use a deleted-file recovery program to scan the
files/folders in a drive and check the presence of that DLL file.
Deleted-file recovery programs don't use standard file access functions
which are usually hacked by rootkit viruses to hide files/folders, so the
programs have a higher chance of finding files/folder hidden by viruses.
When you use the recovery program, make sure it can also show files that
aren't deleted (also check its settings). One freeware program that can do
this is Recuva at:

http://www.piriform.com/recuva

But Recuva doesn't have indicators for deleted and non-deleted files, so you
won't know the exact status. If you found the file and it'snot deleted, it
means that your system is infected by a rootkit virus. If so, get
malware/virus cleaners and scan your system.

Another method is to boot using LiveCD to check the DLL file presence. If
it's absent, then it's actually deleted.

[choro]

Recuva seems to be rubbish. It recovered the image files for me but no
photo software seems able to open the recuva'd image files. So, what is
the point? My old image recovery software from SD and Lexar do the job
perfectly.

Or is there something I don't know or am not aware of?
--
choro
*****

[Shadow]

On Fri, 24 May 2013 15:23:51 -0400, jaufl <ja...@jaufl.com> wrote:

Like the Kat said, send it to

http://virusscan.jotti.org/en

Results in minutes.

If that comes up with nothing, rename it to FEDFCFAAA_S.vir,
zip it with password "virus" and send it to David Lipman.
[]'s

PS I would just move it , and its backup in dllcache to a
pendrive and see what breaks. Only do this if you know how to copy it
back if the system becomes unbootable.
--
Don't be evil - Google 2004
We have a new policy - Google 2012

[jaufl]

found it, sort of

the WP log shows this:

fedfcfaaa_s

fedfcfaaa_s.dll
Path: C:\WINDOWS\system32\fedfcfaaa_s.dll
First Detected by WinPatrol: 08/04/2007 3:44 PM


WP right click properties info shows this:

Type of file: Application Extension

Opens with : Unknown application

Location : C:\WINDOWS\SYSTEM32

Size : 5 bytes

Size on disk: 4.00 KB

Attributes : hidden (checked - greyed out)

5 bytes ??

when I go to the system32 directory, I cant find it.
I've got folder options set to view hidden files.

Nothing show up on a search of the hard drive.

Nothing show up with Belarc or Everest.

Well, I'm stumped!

[Shadow]

On Sun, 26 May 2013 11:35:32 -0400, jaufl <ja...@jaufl.com> wrote:

>
>found it, sort of
>
>the WP log shows this:

> Path: C:\WINDOWS\system32\fedfcfaaa_s.dll

>Size : 5 bytes

>Well, I'm stumped!

Some shareware apps use a false dll to hide the serial number.
Like I said, move it to a pendrive and see what stops working.
[]'s

[JJ]

Just boot into a LiveCD (preferrably linux) and check the presence of that
DLL file. If it's not there, then you shouldn't worry about it anymore.
Otherwise, delete/archive it.

[Spamblk]

jaufl <ja...@jaufl.com> wrote in news:knt9rk$jog$1...@dont-email.me:

> 5 bytes ??
>
> when I go to the system32 directory, I cant find it.
> I've got folder options set to view hidden files.
>
> Nothing show up on a search of the hard drive.
>
> Nothing show up with Belarc or Everest.
>
> Well, I'm stumped!
>

I would follow Shadow & JJ's advice. A live CD of your choice should
bypass anything hiding files or folders. 5 bytes seems a trite small
for a piece of malware maybe it could be some kind of serial no or
perhaps it could be a symlink or shortcut to something else? A program
like Sysinternals process explorer might be useful to peek at processes
to see what DLLs they have loaded.