unknown file...

[RxK]

Any idea what this file is ?

C:\hdfjawja.sys

hrs flags are on.

Gogl comes up blank.

Virustotal reports nothing unusual.

...can't find my darned hex editor to see what's in it...

TIA

regards, Richard

 

[PA Bear [MS MVP]]

Why do you ask, Richard?

What anti-virus application or security suite is installed? What

anti-spyware applications (other than Defender)? What third-party firewall

(if any)?

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

RxK wrote:<span style="color:blue">

> Any idea what this file is ?

> C:hdfjawja.sys

> hrs flags are on.

> Gogl comes up blank.

> Virustotal reports nothing unusual.

>

> ..can't find my darned hex editor to see what's in it...

>

> TIA

>

> regards, Richard </span>

 

[db ´¯`·.. >]

http://tinyurl.com/4zvcq5

--

db·´¯`·...¸>&lt))º>

"RxK" <nospam@hotmail.com> wrote in message

news:e0oplMPnIHA.4536@TK2MSFTNGP06.phx.gbl...<span style="color:blue">

> Any idea what this file is ?

> C:hdfjawja.sys

> hrs flags are on.

> Gogl comes up blank.

> Virustotal reports nothing unusual.

>

> ..can't find my darned hex editor to see what's in it...

>

> TIA

>

> regards, Richard

>

>

> </span>

 

[RxK]

....can anyone recommend a malware free hex-editor download, ...mine seems to

have vansiehd into thin air !

TIA

regards, Richard

"RxK" <nospam@hotmail.com> wrote in message

news:e0oplMPnIHA.4536@TK2MSFTNGP06.phx.gbl...<span style="color:blue">

> Any idea what this file is ?

> C:hdfjawja.sys

> hrs flags are on.

> Gogl comes up blank.

> Virustotal reports nothing unusual.

>

> ..can't find my darned hex editor to see what's in it...

>

> TIA

>

> regards, Richard

>

>

> </span>

 

[Pegasus \(MVP\)]

"RxK" <nospam@hotmail.com> wrote in message

news:uDzKWTPnIHA.3572@TK2MSFTNGP02.phx.gbl...<span style="color:blue">

> ...can anyone recommend a malware free hex-editor download, ...mine seems

> to have vansiehd into thin air !

>

> TIA

></span>

http://www.chmaas.handshake.de/delphi/free...xvi32/xvi32.htm

 

[RxK]

BiiiiIIIIIIIIg thanks Pegasus, am much obliged

.....I recognised it {..by desktop icon } ...straight aways when I

right-clicked the XVI32.exe file "Send to Desktop | Create Shortcut,"

....that's the hex editor I'd used for ages, ...well older version I suppose,

.....the I used to have - and couldn't find - how perceptive of you !

regards, Richard

"Pegasus (MVP)" <I.can@fly.com.oz> wrote in message

news:OFhQA5SnIHA.4684@TK2MSFTNGP06.phx.gbl...<span style="color:blue">

>

> "RxK" <nospam@hotmail.com> wrote in message

> news:uDzKWTPnIHA.3572@TK2MSFTNGP02.phx.gbl...<span style="color:green">

>> ...can anyone recommend a malware free hex-editor download, ...mine seems

>> to have vansiehd into thin air !

>>

>> TIA

>></span>

>

> http://www.chmaas.handshake.de/delphi/free...xvi32/xvi32.htm

> </span>

 

[MAP]

RxK wrote:<span style="color:blue">

> Any idea what this file is ?

> C:hdfjawja.sys

> hrs flags are on.

> Gogl comes up blank.

> Virustotal reports nothing unusual.

>

> ..can't find my darned hex editor to see what's in it...

>

> TIA

>

> regards, Richard</span>

I submitted a file to virus total and came up blank as well, a week later I

resubmitted it and got several hits, something new needs time to be

discovered, try it again.

--

Mike Pawlak

 

[RxK]

....after more time on this hdfjawja.sys file,

http://www.all-nettools.com/forum/archive/....php/t-242.html

....seems to have one with a similar filename - the contents of the file seem

to be several strings like:-

!ATYN1FZMH4DPG3QSBU81LSO6AD0CRMF3ZTJE4VHK

I'm wondering if it's something to do with PerfectDisk.

....regards, Richard

"RxK" <nospam@hotmail.com> wrote in message

news:e0oplMPnIHA.4536@TK2MSFTNGP06.phx.gbl...<span style="color:blue">

> Any idea what this file is ?

> C:hdfjawja.sys

> hrs flags are on.

> Gogl comes up blank.

> Virustotal reports nothing unusual.

>

> ..can't find my darned hex editor to see what's in it...

>

> TIA

>

> regards, Richard

>

>

> </span>

 

[RxK]

....after a bit more research, I'll be keeping a closer eye on BCwipe, when I

use it, I think it's this program that drops a sys file into my boot-drive

root-directory !

regards, Richard

"RxK" <nospam@hotmail.com> wrote in message

news:OzuLicwnIHA.1204@TK2MSFTNGP03.phx.gbl...<span style="color:blue">

> ...after more time on this hdfjawja.sys file,

> http://www.all-nettools.com/forum/archive/....php/t-242.html

> ...seems to have one with a similar filename - the contents of the file

> seem to be several strings like:-

> !ATYN1FZMH4DPG3QSBU81LSO6AD0CRMF3ZTJE4VHK

>

> I'm wondering if it's something to do with PerfectDisk.

>

> ...regards, Richard

>

>

>

> "RxK" <nospam@hotmail.com> wrote in message

> news:e0oplMPnIHA.4536@TK2MSFTNGP06.phx.gbl...<span style="color:green">

>> Any idea what this file is ?

>> C:hdfjawja.sys

>> hrs flags are on.

>> Gogl comes up blank.

>> Virustotal reports nothing unusual.

>>

>> ..can't find my darned hex editor to see what's in it...

>>

>> TIA

>>

>> regards, Richard

>>

>>

>></span>

>

> </span>

 

[Volodymyr M. Shcherbyna]

I'd start from decompiler rather then from hex editor. IDA Pro is an

excellent utility. If you have to chance to get it, you can at least use

Depends Walker to see the import table of driver to analyze in general what

it does.

--

V.

This posting is provided "AS IS" with no warranties, and confers no

rights.

"RxK" <nospam@hotmail.com> wrote in message

news:ehCnJyXnIHA.5208@TK2MSFTNGP04.phx.gbl...<span style="color:blue">

> BiiiiIIIIIIIIg thanks Pegasus, am much obliged

> ....I recognised it {..by desktop icon } ...straight aways when I

> right-clicked the XVI32.exe file "Send to Desktop | Create Shortcut,"

> ...that's the hex editor I'd used for ages, ...well older version I

> suppose, ....the I used to have - and couldn't find - how perceptive of

> you !

>

> regards, Richard

>

>

> "Pegasus (MVP)" <I.can@fly.com.oz> wrote in message

> news:OFhQA5SnIHA.4684@TK2MSFTNGP06.phx.gbl...<span style="color:green">

>>

>> "RxK" <nospam@hotmail.com> wrote in message

>> news:uDzKWTPnIHA.3572@TK2MSFTNGP02.phx.gbl...<span style="color:darkred">

>>> ...can anyone recommend a malware free hex-editor download, ...mine

>>> seems to have vansiehd into thin air !

>>>

>>> TIA

>>></span>

>>

>> http://www.chmaas.handshake.de/delphi/free...xvi32/xvi32.htm

>></span>

>

> </span>