Guest RxK Posted April 12, 2008 Posted April 12, 2008 Any idea what this file is ? C:\hdfjawja.sys hrs flags are on. Gogl comes up blank. Virustotal reports nothing unusual. ...can't find my darned hex editor to see what's in it... TIA regards, Richard Quote
Guest PA Bear [MS MVP] Posted April 12, 2008 Posted April 12, 2008 Why do you ask, Richard? What anti-virus application or security suite is installed? What anti-spyware applications (other than Defender)? What third-party firewall (if any)? -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ RxK wrote:<span style="color:blue"> > Any idea what this file is ? > C:hdfjawja.sys > hrs flags are on. > Gogl comes up blank. > Virustotal reports nothing unusual. > > ..can't find my darned hex editor to see what's in it... > > TIA > > regards, Richard </span> Quote
Guest db ´¯`·.. > Posted April 12, 2008 Posted April 12, 2008 http://tinyurl.com/4zvcq5 -- db·´¯`·...¸><)))º> "RxK" <nospam@hotmail.com> wrote in message news:e0oplMPnIHA.4536@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > Any idea what this file is ? > C:hdfjawja.sys > hrs flags are on. > Gogl comes up blank. > Virustotal reports nothing unusual. > > ..can't find my darned hex editor to see what's in it... > > TIA > > regards, Richard > > > </span> Quote
Guest RxK Posted April 12, 2008 Posted April 12, 2008 ....can anyone recommend a malware free hex-editor download, ...mine seems to have vansiehd into thin air ! TIA regards, Richard "RxK" <nospam@hotmail.com> wrote in message news:e0oplMPnIHA.4536@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > Any idea what this file is ? > C:hdfjawja.sys > hrs flags are on. > Gogl comes up blank. > Virustotal reports nothing unusual. > > ..can't find my darned hex editor to see what's in it... > > TIA > > regards, Richard > > > </span> Quote
Guest Pegasus \(MVP\) Posted April 13, 2008 Posted April 13, 2008 "RxK" <nospam@hotmail.com> wrote in message news:uDzKWTPnIHA.3572@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > ...can anyone recommend a malware free hex-editor download, ...mine seems > to have vansiehd into thin air ! > > TIA ></span> http://www.chmaas.handshake.de/delphi/free...xvi32/xvi32.htm Quote
Guest RxK Posted April 13, 2008 Posted April 13, 2008 BiiiiIIIIIIIIg thanks Pegasus, am much obliged :-) .....I recognised it {..by desktop icon } ...straight aways when I right-clicked the XVI32.exe file "Send to Desktop | Create Shortcut," ....that's the hex editor I'd used for ages, ...well older version I suppose, .....the I used to have - and couldn't find - how perceptive of you ! regards, Richard "Pegasus (MVP)" <I.can@fly.com.oz> wrote in message news:OFhQA5SnIHA.4684@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > > "RxK" <nospam@hotmail.com> wrote in message > news:uDzKWTPnIHA.3572@TK2MSFTNGP02.phx.gbl...<span style="color:green"> >> ...can anyone recommend a malware free hex-editor download, ...mine seems >> to have vansiehd into thin air ! >> >> TIA >></span> > > http://www.chmaas.handshake.de/delphi/free...xvi32/xvi32.htm > </span> Quote
Guest MAP Posted April 14, 2008 Posted April 14, 2008 RxK wrote:<span style="color:blue"> > Any idea what this file is ? > C:hdfjawja.sys > hrs flags are on. > Gogl comes up blank. > Virustotal reports nothing unusual. > > ..can't find my darned hex editor to see what's in it... > > TIA > > regards, Richard</span> I submitted a file to virus total and came up blank as well, a week later I resubmitted it and got several hits, something new needs time to be discovered, try it again. -- Mike Pawlak Quote
Guest RxK Posted April 15, 2008 Posted April 15, 2008 ....after more time on this hdfjawja.sys file, http://www.all-nettools.com/forum/archive/....php/t-242.html ....seems to have one with a similar filename - the contents of the file seem to be several strings like:- !ATYN1FZMH4DPG3QSBU81LSO6AD0CRMF3ZTJE4VHK I'm wondering if it's something to do with PerfectDisk. ....regards, Richard "RxK" <nospam@hotmail.com> wrote in message news:e0oplMPnIHA.4536@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > Any idea what this file is ? > C:hdfjawja.sys > hrs flags are on. > Gogl comes up blank. > Virustotal reports nothing unusual. > > ..can't find my darned hex editor to see what's in it... > > TIA > > regards, Richard > > > </span> Quote
Guest RxK Posted April 15, 2008 Posted April 15, 2008 ....after a bit more research, I'll be keeping a closer eye on BCwipe, when I use it, I think it's this program that drops a sys file into my boot-drive root-directory ! regards, Richard "RxK" <nospam@hotmail.com> wrote in message news:OzuLicwnIHA.1204@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > ...after more time on this hdfjawja.sys file, > http://www.all-nettools.com/forum/archive/....php/t-242.html > ...seems to have one with a similar filename - the contents of the file > seem to be several strings like:- > !ATYN1FZMH4DPG3QSBU81LSO6AD0CRMF3ZTJE4VHK > > I'm wondering if it's something to do with PerfectDisk. > > ...regards, Richard > > > > "RxK" <nospam@hotmail.com> wrote in message > news:e0oplMPnIHA.4536@TK2MSFTNGP06.phx.gbl...<span style="color:green"> >> Any idea what this file is ? >> C:hdfjawja.sys >> hrs flags are on. >> Gogl comes up blank. >> Virustotal reports nothing unusual. >> >> ..can't find my darned hex editor to see what's in it... >> >> TIA >> >> regards, Richard >> >> >></span> > > </span> Quote
Guest Volodymyr M. Shcherbyna Posted April 16, 2008 Posted April 16, 2008 I'd start from decompiler rather then from hex editor. IDA Pro is an excellent utility. If you have to chance to get it, you can at least use Depends Walker to see the import table of driver to analyze in general what it does. -- V. This posting is provided "AS IS" with no warranties, and confers no rights. "RxK" <nospam@hotmail.com> wrote in message news:ehCnJyXnIHA.5208@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > BiiiiIIIIIIIIg thanks Pegasus, am much obliged :-) > ....I recognised it {..by desktop icon } ...straight aways when I > right-clicked the XVI32.exe file "Send to Desktop | Create Shortcut," > ...that's the hex editor I'd used for ages, ...well older version I > suppose, ....the I used to have - and couldn't find - how perceptive of > you ! > > regards, Richard > > > "Pegasus (MVP)" <I.can@fly.com.oz> wrote in message > news:OFhQA5SnIHA.4684@TK2MSFTNGP06.phx.gbl...<span style="color:green"> >> >> "RxK" <nospam@hotmail.com> wrote in message >> news:uDzKWTPnIHA.3572@TK2MSFTNGP02.phx.gbl...<span style="color:darkred"> >>> ...can anyone recommend a malware free hex-editor download, ...mine >>> seems to have vansiehd into thin air ! >>> >>> TIA >>></span> >> >> http://www.chmaas.handshake.de/delphi/free...xvi32/xvi32.htm >></span> > > </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.