NVCR32.exe what is it?

[ArcticWolf]

I tried Google and could find nothing on it, but it tried to send info out from my computer,but I blocked it with my firewall...but it tried to send info every 5 seconds. It even says it's a 3rd party cookie trying to change something in one of my files. Any idea or help appreciated. BTW running Win XP Pro sp1

[ArcticWolf]

See every 5 minutes or so I get this message from my firewall

Critical system object was changed.This may be a result of spyware activity. Outpost Firewall Pro Anti-Spyware can resotre the object to it's original default value.

Location Internet Explorer Third-Party Cookies

But when I choose to resotre it, it comes back about 5 minutes later.

[ArcticWolf]

Nobody knows what this is?? I can tell You the file is located in my Windowsprefectch directory and it keep trying to send info out on every port # ....ex:4080...4081...4082....etc. I checked the microsoft web site and found nothing on it... so is it safe to delete?

[FallowEarth]

http://www.google.com/search?hl=en&q=NVCR32.exe&btnG=Google+Search

I would venture to say that it's nothing that you need.  Got XP?  Make a restore point, then delete it.

[ArcticWolf]

OMG I took Your advice and made a restore point and then deleted the file... shut down My computer and rebooted, as soon as I connected to the internet it came right back  ,I don't think that's a good sign.

[mudmanc4]

Ive checked xp home xp pro, and briefly looked in linux suse, although theres no .exe files in suse, I found nothing similar.

[ghostmaster]

If it's in the Prefetch directory, it must be something that you installed, or "contracted" from the internet.  Try running the file through command line and see if it has any options.  like C:NVCR32.exe /? or something like that.  It may be a legit service, then again it may be spyware.  I hate restore points, when Im running virus scans or spyware scans on our employee's computers when they have a problem, a lot of spyware programs put exe files in the restore point directories.

You could try a netstat -a command and see if it tells you where it is connecting to, and then try to find out who that ip address belongs to.

[ArcticWolf]

Yeah it's trying to go to a site called http://link.sp4m.info  at Local address:"Localhost:any"... and if I let it go through my firewall it tries to open up a udp to all different ip #'s which get blocked.

[ghostmaster]

make sure you have universal plug n play turned off.  Esp on your router if it allows to you to change that setting.

[disturbed]

....to me it sounds like its one of those nvidia's processes - ....most of them start with nv

[disturbed]

do you have an nvidia motherboard ? graphics card ?

[ghostmaster]

Could be made to look like an NVIDIA process.  But I don't know of any that would be trying to connect to a site like that.....

[FallowEarth]

You could try a netstat -a command and see if it tells you where it is connecting to, and then try to find out who that ip address belongs to.

try netstat -ano.  This allows you to correlate the IP address and port to the process by the PID.  Just make PID visible in the task manager and you're game.

[ghostmaster]

Ah forgot about that one.....

[peepnklown]

You

[ArcticWolf]

You

[ArcticWolf]

I finally got rid of that dang file...talk about a pain... but now everything is great YEY!!! for me.