Jump to content
Sign in to follow this  
ArcticWolf

NVCR32.exe what is it?

Recommended Posts

I tried Google and could find nothing on it, but it tried to send info out from my computer,but I blocked it with my firewall...but it tried to send info every 5 seconds. It even says it's a 3rd party cookie trying to change something in one of my files. Any idea or help appreciated. BTW running Win XP Pro sp1

Share this post


Link to post
Share on other sites

See every 5 minutes or so I get this message from my firewall

Critical system object was changed.This may be a result of spyware activity. Outpost Firewall Pro Anti-Spyware can resotre the object to it's original default value.

Location Internet Explorer Third-Party Cookies

But when I choose to resotre it, it comes back about 5 minutes later.

Share this post


Link to post
Share on other sites

If it's in the Prefetch directory, it must be something that you installed, or "contracted" from the internet.  Try running the file through command line and see if it has any options.  like C:NVCR32.exe /? or something like that.  It may be a legit service, then again it may be spyware.  I hate restore points, when Im running virus scans or spyware scans on our employee's computers when they have a problem, a lot of spyware programs put exe files in the restore point directories.

You could try a netstat -a command and see if it tells you where it is connecting to, and then try to find out who that ip address belongs to.

Share this post


Link to post
Share on other sites

You could try a netstat -a command and see if it tells you where it is connecting to, and then try to find out who that ip address belongs to.

try netstat -ano.  This allows you to correlate the IP address and port to the process by the PID.  Just make PID visible in the task manager and you're game.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...