|
Newbie here, What does this mean?Just to let you know I have just installed Norton Personal Firewall. Only seconds after opening IE a little not poppped up telling me that a program called save.exe is trying to access the internet. It says it has no virus. And here is the info I received from the WHOIS feature.
Registrant: SONDHI, GAYATRI (WHENU-DOM) 301 E 66TH ST APT 9D NEW YORK, NY 10021-6216 US
Domain Name: WHENU.COM
Administrative Contact: Nader, Avi (PMRVKVGHAI) anader@whenu.com
494 8th Ave New York, NY 10001 US 212-239-0000 212-239-4442 Technical Contact: Hostmaster, Pfmc (PH540) hostmaster@GLOBIX.NET Globix Corp. 139 Centre Street New York, NY 10013 US 212-334-8600 212-334-8603
Record expires on 22-Jul-2003. Record created on 22-Jul-1999. Database last updated on 10-Mar-2003 17:28:32 EST.
Domain servers in listed order:
Z1.NS.NYC1.GLOBIX.NET 209.10.66.55 Z1.NS.SJC1.GLOBIX.NET 209.10.34.55
What is this program and how did I get it? I am very green at all of this even though I have been reading the FAQ and the Security Forums here at DSLR. So please help me to figure this garbage out and what I should do in the future for this type of occurrence.
Thanks |
|
RayMahnahmahna Premium Member join:2001-04-02 85120 |
Ray
Premium Member
2003-Mar-10 5:56 pm
I did a quick Google for 'save.exe' and found this: » www.winpatrol.com/stats.html |
|
|
to glenn35
I cleaned this off a system the other day with SpyBot... They got it when a weather applet got download for the systray. More info: » Weather.exe,SaveUninst.exe,SaveNow... |
|
|
to Ray
Thanks for the quick response. But what should I do about that file? Should I delete it or what? Will it come back and how do I prevent it from coming back?
I have Ad blocking checked on NPF. Is that enough? |
|
|
Run SpyBot S&D to clean it off. |
|
|
to glenn35
I did a check on spychecker » www.spychecker.com/ for a program named (save) it came up with two hits both of them adware. I think it my be adware one of the two was a New York based ad company. You my if you don't already have one try ad remover software. Spybot or adaware. If it is adware either one of these programs should find it and be able to remove it. |
|
|
dolphinsClean Up Our Oceans Premium Member join:2001-08-22 Westville, NJ |
to LowWaterMark
said by LowWaterMark: I cleaned this off a system the other day with SpyBot... They got it when a weather applet got download for the systray. More info: »Weather.exe,SaveUninst.exe,SaveNow...
BTW, I had to manually delete that folder after using SpybotS&D and jv16 reg cleaner. So be sure you check for any bits & pieces left in your registry. |
|
|
BillPStudios to Ray
Anon
2003-Mar-10 6:30 pm
to Ray
Yup, according to the WinPatrol Plus database it's a popular one these days. --------------------------------------- We have found multiple references to a file named SAVE.EXE. Hopefully, the Properties for this file include a company name.
Save.exe from Adobe is a Plug-In for Pagemaker which enables you to collect all the files your service provider will need to output your publication. If you have this Save.exe you're ok.
However Save.exe from WhenU.com is not something you want. It's been referred to as Thiefware. It tracks your internet usage and relays the information to it's clients. If you notice you're suddenly getting a lot of popup-ads it's probably due to Save.exe.
What's worse is WhenU.com is able to steal referrals so if you purchase products online they'll get the affiliate money instead of the site that recommended or highlighted the product. |
|
|
to dolphins
OK I just DL Adaware and ran it. It shows 142 items. Several are registry entries. If I click "next" it says all 142 items will be removed. I suppose it is talking about the registry entries also. Will this screw up my computer? |
|
dolphinsClean Up Our Oceans Premium Member join:2001-08-22 Westville, NJ
|
dolphins
Premium Member
2003-Mar-10 6:38 pm
They're all nasties! Let Adaware delete them.
Jeeze, with all that gone you might notice change in your browser speed;) |
|
|
OK they have all been deleted. But just one Q. After I deleted them I closed and reopened IE and the save.exe tried again to access the internet. I closed everything and rebooted and does not seem to be active anymore.
The folder "save" which contains the save.exe is still on my computer and I tried to delete the whole folder. It says that save.exe is being used by another program or user and cannot be deleted. I have WinXP and am logged in with admin account. No one else is using the computer or logged on.
Whats up? |
|
|
said by glenn35: The folder "save" which contains the save.exe is still on my computer and I tried to delete the whole folder. It says that save.exe is being used by another program or user and cannot be deleted. I have WinXP and am logged in with admin account. No one else is using the computer or logged on.
Whats up?
Check the running processes in the task manager (Ctrl Alt Delete) - if you see save.exe running, kill it then deleted the folder. If it survived after a reboot, then maybe the key is still in the Startups. Check msconfig to see if it's listed in the startup tab. Technically, when I cleaned it off the other system, I had gone thru msconfig first, unchecked any bad startups, rebooted and than ran SpyBot for cleanup, so perhaps yours survived a clean by Ad-Aware. |
|
dolphinsClean Up Our Oceans Premium Member join:2001-08-22 Westville, NJ |
dolphins
Premium Member
2003-Mar-11 12:04 am
or restart in safe mode, then delete the folder. I suggest you get some realtime protection> » www.wilderssecurity.net/ ··· ter.html» www.wilderssecurity.com/ ··· ard.htmlAlso I would download> » spybot.safer-networking.de/ Nothing wrong with having both this and AdAware. Also if you want to keep track of your registry entries? Learn how to use this amazing tool> » www.vtoy.fi/jv16/shtml/j ··· ls.shtmlOut of all of these only SpywareGuard uses any resources (small amount) but IMO is well worth it! It has stopped some nasties from loading to my machine without my permission. Note: These programs are free but you can make a donation! |
|
|
to LowWaterMark
Thanks lowwatermark, and others that responded. I went to task manager and it was still running. I killed it and then deleted the folder and its contents.
Thanks again |
|
glenn35 |
OK I thought I was finished with this mess but I was looking thru the registry and found this entry. Should I delete it or what? |
|
BKayrac Premium Member join:2001-09-29 |
BKayrac
Premium Member
2003-Mar-11 5:11 pm
yeah if you delete that, that program won't run, don't want it to run at startup, delete it......might also want to delete real player one, i always found that thing to be pointless ....but up to you |
|
|
said by BKayrac: yeah if you delete that, that program won't run, don't want it to run at startup, delete it......might also want to delete real player one, i always found that thing to be pointless ....but up to you
Agree completely regarding the Save stuff (though, you already deleted the program and folder above). Plus, in addition to removing the RealPlayer, though you didn't ask, I'd also delete the QuickTime one. (Both RealPlayer and Quicktime work fine without taking resources away right from bootup.) |
|
BKayrac Premium Member join:2001-09-29 |
BKayrac
Premium Member
2003-Mar-11 6:45 pm
yes, quicktime also, didn't see it or else i would have mentioned it......both of them tend to take over and put lots of stuff.....and for me, it's lots of stuff places that i don't want it |
|