Weird (rogue?) programs being picked up by ZoneAlarm

[CarolynP]

Hi, folks,

My computer has been acting very weird. Ultimately downloading htastop.exe has brought welcome stability, but before that ZoneAlarm picked up new programs on every restart -- usually four alpha characters (the first three lower-case) followed by ".exe". Only one or two of the programs were googleable, nor have they turned up in the Start Menu's "search" function.

Examples:
cviB.exe
cwjB.exe
fga2685.exe
ggeC.exe
gkfF.exe

and so on. Maybe 25 of these things are there. I've blocked and locked all of them (which is probably why each restart generated a new one). It hasn't happened since installing HTAStop, but if I have a rogue in the system I don't know whether it will outsmart HTAstop at some point. (I've run Norton and it's up to date.) Any idea what's going on?

Thanks,
CarolynP

 

[CarolynP]

... and what is "mdal.exe"? A few times recently (since installing htastop?) I've seen an error message that mdal.exe "failed to initialize properly" and the application would be terminated. Probably another symptom of the preceding post's maladies.

One more detail: the programs all have the same ugly icon, kind of round and grey with a green spot in the lower right. This icon also appeared in the Taskbar (clicking on it would generate the invitation to install the software) and I would always click "cancel," of course.

Thanks,
CarolynP

 

[franklin97355]

If you have virus software make sure it is up to date and force it to run a full scan of your computer.

 

[CarolynP]

Hi, Franklin,

Thanks, I did that. As far as I know Norton is up to date -- and have done a few downloads manually rather than auto-update just in case. I even tried it in Safe Mode scan, and everything showed up clean. (Yeah, right.) Some of these things are quite nasty in how they embed themselves.

I went ahead and deleted the "programs" that did show up in the "search" window, so hopefully that will clear up some things too. But this is all really strange.

But you said "force" it to run a full scan -- have I missed something?

Best,
Carolyn

Best,
Carolyn Artist

http://www.Proeber.com

Publisher

http://www.ArtCalendar.com

 

[franklin97355]

You sound like you know what to do. Some anti virus do realtime scanning by default and you have to tell them to do a complete scan. That is what I ment by force.

 

[Wullie]

Hi Carolyn,

Try running a scan online at

http://housecall.antivirus.com

Hope this helps Wullie

sales@freshlookdesign.co.uk

http://www.freshlookdesign.com

http://www.thomsonassociates.co.uk

The pessimist complains about the wind. The optimist expects it to change. The leader adjusts the sails. - John Maxwell

 

[CharlesEmmons]

It appears that you have caught the BugBear virus. It generates 4 letter .exe files (among others) and is very persistant. Please refer to the Symantec web page at

http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.removal.tool.html

Download the removal tool listed in the above web page and you should be OK.

You did not mention which version of WIndows you were running. If running ME or XP you will have to disable the restore function. (How to link is also included in the page)

Let us know how things turn out.

Charles

 

[toytanic]

Hi,

before everybuddy is getting afraid of that mdal.exe i can tell you that this is a file from Real Networks. It is the application handler for their software updates like real player or server ! So don't worry about !
hope to help all anxious people !

mike

 

[mickie]

Hey Mike,

Thanks for the lead on the mdal.exe problem (Realplayer) ,
but how about a lead or some info on how to eliminate the
cause ? Does this culprit make everything sluggish as I have
experienced lately ?


Thanks,

Mickie

 

[notrouble]

Hi Mickey
To put an end to the mdal.exe problem: try to stop the program from auto-updating by eliminating the tick mark for auto-update by under Tools/Preferences/Category: Auto-update.
It seems to work fine with me.

Martin