Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

COSetup - NEW Unknown folders on XP Pro WS


  • Please log in to reply

#1
jpleau

jpleau

    Member

  • Member
  • PipPip
  • 15 posts
When my user accessed his files this morning he found several new file folders. They are #'d similar to: ae8e0ee8c67f733ce10d15f7cf44f3. Inside this folder is a folder entitled "update" and inside that folder is a log file. The log file reads; "CoSetup: Entering
CoSetup: Leaving".

Since it is April Fool's Day and Conficker is highly anticipated, my user (the CEO!) is quite concerned. Does anyone know what this file is?

TIA,

Jill
  • 0

Advertisements


#2
123Runner

123Runner

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,308 posts
Welcome,

I have found referance to 2 different programs associated with "CoSetup.exe".

If you are using CyberMatrix Office, then the reports come up clean.
CoSetup is the executable for CyberMatrix Office.
Antivirus reports on CyberMatrix Office
What CyberMatrix Office Is
What McAfee Site Advisor Says

The next one I found on CoSetup.exe states it is CT-Net Complete Optimizer 1.0 (cosetup.exe).

CT-Net Complete Optimizer 1.0 (cosetup.exe) was downloaded & scanned by our team, against different types of malwares (like viruses, spyware, trojans, backdoors and others) and found INFECTED with:
Trojan.Generic.75456
MD5 Checksum: c97ea2c6eb568c18657d13a07c6d6256 (what's this)
NOTE: We rescan the software, on every release, and we can change the status.


  • 0

#3
jpleau

jpleau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
So if we do not use CyberMatrix == then we can consider this a trojan?

I have scanned with Trend Micro that was updated this morning, but found nothing.

Any advice on how to proceed?

Thanks,

Jill
  • 0

#4
sari

sari

    GeekU Admin

  • Administrator
  • 20,959 posts
  • MVP
Jill,

Is there a program called CT-Net Optimizer installed? If there is, it appears to be a program supposedly designed to clean the registry and boost performance. We strongly advise staying away from such programs, as they are more likely to do harm than good. In addition, this particular program seems to be available from a lot of warez and torrent sites, meaning that if it was downloaded from the wrong site, there would be a good possibility that it is infected with something, as those are common sources for infection. It does not necessarily mean that this is a trojan. However, you're saying that this is a log file - it most likely would contain information pertaining to updates, not an actual executable. If this program is installed, there would most likely be a program folder for it, and that is where any executable files would likely be found, and those are the files that should be scanned.

Do you have an IT department? If so, they should be the ones to investigate this. I would recommend that they look for the existence of the above-mentioned program and remove it if it exists, as I see nothing at all to recommend it from my research. It would be their job to determine what course of action they wish to take; we are really here to provide free help and support to home users, not to replace your IT department.
  • 0

#5
jpleau

jpleau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks for the input. I AM the IT Department. Local consultants thought it was a MS Update issue. I will look into it. Sorry I didn't know that everyone wasn't welcome to ask questions. I have been using this site for quite a long time.

Thanks again,

Jill
  • 0

#6
sari

sari

    GeekU Admin

  • Administrator
  • 20,959 posts
  • MVP
Jill, since you are the IT department, that's fine - we'll help you figure it out. I just wanted to make sure you didn't have an IT department that should be doing this for you. As a one person IT department myself, I know it can be challenging. :)

I don't think it's MS updates, based on my research - evrything pointed to the program I listed. I've seen updates within that kind of randomly-named folder before, but MS updates are usually recognizable. Have you checked for the presence of that program? If it's not there, we'll have to do a little more digging. I know 123runner has done some research as well, so he may have additional suggestions.
  • 0

#7
jpleau

jpleau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I spoke with my CEO and he does have a registry cleaner installed; AND he had run it the evening before this occurred. I will check which registry cleaner he has and get back to you.

Thanks,

Jill
  • 0

#8
sari

sari

    GeekU Admin

  • Administrator
  • 20,959 posts
  • MVP
:)

You might also want to tell him that registry cleaners are not a good idea at all - they do nothing to improve system performance, and he runs the very real risk of having it break the registry to the point that the PC is no longer bootable. We have a policy here to stay away from registry cleaners for that reason.
  • 0

#9
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
FYI windows updates are GENERALLY hidden files and they all start with $kbxxxxxxxxx (where the x's are numbers)
  • 0

#10
123Runner

123Runner

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,308 posts
The only 2 programs associated with the "CoSetup.exe" were the ones I listed. Cybermatrix office and CT Net optimiser. There could be others but google and yahoo only gave me those.

As already stated, a registry cleaner could wreck havoc on the computer. Especially being run automatically. We do not recommend them.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP