Desktop·25,124 discussions

GLB1A2B EXE

Locked

found this in the temp folder not temporary internet folder…what is it for? Did a search and found maybe a virus and may not…any ideas??

Topic

check this link

In reply to GLB1A2B EXE

http://forums.zonelabs.com/zonelabs/board/message?board.id=security&message.id=3590

Problem with this web link

In reply to check this link

I checked this web link on 07/23/2004, and
it was not valid.

malware – GLB1A2B EXE

In reply to GLB1A2B EXE

You don’t want it. It’s a disaster to remove. It reinstalls things you don’t want on your PC.

You have to take really serious action to get rid of VCOM, PMXY2, Sexcams, and dozens of other registry keys to shift it. Adaware and Spybot can’t shift it. Let me know if you can’t sort it and I’ll help but it’s taken me two days and I’m still not sure if I got rid of it. It comes from gmsoft I think but I’m still dizzy from trying to fix it.

chris

Possible Solution

In reply to GLB1A2B EXE

Have begun to encounter this #$@& on customer computers a few weeks ago.

Apparently launching IE triggers a process that downloads glb1a2b.exe into the XP users c:\documents and settings\username\local settings\temporary internet files folder.

This may be a solution:

Create a file called glb1a2b.txt in the c:\documents and settings\username\local settings\temporary internet files folder

Rename it to glb1a2b.exe. Apparently the bug thinks the file exists and will not download it again.

So far so good.

Have encountered other file names as well.

-Rich

This *Thing* is killin me lol

In reply to Possible Solution

OK this GLB1A2B.EXE is killin me here, and I’m Elmer-Fudd-like with popgun in hand hunting it down but goin nowhere snicker.

Got Blackice (latest) which detected GLB1A2B.EXE *as it tried to initially access the internet* and naturally I chose “terminate (process” and that was that.

My initial guess, as I’d terminated the thing before it accessed the network, was that it hadn’t run, and as I ‘searched for the two files mentioned that it installs and Search didn’t find them’ I then thought that perhaps that might confirm that GLB1A2B.EXE hadn’t run *and* hadn’t installed any rougue files on the pc yet (the two files that were searched for and not found were: MTX_.EXE and IE_PACK.EXE , and I run a two-month-old up-to-the-minute updated {all progs and windows daily at boot up and many times frequently during the day just to be sure, as I have a cable modem} XP Home machine with plenty of security).

Still, because I’m ‘patho’ about security I went as one post suggested to the free scanner at mcafee online (which the poster referred to as the ‘only one identifying this rogue they knew of to date).

When I did so, as the poster also suggested LOL as I clicked on the register (for the scan) page SUBMIT

>>>IE6.0 SP1 latest crashed (which poster reported IE4.0 – 5.0 crashed),

then I tried

>>>Netscape 7.1 latest (which poster said he hadn’t tested by the time of his post) which I got referred to an error page from McAfee which said (paraph) “nuh uh uhhhhhhhhh gotta be IE 5.0+ try again using IE” so Netscape is out lol

>>>Went to Symantec online scanner, which another google search byte pulled up and when I tried it in IE 6.0 latest I got the error (paraph) “nuh uh uhhhhhhh must be updated IE to 5.0+ please update and try again” lol

So, Here I sit.

Currently Conditions (2 files found):

GLB1A2B.EXE
found in the folder mentioned above, C:\Documents and Settings\hh\Local Settings\Temp (hh is current user)

and
GLB1A2B.EXE-3781414F.pf
located at: C:\WINDOWS\Prefetch

I hesitated to do the following (until):

I tend to not want to reboot until I get some clue about what *not* to do next…it’s obvious something’s already adjusted something in my IE (who’s settings are set to MEDIUM security and all Active X configs are double checked and at default levels for MEDIUM and in-sync with what Symantec says will work on their site) – therefore *something* was initiated even though I terminated GLB1A2B.EXE’s accessing the network. What can I do pre-reboot that won’t make it worse or beyond a third-party software from finding all damaged files and fixing them?

and
I tend not to try the “create GLB1A2B.txt file in same directory as GLB1A2B.EXE is found, then rename the TXT file to EXE file and it fools something *evil* into not being effective, until I’m certain there’s no known scanner in the world off the shelf or online right this minute that will identify and *fix* the culprit, because if I do something to change an attribute that a scanner will be using to *identify* that I’m infected, then it seems to me a scanner would perhaps miss it and I’d be left with bits and pieces of corrupted-or-worm files and I’ll never be free free free lol. Does that rename/overwrite trick just trick the original file from running *again* or does that stop the infection before it even begins?

Appreciate any comments on it, I hesitate to even log off until I have more of a feeling on it. I run EZAntiVirus (Computer Associates Intl) and it finds nothing, as I sit here and stare at the file sitting there.

Think I can just delete both the Prefetch file and the Temp file before rebooting and be done with the thing ? And if it was stopped in it’s tracks before running, is it logical to assume it was either BlackIce (latest) or perhaps a Windows/IE hotfix that stopped it ?

It’d *sure* be nice to identify what stopped it from running instantly, if anything did, for future reference.

And also, if as it says on google this particular malady was identified August of 2000, why is nothing identifying it in the scanners except for McAfee and Symantec still what some four years later ?

Thanks for any insight.

Nothing new to add

In reply to This *Thing* is killin me lol

Sorry, nothing new to add. Have found that the exectuable is downloaded again and have not been able to stop it.

I repair computers in my shop…returned this box to the customer…will reinstall windows later…unless I can find a solution….

thanks for reply-but no answers yet here

In reply to Nothing new to add

Hi Rich-thanks for responding, I was hoping though to hear that rename/overwrite trick perhaps at least broke the chain where it couldn’t do any more harm.

I’m still working on it here, and the drag on this mouse is driving me up the wall for hours now, I can feel the *irk* ! I’ve exhausted google to where my eyes are blurry…

>>>found 9 items (6 rougue programs) suspect through using Pest Patrol online, but the online version doesn’t remove them – and some are quite extensive to do manually – unless I buy Pest Patrol for $50 then it’ll remove them.

In my experience though, I keep buying this stuff, and one rogue infection is found by two and not seen by all the others and every time it’s a different ‘expert program’ and as I sit here looking at these pretty pretty boxes on the wall here above me of all this fancy stuff I paid loads for that ‘isn’t’ identifying these things (some of these bad-files Pest Patrol found are rather old), I’m asking myself ‘Do I want to get yet another ‘expert program’ and spend $50 on yet another *one time fix*, where next time some other ‘expert-purchase’ is needed. It doesn’t seem practical to keep spending like that. (snicker – what do these companies do, trade off ‘fixes’ so that at each new virus one of them is guaranteed a sale? lol it’s crackin me up. These things are *old* news and should easily be in brand new boxed security products -and why didn’t my brand-new-symantec get the last one (two years old downloader) – that’s the reason I went to EZAntivirus not a month ago !

At least Pest Patrol identified them by name *and* by location. That’s something the others (no matter what I paid them) didn’t do.

Hopefully I’ll come up with something. Apparently part of my problem here, is what I suspected, I run various things that stop PARTIAL install’s (or stop installs just seconds later which seems to allow partial installs to commense and install crud-ware partially, which of itself is enough sometimes to disrupt use of the box – and because only ‘part’ of the bad-files actually exist in my computer, when it’s scanned apparently some scanners don’t look for ‘all’ possible files they just look for the primary bad-files, and if so they miss what I have sitting here.

But my gosh, what’s the answer to that? Slowing down my DOWNLOAD speed to a creep so that my BlackIce can stop it in time ? Or is it better to let the full bad guys in so the scanners find them (eek)?

Seems like these security companies need to get a better way of *collecting* computer examples of this stuff real time from a huge base of voluntary users, instead of just collecting them from 20 computers sitting in some lab somewhere. Maybe then they’d actually have fixes for two year old maladies in their definitions.

Sorry, but after 8 hours of reading google, I’m pretty down on all this pretty pretty expensive useless boxed software I got up on the wall. Makes for colorful decoration, but not much else use today :\ < this is me irked LWS LWS

p.s. Addendum to My Post

In reply to thanks for reply-but no answers yet here

p.s. Addendum to My Post there-

This is a three month old machine here, straight out of the manufacturers box, so these things hanging out in this harddrive were received by me *new* three months ago or sooner… and I powered up the first time with top rate stuff installed…

so really, shame shame on whatever vulnerability (MS says ‘there are none’ wink) or false promise (we’ll block out all adware real-time from entering) that some company made or sold me, that allowed trashware from two years ago to seep into my system. shame shame shaking head.

And crossing arms, I’m gonna go have a Cherry coke and stew 🙂

There’s gotta be an answer.

LWS

Be careful with PestPatrol/PestScan

In reply to thanks for reply-but no answers yet here

I ran pestscan.com’s scan.

It found xxxtoolbar.com.

It provided complicated instructions for removal, so I did a little homework before attempting pestscan/pestpatrol’s removal practice.

It turned out that pestscan was tagging a SpywareBlaster (a good spyware blocker program)entry.

How I handle these type of programs

In reply to thanks for reply-but no answers yet here

Ive dealt with about 10 different PC’s that have had this type of stuff on them. Ive been able to defeat every one using the following general procedures.

(one user compained his PC was so slow as to be unuseable. Tok 15 minutes to boot because he had 78 different spyware programs running!)

ok, ive heard AD-Aware is good, but I use Spy-sweeper from Webroot.com Free download if you dont subscribe to updates. Be sure to chose update when you install if you can.

Run spy sweeper, get rid of everything it finds.

Reboot into SAFE mode. This should stop most of any junk pgms left over from starting.

Run Spy sweeper again to double check for any items it missed.

Delete all files from any temp directories, including C:\temp, C:\windows\temp,
c:\documents and settings\username\local settings\temporary internet files folder.

Before you open Internet Explorer, use control panel\internet to check the default home page and make sure its not going to some rogue website.
Clear your internet temp files here. I clear all cookies as well, be be warned you may lose cached passwords to some websites.

I suggest the user consider using the free, open source Mozilla Foxfire browser instead of IE, as it does not run activeX, wich is the major culprit in getting these programs installed. There are a few cons, but thats another topic of discussion.

Regardless, aat this point you must tightem up IE security. On the IE Security tab, reset the internet zone security to HIGH. Now the user will have to explicitly add web domains to the trusted sites list to allow scripting and activex to run on their PC. Do the same for cookies, set to high (not block all) and the user will have to explictly allow a web domain to send cookies.

This is an inconvenience for many users, but it the one way to control what web sites get access to your PC.

At this point I run regedit and check the run keys for any programs which should not be there. There are several good web sites which identify by object name any programs you find in the RUN keys to help you identify if they are needed or not. Just google for the program name and you should hit upon one of these sites, then bookmark it.

Optionally, the final place to check is the folder C:\Windows\downloaded program files. This folder contains controls and programs which are plug-in type programs for IE. If you dont know what it is, you can probably delete it, it will just have to be downloaded again when you need it.

Now you can reboot again into normal mode, and you should be clean.

If you use windows update, or the auto download options from Microsoft to update security patches, at least once a week, you should be ok going forward.

And of course keep your anti-virus updated.

– Dan

How I handle.. Correction

In reply to How I handle these type of programs

I mentioned checking C:\Windows\downloaded program files. I meant to say c:\windows\prefetch folder.
Delete everything in this folder.

Ad-aware 6 & GLB1A2B

In reply to This *Thing* is killin me lol

OS: XP Home, latest patches.
I have Ad-aware 6 with latest reference files.

GLB1A2B.EXE (and _iu14D2N.tmp)kept showing up.
I launch Ad-aware from the QuickLaunch bar.

I did a properties & found that the Target was set to
“D:\Program Files\Ad-aware 6\UNWISE.EXE” /W1 “D:\Program Files\Ad-aware 6\INSTALL.LOG”

I changed it t”D:\Program Files\Ad-aware.exe”

and GLB1A2B (and _iu14D2N.tmp) no longer shows up in Temp.

I never found MTX_.EXE, IE_PACK.EXE, or WININIT.INI, although there was an entry in my HJT log.

To Clarify Ad-aware – GLB1A2B link

In reply to Ad-aware 6 & GLB1A2B

I looked at the Properties of the Ad-aware icon on the Quick Launch toolbar (right-click). The Target was “D:\Program Files\Ad-aware 6\UNWISE.EXE” /W1 “D:\Program Files\Ad-aware 6\INSTALL.LOG”. Both UNWISE & INSTALL.LOG are legitimate (I think) files that ship with Ad-aware. When I launched Ad-aware from the Quick Launch toolbar, GLB1A2B immediately showed up in my c:\blah-blah…\Local Settings\Temp directory,
and the usual entry showed up in the HijackThis log. When I changed the target in the Properties window to “D:\Program Files\Ad-aware 6\Ad-aware.exe”*, GLB1A2B no longer showed up.

I’m pretty sure that the GLB1A2B was just the file UNWISE.EXE with a different name. Both files were of the same size, and when I examined their contents in Notepad, the human-readable strings in them were identical, including a string “WININIT.INI”, and another string “GLB” followed by some “%s”‘s, which could be how 1A2B gets appended. After doing a search on “UNWISE /W1”, I found that someone had the same target “problem”(?) with Ad-aware 5.6.

In summary, I am not sure if the GLB1A2B that was appearing on my computer was harmless or not. Four registry entries referring to “PendingFileRenameOperations” were found under KeysNotToRestore. I am sure that changing the target of the Ad-aware Quick Launch icon (in the Properties window) to “D:\Program Files\Ad-aware 6\Ad-aware.exe”* means that GLB1A2B no longer shows up in my Temp folder.

*In my original post, I inadvertently omitted the “Ad-aware 6” directory(folder) from the path to where Ad-aware lives.

As mentioned in my initial post, a local machine search, including hidden files and folders, never revealed the presence of MTX_.EXE, IE_PACK.EXE, or WININIT.INI.

I posted a question about GLB1A2B on the Ad-aware forums, without much luck: http://www.lavasoftsupport.com/index.php?showtopic=35897

There is one cryptic reference that mentions GLB1A2B and Ad-aware in the same post:
http://www.download.com/3302-8022-10214379.html

A search on “ZoneAlarm GLB1A2B” gets many hits. I no longer have ZoneAlarm’s free firewall installed, but I once did. I have since done a reformat and reinstall, so if it was a source, it should have gone away, although since I used NTBackup to recover my original settings, who knows?

To the best of my knowledge, my computer has never been infected.

Finally, any comments or suggestions would be appreciated.

Can anyone running XP Home reproduce the appearance of GLB1A2B with Quick Launch of Ad-aware target set to “wherever Ad-aware has been installed\UNWISE.EXE” /W1 “D:\Program Files\Ad-aware 6\INSTALL.LOG”.

GLB1A2B Hoax

In reply to To Clarify Ad-aware – GLB1A2B link

The more I think about it, the more I think the GLB1A2B issue is a hoax.

Traditional method

In reply to GLB1A2B Hoax

Have you tried the trad. method of updating your anti-virus def. files and run a full system scan? Here’s some tips:

1. Update virus def. files and run a full system scan first in normal mode, and then in safe mode.
2. If scan finds a virus and can not delete it, then see if find a removal tool on internet.
3. If you cannot find a removal tool, try deleting the file manually.
4. Also, delete all files in the Temp folder and Temporary Internet folder.
5. Download a registry cleaner and clean out your registry. Also, download a spy-sweeper and scan your system.

See if it helps!
Clive

Reply To: GLB1A2B EXE

In reply to To Clarify Ad-aware – GLB1A2B link

Try Adaware 6.0 build 181. Same link in quick launch, no such file present– unless I update adaware, then is present until I next run Disk Cleanup. Yes, this can indeed be a ZA leftover also.

As far as Unwise, the Wise Installer that comes with quite a bit of software on the market uses Unwise as its uninstall component.My adaware 6.0 build 181 uses, AFAIK, unwise.exe to dehook things– aka it is using an uninstaller rather than trying to use privs of user and a direct kill. That works better than trying brute force from app, although if wise and unwise are run prived as user, safest to run them in safe mode without networking, as admin for user if you have that set up. My adaware runs as admin user here.

Let Adaware hang, that glb1a2b.exe file is present, update it’s defs and that file is present. If you then let Adaware run at restart, it can kill things it cannot otherwise kill. Set it to run at startup, that is what it uses to run, it runs adaware with a wise UN installer ref. Windows accepts an uninstaller running at startup.

BTW, if you kill and remove unwise.exe, try killing software installed with it. won’t happen until you do so manually or reload the software over itself to get the unwise executable back.

Zone Alarm has used Wise Installer and Wise Uninstaller over the years also.

I’m working with XP Pro here, something very close to SP2 (SP2 RC2 was installed, then uninstalled, some interesting reg and security patch artifacts remain, but everything works).

Posted from the Linux box, using Mozilla 1.71. I do 90% of my surfing, absolutely all my emailling, from Linux.Yes, I do comprehensive virus scanning anyhow.

Re: To Clarify Ad-aware – GLB1A2B link

In reply to To Clarify Ad-aware – GLB1A2B link

ummagumma wrote:

“Can anyone running XP Home reproduce the appearance of GLB1A2B with Quick Launch of Ad-aware target set to “wherever Ad-aware has been installed\UNWISE.EXE” /W1 “D:\Program Files\Ad-aware 6\INSTALL.LOG”.”

Yes! It was just as you said ~ with UNWISE.EXE as the target, a new GLB1A2B appeared; when changed to Ad-aware.EXE, GLB1A2B did not reappear.

Thank you so much for solving this puzzle!

GLB1A2B EXE Installed by ZoneAlarm?

In reply to To Clarify Ad-aware – GLB1A2B link

SpyBouncer found this file as GLB1A2B.EXE-2179E8EB.pf installed in C:\WINDOWS\Prefetch.
Further investigation showed that it was installed at the same time ZoneAlarm update was installed. (By checking the time stamp in the time modified column, and then searching what else was installed on that day and at that time.)

Try this

In reply to This *Thing* is killin me lol

First, delete all temp files that you can, turn off system restore, delete all temp internet folders and cookies. Empty trash.

Restart in safe mode (F8 at boot) then you will be able to delete all temp and internet files as well as any other files the “malware” leaves behind.

Reply To: GLB1A2B EXE

In reply to This *Thing* is killin me lol

You’re on the right track. I also “had” some of these same types of bugs.
Turn OFF RESTORE, and RUN msconfig, boot the PC into safe mode.

Once in safe mode, you can delete these bugs. Also, delete everything in the Prefetch folder, along with the usual, Temps, Internet Temps, cookies, etc.

You should find funny looking executable file in the C:\Windows\System32 folder. You can delete these in safe mode. Also, if you’re comfortable, you might want to search the Registry and delete them there. They like to hide in the:
Local Machine key under Software\Microsoft\Windows\CurrentVersion

While still in safe mode and after deleting the above, run your normal spyware and popup cleaner software.
Don’t forget to turn back on the Restore switch and run MSConfig to remove the checkmark from booting to safe mode. Restart your PC and hopefully they’ll be gone.

I did this to my computer (WinXP PRO) and so far so good. Good Luck.

W95.MTX Virus Maybe

In reply to This *Thing* is killin me lol

Sounds like you have the W95.MTX virus. Symantec has a removal tool, but you will have to download it from another PC wince the virus prohibits access to anti-virus software web sites.

Not really a solution.

In reply to Possible Solution

Exarcutable lives in the uses temp folder, not temporary internet files as stated.

Turns out my solution does not work.

Process waits a few hours or few reboots before it reloads.

A tough nut to crack

In reply to GLB1A2B EXE

This could very well be part of the W95.MTX worm/virus. It can be removed manually, but is a real chore according to Symantec. Here is a link to their site on W95.MTX:

http://service1.symantec.com/sarc/sarc.nsf/html/pf/w95.mtx.html

I suggest you try the tool before attempting to manually remove it.

Good luck and please come back and let us know if you were able to get relief.

It’s not what you think

In reply to GLB1A2B EXE

Found this at another forum. Lavasoft’s forum

It’s a temporary installer file made by the Wise Installer installation package, which we, and many other companies, use to install software packages. The confusion probably stems from the fact that similar filenames are used by items we detect. But in the case of our installer, it’s only used to install Ad-Aware, and nothing more.

That was posted from a professional for Ad-Aware 6.0

GLB1A2B.EXE may be a mistargeted app.

In reply to It’s not what you think

Some say the Ad-aware application icon targeted an “unwise.exe” for that application when they checked the application’s icon properties.

In my case, I had an innocent printscreen application in my start-up menu. When I checked it’s properties, it too was targeting it’s “unwise.exe” uninstall program. When I corrected the target to it’s proper “.exe” file, the GLB1A2B.EXE file no longer appeared in my TEMP folder.

Bottom line, check your short cuts and start-up item’s file properties to make sure they’re targeting the right .exe file.

on a tangent …

In reply to GLB1A2B EXE

Hiya,
I’ve tried this on several machines XP machines & it appears to have worked …
* download spysweeper – http://www.webroot.com
and install – do not sweep yet
* Stop the recovery service
* make a list of associated DLL’s
* empty the c:\windows\prefetch folder
* remove the DLL’s from c:\windows\system32
\dllcache
* reboot the machine into safe-mode
* conduct Virus scan
* run spysweeper, ensuring that you conduct a
full sweep – removing all “adware / spys”
* reboot the machine and conduct another VS
* reboot, into normal operation, and log-in
as the administrator, re-enable the system
restore point
Problem should be solved

Empting the “prefetch folder” will not damage your system – although it will appear to be running slower whilst the system rebuilds the list of “commonly used programs”. Deleting the “layout.ini” file will not harm your system either – this is a corrolation of information obtained from the files within the “prefetch folder” to pipe information into “defrag”, allowing the “most commonly accessed” files will appear in a location upon the HD that can be accessed quickly.

Hopefully this helps a little – but I used this process to eradicate a virus from a system that had become infected, but the AV company had not released an updated DAT file to cope with the issue

Arf’s

More Information

In reply to GLB1A2B EXE

While googling, I found this information. Seems to answer a few of the questions submitted here…

http://forum.aumha.org/viewtopic.php?p=38715

Doesn’t appear to be malware

In reply to GLB1A2B EXE

I’ve checked Symantec, CA, CERT, Trend Micro, AVG, Panda, McAfee, WildList Index, & none of them have any info on glb1a2b.exe. Regardless of whether their scanners could stop it or eradicate it, I don’t think this many AV companies would not have any info on it by now. And no, I don’t believe in AV conspiracies.

My guess is it’s leftover from some other process & not a concern. Ignore it, reboot your PC’s, go on with your lives, unless you can 110% prove it’s malware. Don’t always believe everything you read on the net. Others may be just as nervous as you are.

This is just an Ad-Aware install file

In reply to GLB1A2B EXE

First search for GLB1A2B.EXE on your computer and if it is there, delete it and leave up the search window. Then go to Start>Programs>Lavasoft Ad-aware 6> then click “Uninstall Ad-aware 6” This will bring up the uninstall program with some choices on how you want to remove. Now go to the search window and search for the .exe in question and it will be there again. This is clearly just an install/uninstall file that gets created by unwise.exe. If you open up the .exe in question you can read the uninstall text that Ad-Aware uses. This is a non-issue.

A Non-issue?

In reply to This is just an Ad-Aware install file

To all those folks who think that your Ad-ware blithely installing anything on my computers without my leave and think it is a non-issue are doing drugs.

You have no idea how pissed off the world is at you. All this ad-ware, spy-ware and mal-ware costs me thousands of dollars a year in lost time and productivity, not to mention the high-frustration level in trying to deal with this crap.

GET A CLUE.

You’re missing the boat with that comment

In reply to A Non-issue?

You are doing a diservice to all who have contributed to this discussion. First, it’s been adequately proven that this is not spyware, malware, or any other infestation. It is a normal piece of software which is part of the installer/uninstaller for Adaware Ver. 6.0. You obviously missed the entire discussion as the product is ADAWARE, not Adware as in the various spyware, and other tracking vehicles that we all hate.

Perhaps if you had been using ADAWARE, it wouldn’t have cost you so much time and effort. Please look before you leap

No actualy Companies and Programers are missing the boat here.

In reply to You’re missing the boat with that comment

Basically it comes down to programers and companies being lax
and irresponsible.

In todays times with all the viruses and back doors either from
malicious mail or from irresponsible companies trying to track
ones movements across the Internet. The Anti virus companies
allow many of the ones from said irresponsible companies to
bypass many of the Anti virus software definitions as they state
that they are installing it to begin with etc.

Companies that install should remove all temp files used to
install after an install is completed …. PERIOD.
IT”S NOT that hard to do!!! They write the installers in the first
place!!! Leaving temp install files after an install eventually
wastes disk space and causes a lot of confusion for those trying
to track down Viruses or back doors that may have made it into
their environment.

It costs Companies in time and money when they have to have
their IT dept. track down something that may be on one or many
machines if something gets rampant in their network. It also
costs an individual the same time … maybe not as much money
and I don’t know about you but personally I have much more
pressing things to do than waste hours tracking down
something only to find that is a leftover from an install!!!!

Get with the program …. build your installers to delete the
temporary files after an install!!!

And as a side note for those building installers…. also build the
uninstallers to remove the remnants not only from the hard
drives but also from the registries!!!!

How many times have I run Norton’s one button check up or
Norton’s Win Doctor to find problems in the registries due to
remnants of uninstalled programs???

Again Lazy Programers and Companies …. Get with the
program!!!! Quit wasting our time.

Nothing to worry about

In reply to GLB1A2B EXE

The file in question is an uninstall program that ad aware uses. If you have ad aware installed on your pc then you will have glb1a2b.exe also.

w95.mtx

In reply to GLB1A2B EXE

HI The answer and hopefully a simple solution to this problewm can be found at this site http://securityresponse.symantec.com/avcenter/venc/data/w95.mtx.html

win95.mtx? I don’t think so

In reply to GLB1A2B EXE

Sorry about the last reply it was the result of a search and an answer that Symantec has on the page I poted on the last reply.
Upon running both Macaffee virus scan and the Symantec fixmtx.exe Neither found any viruses. I did a search if the registry and found no instances of this exe there. I deleted the file from My C:\windows\temp directory rebooted twice and my system is still running perfect with no corrupted files or such that would have resulted from this win95.mtx virus.
It’s still an enigma were this file came from but it doesn’t seem to have any effect on my Win 98 machine. Will check my WinXP machine next but it seems to be a non issue unless Spy Bot Search and Destroy immunized this machine from this exploit as I saw a flash in my taskbar one day that said “about:blank” and got scared and then downloaded Spy bot search and destroy, cw shredder and adaware and ran all three until my system was clean them used SB S&D to immunize.

C’mon, read the above

In reply to GLB1A2B EXE

Folks, this is a dead issue. It is, and has been proven to be a natural part of the Wise installer/uninstaller for AdAware. It is identical to, including date, size, file date and content, to their Unwise.exe file located in Adaware Ver. 6.0.

It does nothing and is not Adware, spyware, nor any other type of “ware’. It uses the temp file to properly format the uninstaller for accurate removal if you wish it later on. Tilting at windmills is fine but I’d suggest reading all the previous entries before creating more fury. God knows there’s enough of the real nasties out there without creating more panic on a benign temp file.

Reply To: GLB1A2B EXE

In reply to C’mon, read the above

A-men already!

Adaware Leftovers

In reply to GLB1A2B EXE

Heres a link worth reading.
http://www.help2go.com/postt8302.html

Aparently its left over from Adaware install.

Removed file

In reply to GLB1A2B EXE

Before you found this file did you remove Icon maker from your comp – cause there is a file which will delete itslef on restart called GLB1A2B.EXE
This I know because I have win patrol and detects any changes to your system. I use the free one and its worth having
TSK

GLB1A2B EXE

In reply to GLB1A2B EXE

This file went into my temp folder after uninstalling belarc advisor program.

[Author]

Replies