/windows/system32/PDFCreatorMessages.exe?????

[Charles L. Cotton]

/windows/system32/PDFCreatorMessages.exe periodically appears in the system tray of my wife's Dell desktop running XP. This just started yesterday after SuperAntiSpyware detected and removed malware from her machine. I ran a Google search and got a lot of returns, but nothing to indicate whether it's a virus, malware, or something else. It is not a Windows system file is about all I know.

Has anyone else had this problem.

Chas.

[baldeagle]

Charles, did anyone install Jaws PDF Creator on that computer? http://www.file.net/process/pdfcreatormessages.exe.html" onclick="window.open(this.href);return false;
Or The Ultimate Troubleshooter? http://searchtasks.answersthatwork.com/ ... orMessages" onclick="window.open(this.href);return false;

[Charles L. Cotton]

Charles, did anyone install Jaws PDF Creator on that computer? http://www.file.net/process/pdfcreatormessages.exe.html" onclick="window.open(this.href);return false;
Or The Ultimate Troubleshooter? http://searchtasks.answersthatwork.com/ ... orMessages" onclick="window.open(this.href);return false;

Neither of those programs appear to have been loaded on her machine. She uses CutePDF Writer, as do I, but that has been on her machine for at least two years and this is a new "problem."

Chas.

[Charles L. Cotton]

There is absolutely no reason why a legitimate program would place itself in the system32 folder. This is most certainly malicious if this is in fact where the executable resides.

I would recommend having a professional clean the computer and ensure no other malware is present on it.

I just checked and it's there. It shows a creation date of 2004, but that could be bogus.

Chas.

[baldeagle]

There is absolutely no reason why a legitimate program would place itself in the system32 folder. This is most certainly malicious if this is in fact where the executable resides.

I would recommend having a professional clean the computer and ensure no other malware is present on it.

That's not entirely true. Poorly written commercial software often writes to the system32 directory rather than try to resolve permissions or pathing issues programmatically. This appears to be just such a software.

[baldeagle]

Charles, see if there is a C:\Program Files\Global Graphics\ folder or a C:\Program Files\JawsSystems folder. If so, their software got installed, likely as a bundled addon, when she installed something else - possibly new printer software or a fax program. http://www.jawspdf.com/support/faq.nsf/ ... r+Messages" onclick="window.open(this.href);return false;

[baldeagle]

There is absolutely no reason why a legitimate program would place itself in the system32 folder. This is most certainly malicious if this is in fact where the executable resides.

I would recommend having a professional clean the computer and ensure no other malware is present on it.

I just checked and it's there. It shows a creation date of 2004, but that could be bogus.

Chas.

That may be the correct creation date for that file. The date indicates when the file was actually created, not when it was copied to your machine. You can right click on the file and select Properties, and you may be able to see the name of the company that created the program. If you can, that's usually a sign that it is a "legitimate" program (as in not malware) although it could be a very poorly designed program.

One of the latest trends in software is to bundle other subsidiary applications. Often those other applications are pre-selected. If you don't pay attention during the install, the subsidiary apps will be installed as well. One "fine" example of this is Sun's Java installer. Every time you update Java it has a bundled program; often browser toolbars, that it will add in unless you deselect them during the install. I've seen machines at UTD with five browser toolbars installed!