Jump to content
Sign in to follow this  
JenniferMurphy

Error opening file "\IRKXV\FNOQVZMI.dat"

Recommended Posts

JenniferMurphy

I installed AutoIt some time ago, but haven't gotten around to learning to use it yet. Just now, when I started up my laptop (Win XP Pro), I got the error message in the attached screen shot.

What does this mean?

Do I need to do anything?

Thanks

post-81840-0-79486100-1384395592_thumb.j


I am using Office 2007 on Windows XP.

Share this post


Link to post
Share on other sites
BrewManNH

Looks like you've gotten a virus or some sort of malware trying to execute when you start up. Clear out the Temp folder under your user name, and what appears to also be the Administrator accounts profile. Also, check your StartUp folder in the start menu to see if anything is running from there.

Your AV probably deleted part of the problem, and the program can't find its data file.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites
JenniferMurphy

Looks like you've gotten a virus or some sort of malware trying to execute when you start up. Clear out the Temp folder under your user name, and what appears to also be the Administrator accounts profile. Also, check your StartUp folder in the start menu to see if anything is running from there.

Your AV probably deleted part of the problem, and the program can't find its data file.

Are you saying that this message is not from or related to AutoIt?

Which Temp folder do you mean? I run as Administrator. Is it C:Documents and SettingsAdministratortemp? If so, it's empty.

Re: StartUp: If you mean Start | Programs | Startup, it's empty. This is odd, because I do have a number of apps that run at start up, including Carbonite, RoboForm, AVG, Malwarebytes, and at least one printer/scanner driver.


I am using Office 2007 on Windows XP.

Share this post


Link to post
Share on other sites
kylomas

Jennifer,

The error message is being issued from an AutoIT program, not AutoIT itself. I would download a program call "autoruns". It is part of the SysInternals Suite from MS. This program will detect everything that your system will try to start at startup. The program also allows you to stop programs and benchmark a startup profile.

Does your AV log show anything suspicious?

Can you tell when the problem started?

Have you scanned your PC with SpyBot or MalwareBytes?

Do you use a junk file cleaner like CCleaner?

kylomas


Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites
JenniferMurphy

Jennifer,

The error message is being issued from an AutoIT program, not AutoIT itself. I would download a program call "autoruns". It is part of the SysInternals Suite from MS. This program will detect everything that your system will try to start at startup. The program also allows you to stop programs and benchmark a startup profile.

Are you saying that the malware is running an AutoIt script? That would seem to indicate that if I didn't have AutoIt installed, that particular malware wouldn't work, Right?

How can I tell if I already have Autoruns installed? I did a hard disk search for "autoruns" (no extension) and got no hits.

Assuming I don't have it, I did an Internet search and found a bunch of websites offering downloads of Autoruns. I grabbed the one from http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx.

I unzipped it and ran it. With the Everything tab selected, I get something like 300 entries. I can't have that many programs running on startup.

Clicking on the Logon tab, I get just the first two headings:

  • HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun (16 entries)
  • HKLMSOFTWAREMicrosoftActive SetupInstalled Components (3 entries)

See attached screen shot.

The first heading has 16 entries. I recognize most of them:

  1. Acronis: I think I can disable or delete this one. I haven't used Acronis for years.
  2. Adobe ARM. What does this do? I do have Acrobat.
  3. APSDaemon. What does this do?
  4. AVG_UI. I assume I need this for AVG.
  5. Carbonite Backup. I do use Carbonite, so I assume i need this one.
  6. ControlCenter2.0.
  7. EEventManager. I have an Epson multifunction printer/scanner, so I assume I need these three.
  8. FUFAXRCV. I don't the the fax feature, but I don't know if I still need this one.
  9. FUFAXSTM. I don't the the fax feature, but I don't know if I still need this one.
  10. ISUSPM Staryup. I assume I need this one.
  11. iTunesHelper. I assume I need this one.
  12. QuickTime Task.I assume I need this one.
  13. SetDefPrt.I have replaced the Brother Printer, so I should be able to disable this one, right?
  14. Sigmetelsys Trayapp. I don't know what this is.
  15. SynTPEnh. I think I need this for the touchpad.
  16. TkBellExe. ???

In the second heading, the first 2 are for Outlook, but the third looks odd. Could this be the malware remnant?

post-81840-0-82410600-1384413973_thumb.j


I am using Office 2007 on Windows XP.

Share this post


Link to post
Share on other sites
JenniferMurphy

Does your AV log show anything suspicious?

Can you tell when the problem started?

Have you scanned your PC with SpyBot or MalwareBytes?

Do you use a junk file cleaner like CCleaner?

kylomas

The AVG log doesn't show anything, or maybe I don't know where to look.

The problem just started this afternoon.

I ran a full AVG scan. It found 4 "moderate" risks and disabled them. I then rebooted and the error did not occur.

I am now about 75% of the way through a MalwareBytes scan. So far it has found 2 objects.

I think I used to have CCleaner, but I was always afraid to delete the files it found. I never knew what was important and what wasn't. Is there a reliable way to tell?


I am using Office 2007 on Windows XP.

Share this post


Link to post
Share on other sites
BrewManNH

The program doesn't require AutoIt to be installed to run itself, it's probably a compiled script that was written in AutoIt.

The last entry on that screenshot, the n/a one can be safely deleted, that's probably the source of the issue. BTW, if you see any programs that aren't run from the standard locations (Program Files, Windows, etc.) those are the ones you should check first. Unless it is from Google, because Chrome tends to install itself wherever the user has access rights to regardless of security settings.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×