?
Solved

arcldr.exe arcsetup.exe issues, virus?

Posted on 2007-07-21
13
Medium Priority
?
3,256 Views
Last Modified: 2013-11-22
1. Compaq DL380G2, Win2K SP3, Recovery Console option installed

2. a virus scan reported Viking.lu infection in arcldr.exe and arcsetup.exe in c:\.

3. File info:

  arcldr.exe:
  242176 bytes in size
  created 12-7-99
  modified: 7-22-02
  File version:  1.0.0.0
  no other entry in properties page except this: Language: Chinese (PRC)

  arcsetup.exe:
  255488 bytes in size
  created:  12-7-99
  modified:  7-22-02
  File version:  1.0.0.0
  no other entry in properties page except this: Language: Chinese (PRC)

4. Versions in c:\WINNT\$NtServicePackUnistall$ show:

  arcldr.exe:
  148992 bytes in size
  created:  4-6-07 (when I ceated this system)
  modified:  12-7-99
  property info is not displayed as in versions above (?)

  arcsetup.exe:
  162816 bytes in size
  created:  4-6-07 (when I ceated this system)
  modified:  12-7-99
  property info is not displayed  (?)

5. Versions in c:\WINNT\ServicePackFiles\i386 show:

  arcldr.exe:
  150528 bytes in size
  created:  7-22-02
  modified:  7-22-02
  property info is not displayed  (?)

  arcsetup.exe:
  163840 bytes in size
  created:  7-22-02
  modified:  7-22-02
  property info is not displayed  (?)


I'm hesitant to have the virus scanner "fix" these two files.

Questions:

1. are the ones in c:\ valid?

2. If not, can I replace them directly?
0
Comment
Question by:art_boston
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 3

Expert Comment

by:RajendraDewani
ID: 19540083
These files are used when you activate the options "Windows Recovery Console" at boot time.
Microsoft Knowledge Base Article - 238359
Described in the technet site of Microsoft, search for "arcsetup.exe".
http://www.microsoft.com/technet/default.mspx


Differences Between Manual and Fast Repair in Windows
This includes the Ntldr, Ntdetect.com, Arcsetup.exe, and Arcldr.exe files that are used for booting various computers. The optional Ntbootdd.sys file is never checked.
http://support.microsoft.com/kb/238359

0
 
LVL 32

Expert Comment

by:r-k
ID: 19541766
Sounds like a false positive. To be on the safe side, submit these files to these two web sites:

 http://www.virustotal.com/
 http://virusscan.jotti.org/

They will scan against a variety of AV engines and let you know the results within a few minutes.
0
 

Author Comment

by:art_boston
ID: 19542724
1. Yes, I;m aware of the RC connection as I noted.

2. Yes, I'm aware of the repair options in Win2K but I've never initiated them and am afraid to do so on my main system in its now damaged state.

3. As there appeared a high chance that these files were infected I was leaning toward letting the AV program disinfect them. I first let it do so on other minor EXE files and examined the results. Indeed, the cleaned file was correct, in function and property data displayed. Reading up a bit, the virus simply attaches itself to the "front" of the real program, executing itself and displaying its property info.

I then applied the disinfection to these files and all is well.

However, it would still be worth knowing if I can simply copy these over from the service pack location or are they customized. Doing a file comparison of two copies of these correct files, from two systems, shows no differences. So, I am reasonably confident that a simple overwrite will work.

...and indeed it works. I tried it on another system with success.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 32

Expert Comment

by:r-k
ID: 19545433
I'm pretty sure the .exe files are not customized, so you can copy them over as you're thinking.
0
 
LVL 3

Expert Comment

by:RajendraDewani
ID: 19548283
i think removing to replacing this file should not make any difference
0
 

Author Comment

by:art_boston
ID: 19548313
As I noted in my last post:

...and indeed it works. I tried it on another system with success.
0
 
LVL 3

Expert Comment

by:RajendraDewani
ID: 19548370
yes overwrite will work
0
 

Author Comment

by:art_boston
ID: 19548458
OK, how do I end this thread now that I solved it myself.
0
 
LVL 32

Expert Comment

by:r-k
ID: 19548485
You can post a 0-point request in the Support area (link at upper-right corner of this page)
0
 
LVL 1

Accepted Solution

by:
Vee_Mod earned 0 total points
ID: 19581384
Closed, 125 points refunded.
Vee_Mod
Community Support Moderator
0
 
LVL 32

Expert Comment

by:r-k
ID: 19582858
Vee_Mod:

Thanks for the thought. I have no objection so long as the thread is saved and helps the next person.

I also highly recommend SP4.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question