Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: NogysgN Application - What is it?


17 Feb 2012   #1

Windows 7 Professional 32bit SP1
 
 
NogysgN Application - What is it?

Hello! I was modifying my startup program list and noticed a .exe I've never seen before called NogysgN. The location on my machine is:

c:\ProgramData\YmrpslH\HntyfkP\NogsysgN.exe

It's differentiated from the rest of the items on the list for two reasons: 1) My primary drive is listed as a lowercase letter, unlike other program locations listed, and 2) Program locations are notated with parentheses ("C:\...\...\"), whereas this application is unmarked. The publisher for the program is listed as "Unknown."

Google searches yield zero results for "NogsysgN," which is surprising; in fact, it's the first time I've been unable to identify a process using Google as a starting point, lol. Whatever program this is, it was marked to boot on startup, so I've disabled it to be cautious and will run a full system security scan to see if Avast identifies it as anything I need to be aware of.

If anybody knows what this application is, or has this running on their Windows machines, please let me know and maybe we can work to identify this thing.

The red flags I'm getting are the facts that the program location formatting is odd, the path to the application is built from arbitrary strings, and it seems no one has posted about this anywhere before. All help offered is appreciated!

Best,

Alec

My System SpecsSystem Spec
.

17 Feb 2012   #2

Windows 7 x64 Ultimate
 
 

Those are very red flags, and the reason Google couldn't find it is that the file path and name are made of completely random letters that are chosen for you on install, which is the biggest red flag of all.

The contents of the file can only change so much so a malware or virus scanner should be able to detect it still...
My System SpecsSystem Spec
17 Feb 2012   #3

Windows 7 Professional 32bit SP1
 
 

Quote   Quote: Originally Posted by fseal View Post
The contents of the file can only change so much so a malware or virus scanner should be able to detect it still...
I would think so too, but Avast didn't locate anything on my system scan. I think I'll run Malwarebytes before I try and get in that directory. Thanks for confirming my paranoia, fseal
My System SpecsSystem Spec
.


17 Feb 2012   #4

Windows 7 x64 Ultimate
 
 

Hmm I just noticed that the executable is in the program data folder not the program files folder...

A /possible/ explanation is that it is the temp output of a down-loader program or something. The kind of thing that would be created, then when DL is complete moved and renamed. Though ususaly \temp or some other folder under the product name would normally be used...

I'd be tempted to load the program in a binary editor and look for strings that might identify it as something you meant to DL at one time...
My System SpecsSystem Spec
17 Feb 2012   #5

Windows 7 Professional 32bit SP1
 
 

Quote   Quote: Originally Posted by fseal View Post
A /possible/ explanation is that it is the temp output of a down-loader program or something. The kind of thing that would be created, then when DL is complete moved and renamed. Though ususaly \temp or some other folder under the product name would normally be used...

I'd be tempted to load the program in a binary editor and look for strings that might identify it as something you meant to DL at one time...
I've thought about the possibility of it being temp output, but kind of dismissed it for the reason you pointed out (that it's not stored in any kind of \temp folder) and also because it was enabled to boot on startup. Wouldn't that indicate some kind of need for repetitive functionality? When I check all of my running processes, nothing shows up that's unnecessary or out of the ordinary.

A good suggestion though, if my second system scan for malware doesn't come up with anything, I'll open it up in an editor and dig around. Thanks for the idea!
My System SpecsSystem Spec
17 Feb 2012   #6
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Upload the file in c:\ProgramData\YmrpslH\HntyfkP\NogsysgN.exe to Jotti and have it scanned for malware.
Jotti's malware scan
My System SpecsSystem Spec
17 Feb 2012   #7

Windows 7 Professional 32bit SP1
 
 

Quote   Quote: Originally Posted by Jacee View Post
Upload the file in c:\ProgramData\YmrpslH\HntyfkP\NogsysgN.exe to Jotti and have it scanned for malware.
Jotti's malware scan
Not familiar with that program, but if Malwarebytes doesn't catch anything, I'll definitely give it a shot, before I open it up in an editor, thanks for the tip, Jacee!
My System SpecsSystem Spec
17 Feb 2012   #8

Windows 7 x64 Ultimate
 
 

Ugh yeah, running a program out of the program data folder is also very suspicious. :/

You have removed it form the startup already right?
My System SpecsSystem Spec
17 Feb 2012   #9

Windows 7 Professional 32bit SP1
 
 

Quote   Quote: Originally Posted by fseal View Post
Ugh yeah, running a program out of the program data folder is also very suspicious. :/

You have removed it form the startup already right?
Lol, yeah, definitely removed it from startup right off the bat!
My System SpecsSystem Spec
17 Feb 2012   #10

Windows 7 Professional 32bit SP1
 
 

Okay, here are the results pulled up from a Malwarebytes' system scan:



While the precise location of NogsysgN.exe isn't listed here, the command location, HKCU\SOFTWARE\Windows\CurrentVersion\Run, the registry location of that third item in the list is pretty close. Going to get rid of these, run the path through Jotti's (on suggestion from Jacee) and see what happens after a reboot before trying to open in an editor.

Considering I run fairly regular system scans and don't visit too many suspicious websites (lol ), I'm surprised to see that at least three of these could have pretty nasty consequences. Unsurprisingly, I've never had any problems like this on my Linux machine.
My System SpecsSystem Spec
Reply

 NogysgN Application - What is it?




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:13 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33