Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Security Breach or a Bug?

08 Dec 2010   #1

Windows 7 64 bit
Very Suspicious Activity....

Booted up my laptop, nothing suspicious to report, was going to upload a pic to a forum, when it was odd that it showed my system32 folder. I then noticed the folder I was looking for was moved to another folder..unless I may have did something that caused it to do that. That was the first thing I found odd though it may be completely unrelated.

Opened my task manager to see if there were any unusual programs running, for security purposes.

I stumbled upon a program I never heard of before: RICHVI~1.EXE

the root file was C:\PROGRA~1\CYBERL~1\SHARED~1\RICHVI~1.EXE

it was located in my system32 folder. I scanned it for malware and viruses, and it found nothing. I learned it was part of a program that I downloaded a few weeks ago for file conversions.

I restarted my laptop and now, that program cannot be found at all on my laptop as it was before. I didn't touch it. I did a google search and I saw posts about malware and viruses, so now I'm worried I have something on my computer...unless this was just a once in a lifetime bug since I don't notice the laptop going crazy

any ideas?

EDIT: security essentials just picked up and deleted TrojanDownloader:Java/OpenConnection.HZ. dunno how or where that got onto my laptop

root file is C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7ca58504-58b54d52->bpac/Bombapack.class (I've read somewhere that clearing the Java Cache would help)

NOW I'm unsure if the two are related, and how I can rectify this.

My System SpecsSystem Spec
08 Dec 2010   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1

RICHVI~1.EXE is part of RichVideo

Download ATF Cleaner Welcome to the Frontpage -
Click "Main" > check 'select all' (except prefetch) this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.
Next, go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.

Now scan with Malwarebytes' Anti-Malware:
download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.50 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
My System SpecsSystem Spec

 Security Breach or a Bug?

Thread Tools

Similar help and support threads
Thread Forum
Security breach on the Ubuntu Forums
I received an email about this.
Chillout Room
Security Breach??
Awoke this morning to my MS Outlook being shut down. Before going to bed, I did not shut it down. However, looking in the event logs, this is what I've found: Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:04.
Twitter Facebook Google+