Dani, Please help. I only just joined so I do not know whether this issue has been raised in the past.

On our server (Citrix) is a prog that starts when we boot up. Spybot asks the question whether it is neccessary to run at startup....
What is it???. It does not look familiar to me...

Can you shed light on the matter?

The full path the spybot is finding is.

Located: HK_LM:Run, ping36w
command: "C:\Program Files\Common Files\Microsoft Shared\pse6\rnappp6.exe"
file: C:\Program Files\Common Files\Microsoft Shared\pse6\rnappp6.exe
size: 61440
MD5: 71a38482fdcff27255130d3191036b7b


Recommended Answers

All 6 Replies

Hi Tobes, welcome to DaniWeb :D

To find out more about the file, go to the file itself, right-click on it, choose Properties, and get whatever info you can on it (Company, Version, date created, etc.); include this information with your next reply.

Follow the recommendations and instructions in the links below to help protect your PC, and start the cleanup process.

After you've done that, please post a HijackThis log in this thread for futher instructions.

By the way, this problem has been brought up before, but the user never posted again after the initial post -- http://www.daniweb.com/techtalkforums/showthread.php?t=23328&highlight=rnappp6.exe


Thanks... "surprisingly" there is virtually no info...

File Version:
Description: RNAPPP Application
Copyright 1996-2003

And that is it.

No Company name, Internal name, Product Name...

So what is the best approach now?

Hi Swatkat,

Thanks for your advice. I scanned the file and this is the log;
File: rnappp6.exe Status:
POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database) MD5 71a38482fdcff27255130d3191036b7b Packers detected:
Scanner results
AntiVir Found Heuristic/Backdoor.Generic (probable variant)
ArcaVir Found nothing
Avast Found nothing
AVGAntivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

As to your question about "Pearl". Yes we did trial Pearl some time ago, but we never purchased it once expiry came up.

I guess I can disable the HK entry without any adverse consequences?.

Once again thanks.
Ps: Jotti is a great tool!!!! :mrgreen:

No need to worry about the AntiVir's Heuristic warning. AntiVir's Heuristic detection is pretty sensitive! That file is mostly related to Pearl. Since Pearl is no longer present, you can disable it.

Cheers matie

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.