ping36w - rnappp6.exe

Question

tobes 0 Newbie Poster

18 Years Ago

Dani, Please help. I only just joined so I do not know whether this issue has been raised in the past.

On our server (Citrix) is a prog that starts when we boot up. Spybot asks the question whether it is neccessary to run at startup....
What is it???. It does not look familiar to me...

Can you shed light on the matter?

The full path the spybot is finding is.

Located: HK_LM:Run, ping36w
command: "C:\Program Files\Common Files\Microsoft Shared\pse6\rnappp6.exe"
file: C:\Program Files\Common Files\Microsoft Shared\pse6\rnappp6.exe
size: 61440
MD5: 71a38482fdcff27255130d3191036b7b

Tobes

windows-virus

3 Contributors
6 Replies
199 Views
1 Day Discussion Span
Latest Post 18 Years Ago Latest Post by tobes

All 6 Replies

dlh6213 27 Posting Maven

18 Years Ago

Hi Tobes, welcome to DaniWeb :D

To find out more about the file, go to the file itself, right-click on it, choose Properties, and get whatever info you can on it (Company, Version, date created, etc.); include this information with your next reply.

Follow the recommendations and instructions in the links below to help protect your PC, and start the cleanup process.

After you've done that, please post a HijackThis log in this thread for futher instructions.

By the way, this problem has been brought up before, but the user never posted again after the initial post -- http://www.daniweb.com/techtalkforums/showthread.php?t=23328&highlight=rnappp6.exe

swatkat 14 Practically a Master Poster

18 Years Ago

Hi,
You can scan that file at http://virusscan.jotti.org/
Upload the file at the above mentioned site and click "Submit" to scan the file. Post back the result of the scan.

But, i found this --> http://64.233.179.104/search?q=cache:Kjw59chkMMYJ:www.pearlsw.com/support/kbase/echo6/kbpe6001.html+rnappp6.exe&hl=en

Do you have any software named Pearl Employee Internet Monitoring Software ?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

tobes 0 Newbie Poster · Answer 1 · 2005-08-17T00:24:43+00:00

Dani,

Thanks... "surprisingly" there is virtually no info...

File Version: 6.0.2.3
Description: RNAPPP Application
Copyright 1996-2003

And that is it.

No Company name, Internal name, Product Name...

So what is the best approach now?

tobes 0 Newbie Poster · Answer 2 · 2005-08-17T14:38:57+00:00

Hi Swatkat,

Thanks for your advice. I scanned the file and this is the log;
File: rnappp6.exe Status:
POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database) MD5 71a38482fdcff27255130d3191036b7b Packers detected:
-
Scanner results
AntiVir Found Heuristic/Backdoor.Generic (probable variant)
ArcaVir Found nothing
Avast Found nothing
AVGAntivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

As to your question about "Pearl". Yes we did trial Pearl some time ago, but we never purchased it once expiry came up.

I guess I can disable the HK entry without any adverse consequences?.

Once again thanks.
Ps: Jotti is a great tool!!!! :mrgreen:

swatkat 14 Practically a Master Poster · Answer 3 · 2005-08-18T03:27:08+00:00

Hi,
No need to worry about the AntiVir's Heuristic warning. AntiVir's Heuristic detection is pretty sensitive! That file is mostly related to Pearl. Since Pearl is no longer present, you can disable it.

tobes 0 Newbie Poster · Answer 4 · 2005-08-18T05:46:58+00:00

tobes 0 Newbie Poster

18 Years Ago

Cheers matie

ping36w - rnappp6.exe

Recommended Answers Collapse Answers

All 6 Replies

Recommended Answers