Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows Vista

Notices

Reply
 
Topic Tools
  #1  
Old February 11th, 2008, 07:43 PM
beaverman beaverman is offline
Member
 
Join Date: Dec 2004
Posts: 43
Suspicious Task Scheduler entries

I went into my task scheduler to schedule my spyware to start up and there were seven tasks not scheduled by me. They all start with this string C:\Windows\system32\pcalua.exe
These are the arguments for each one.

-a E:\setup.exe -d E:\
-a C:\Windows\system32\javacpl.cpl -c Java
-a F:\netsetup.exe -d F:\
-a "C:\Users\(my name)\Desktop\DPInst32.EXE" -d "C:\Users\(my name)\Desktop"
-a "C:\Users\(my name)\Desktop\msj2.exe" -d "C:\Users\(my name)\Desktop"
-a "C:\Users\(my name)\Desktop\msj1.exe" -d "C:\Users\(my name)\Desktop"
-a "C:\Users\(my name)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\90F44Z3L\INTEL_NETWORK_CONNECTIO N_ID_TOOL_305[1].EXE" -d C:\Windows\system32

Where it says "my name" my own personal name appears.

I run Vista Home premium 32 bit.
I am not sure if these are spyware or some other malicious program. I have run Super anti spyware and Adaware. I have Norton internet security 2008 as my anti virus program.

Last edited by beaverman; February 11th, 2008 at 07:45 PM.
Reply With Quote


  #2  
Old February 11th, 2008, 07:49 PM
syklitengutt syklitengutt is offline
Member
 
Join Date: Oct 2004
Posts: 69
The files on desktop I really cant say why they are there.
Neither the setup.exe and netsetup.exe
Is these files existing in the places that are listed?

but the last one im not sure of.
This is supposed to be in temporary Internet files, and load in system.
Reply With Quote
  #3  
Old February 11th, 2008, 11:27 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Quote:
They all start with this string C:\Windows\system32\pcalua.exe
The above statement is the key. pcalua.exe is the Program Compatibility Assistant . Check out the FAQ's in the link for more information regarding the function of this file. If you google the filenames of the files concerned, you will see that they all have a legitimate source.
Reply With Quote
  #4  
Old February 12th, 2008, 03:08 AM
beaverman beaverman is offline
Member
 
Join Date: Dec 2004
Posts: 43
Thanx. I did Google them and some sites said it could be a spy. Glad to hear its not. Thanx again.
Reply With Quote
  #5  
Old February 12th, 2008, 03:22 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Yes that can happen. Malware do sometimes give their files the same names as legitimate files so you have to look at the entire filepath in context. They are all fine and you are welcome.
Reply With Quote
  #6  
Old March 22nd, 2009, 07:46 AM
airymic airymic is offline
New Member
 
Join Date: Mar 2009
O/S: Windows Vista
Location: San Diego
Posts: 2
Look at next scheduled time!!

If you read your scheduler, nothing appears under the column: "Next Run Time". "pcalua" is a procedure run by windows periodically for product registration purposes. Something suspicios occurs in your system and this process is triggered. Nothing to worry about,... unless maybe you have an illegal copy of windows.
Reply With Quote
  #7  
Old March 22nd, 2009, 08:07 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Quote:
pcalua" is a procedure run by windows periodically for product registration purposes.
That is not correct airymic. This file is the Program Compatibility Assistant and I have already posted a Microsoft link which outlines all it's functions.
Reply With Quote
  #8  
Old March 22nd, 2009, 08:50 AM
airymic airymic is offline
New Member
 
Join Date: Mar 2009
O/S: Windows Vista
Location: San Diego
Posts: 2
You're the expert. Guess I was fooled by the "HistoryTab" that said:

Information 109 Task triggered by registration

Product: Windows Operating System
ID: 109
Source: Microsoft-Windows-TaskScheduler
Version: 6.0
Symbolic Name: IMMEDIATE_TRIGGER
Message: Task Scheduler launched "%2" instance of task "%1" due to a registration trigger.
Reply With Quote
  #9  
Old March 22nd, 2009, 09:13 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
That means that the task is a registered task and has been triggered by predefined boundaries to perform an action. See Registration Trigger Example.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 07:43 AM.