what is this file?

  • jlknauff
  • Expert
  • Expert
  • User avatar
  • Posts: 502
  • Loc: Florida

Post 3+ Months Ago

Has anyone ever heard of a file called mstime.exe? Whenever I search with Google my firewall tells me it is trying to access the internet. Considering that MS is waaaaaay behind Google I'm wondering if they are trying to somehow get more infomation on what's going on with Google users. Any ideas?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • SecureITGroup
  • Proficient
  • Proficient
  • User avatar
  • Posts: 293

Post 3+ Months Ago

Have you tried to run a virus scan on that file?
  • SecureITGroup
  • Proficient
  • Proficient
  • User avatar
  • Posts: 293

Post 3+ Months Ago

Oh and run a spyware program. I recomend SpyBot Search & Distroy;)
  • Freakyp
  • Graduate
  • Graduate
  • User avatar
  • Posts: 210
  • Loc: M'boro. TN, USA

Post 3+ Months Ago

yah... I dont think there is a file in windows called 'mstime.exe' so yah as 'SecureITGroup' said its probly not a good thing.... good luck :wink:
  • jlknauff
  • Expert
  • Expert
  • User avatar
  • Posts: 502
  • Loc: Florida

Post 3+ Months Ago

I ran Spybot and came up with 11 entries. I had them fixed but everytime I rebot they are back. Any ideas?
  • Freakyp
  • Graduate
  • Graduate
  • User avatar
  • Posts: 210
  • Loc: M'boro. TN, USA

Post 3+ Months Ago

what are they?.. if you can get the names, try to find a patch for them on the microsft site, or your anti-virus zite...
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Are you sure it was mstime.exe and not mstime.dll?
  • jlknauff
  • Expert
  • Expert
  • User avatar
  • Posts: 502
  • Loc: Florida

Post 3+ Months Ago

yep. This is the message I get

C:\WINNT\system32\mstime.exe is trying to connect to search.requestlookup.net (206.58.237.248) using remote port 80 (HTTP - World Wide Web). Do you want to allow this program to access the network?

:roll:

Not good...
  • conorific
  • Proficient
  • Proficient
  • User avatar
  • Posts: 350
  • Loc: NY

Post 3+ Months Ago

That sounds like ZoneAlarm; is that what firewall you're using? I googled mstime.exe and found nothing but this post. How weird.
  • ShEDeViL
  • Graduate
  • Graduate
  • User avatar
  • Posts: 216

Post 3+ Months Ago

My guess is whatever it is, it's not a good thing. If I was you, I would put a .remove at the end of the file name so it will look something like "mstime.exe.remove" and see what happens. This way you're not deleting it if you find out that you really do need it for something, but if you don't, it should stop it from doing whatever it's doing.
  • conorific
  • Proficient
  • Proficient
  • User avatar
  • Posts: 350
  • Loc: NY

Post 3+ Months Ago

I didn't think of that. It might work, Windows is tricked into all sorts of things. SheDevil, are you following me? :D
  • ShEDeViL
  • Graduate
  • Graduate
  • User avatar
  • Posts: 216

Post 3+ Months Ago

Shhhhh, you weren't supposed to know ;)
  • jlknauff
  • Expert
  • Expert
  • User avatar
  • Posts: 502
  • Loc: Florida

Post 3+ Months Ago

Here is what I have come up with so far-

It is somehow related to a searchengine called requestlookup.net. I'm thinking it is trying to send querries to their SE rather than the one I tried to use. I have renamed the file a few minutes ago and everthing seems to be working fine-without anything trying to acccess the net. So, it looks like your idea worked shedevil :wink: I'm going to let it sit the way it is for a few days and make sure everything run fine, then delete it.
From what I see this is a shady way for a SE to get traffic so we should all let everyone know what they are doing. Thanks for your help everyone!
  • ShEDeViL
  • Graduate
  • Graduate
  • User avatar
  • Posts: 216

Post 3+ Months Ago

Yay glad its working! :)
  • Vladdrac
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2136
  • Loc: Louisville, Ky

Post 3+ Months Ago

glad your problem is resolved, is the spyware still not getting erased?
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

Have you done a search in your registry for anything referencing mstime.exe?

When you find it you could probably safely delete the value (back up your registry before doing this)

what you might try as well is when you are only run a netstat and see if there is any suspicious activity running from your machine ( when mine caught the flu she was sending SYN packets to increments inside an ip range)

You can also check your task manager to view any suspicious looking proccess. What I have noticed is that the guys who write these things usually name them after MS dll's (with the extension .exe) so you don't delete them for fear of trashing the OS)

Just a word of caution - always do your research before killing any files like she devil recommends. (unless you feel like re-installing the OS :wink: )

These sypware programs can be removed quiet easily manually. Just be cautious
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

For future reference the ISP that owns the IP you mentioned above is Sawtooth Technologies, LLC in Portland Oregon.
http://www.saw.net/


If you continue to have problems with it, you might want to send a complaint about requestlookup.net.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

ATNO/TW wrote:
For future reference the ISP that owns the IP you mentioned above is Sawtooth Technologies, LLC in Portland Oregon.
http://www.saw.net/


If you continue to have problems with it, you might want to send a complaint about requestlookup.net.


DUH :oops:
sometimes the simplest answers are the most difficult to find

Thanks ATNO
  • ShEDeViL
  • Graduate
  • Graduate
  • User avatar
  • Posts: 216

Post 3+ Months Ago

Rabid Dog wrote:
Just a word of caution - always do your research before killing any files like she devil recommends. (unless you feel like re-installing the OS :wink: )

Well he searched google and couldn't find anything. I even spent a good amount of time trying to find information about this file. If it was a legitimate windows file, he would have been able to find something on the net. Besides, he didn't actually harm the file in any way, just stopped it from being able to do anything temporarily. If it would have been a legitimate system file, in which case changing it would have caused him to not be able to boot from windows, he could have easily stuck in a boot disk and booted to dos and changed the file name back to its original name. There would be no reason to re-install the OS.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

Never said there was anything wrong with the technique you described. Never said there was anything wrong with what anyone suggested, was merely giving a different opinion on the topic that is all.

Besides, not all files get called at start up, you may be able to rename a file and not notice a difference until you call an application that requires that file.

I was just saying check what the file is doing and look for suspicious network activity. To test if a file is needed you could also go to the task manager and try ending the process.

Again it was just a different point of view and not intended to upset anyone.

Sorry for that and I will stick to the programming forum from now on

//EDIT Oh I see what happened - sheDevil you mis interpereted what I said, I was actually saying he she follow your advice (Like sheDevil recommends). Sorry about the sloppy english but when you have been programming for a couple hours you start to talk in abbreviations
  • chrysalis
  • Born
  • Born
  • chrysalis
  • Posts: 3

Post 3+ Months Ago

I am having a major issue with mstime.dll

I was working on a windows 98 machine, ran adaware and got rid of a ton of malware and spyware, rebooted the machine. something attatched to the IE6 browser, and stopped it, so I used the repair tool...that didn't work, so then I went back to an earlier version of Internet explorer...that didn't work, so I downloaded the Ie6 setup on my machine and burned to a disk. but when I restart windows it tells me I am missing mstime.dll. so I went to another machine and copied it and put it in the 98 machine...it still doesn't work. so I removed it completely and still the browser won't load all the way. It is mimicking a memory shortage.
What next. The only thing I can think of is that it is a hardware issue.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

mstime.dll is different from the mstime.exe that was resolved earlier in this post.

mstime.dll is a valid dll that has something to do with Microsoft's mstime
http://www.april-fools.us/microsoft-time.htm (At least in my brief research, I think they are associated)

The first thing to do is Start|Run - type in msconfig and uncheck all your startup programs. Reboot.

If Windows loads OK, then rerun the process and add one program back at a time, reboot and repeat the process until you find the program causing the error. When you do, find out what it is, or post it here for us to look into.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

Code: [ Select ]
Format C:\


The main virus running on you machine at the moment is Win98. Get rid of it - go to an NT Kernel on an NTFS file sytem. More stable.

And now oyu have a perfect excuse to do it.

:wink:
  • ShEDeViL
  • Graduate
  • Graduate
  • User avatar
  • Posts: 216

Post 3+ Months Ago

That's not really true.... Windows 98 (second edition anyhow) is one of the most stable operating systems. It's far more stable than XP.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

Nah we gonna have this argument all day. Me I prefer NT, you prefer 98.

Different strokes for different folks :lol:
  • ShEDeViL
  • Graduate
  • Graduate
  • User avatar
  • Posts: 216

Post 3+ Months Ago

Now you're just jumping to conclusions. I never said that I preferred 98, in fact I much prefer XP. I'm just saying that 98 stable.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

Sorry my bad :oops:

My experience with win 98 has not been fun. The blue screen of death has haunted me to many time :wink:

Since going to an NT kernel and NTFS filesystem I haven't had any stability issues. Win2k is actually my platform and for developement (web) it is extremely stable and that is why - next to my linux box - ii is my fav OS.

XP is very pretty but I am still a bit scheptical about it.
  • ShEDeViL
  • Graduate
  • Graduate
  • User avatar
  • Posts: 216

Post 3+ Months Ago

Yeah, the "pretty" factor is the main reason that I use XP over 2k on my main box. I run 2k on my laptop because of it's stability. But I also like my debian box. :)
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

Cool so we agree on one thing :wink:

Post Information

  • Total Posts in this topic: 29 posts
  • Users browsing this forum: No registered users and 106 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.