Greetings,
Daniel K. Hall Computer specialist Sr. from Univ. of Wyoming - InfoTech. We just introduced WR to our campus in the past months and as a part of our desktop support group, I am often charged with following up on heavily infected machines. We recently had a dozen or so machine flag an unknown sourse file named "prpasswd.exe". When I look it up i see that only 2 of 30 security utilities are reporting it as a threat. It is classed as a password renew executable and there is no known company association. How can I lookup more information on why this file was flagged by WR and why? Here is the informaiton i have;
File Name : rnpasswd.exe
File Size : 95744 byte
File Type : application/x-dosexec
MD5 : 0216af893b002b3596a953b106dd354d
SHA1 : 158904ca6c1b2d4359ad765a7ca3f64899e1ba5d
Thank you, and Have a Great...Day!!!
:
Userlevel 7
+62
Hello wecyotee,
Welcome to the Webroot Community,
My advise is to Submit a Support Ticket so that they can check this "rnpassed.exe". It could be a false positive but I can't be sure. This is a free service with a Webroot subscription.
Maybe ? or ? could add to this?
Welcome to the Webroot Community,
My advise is to Submit a Support Ticket so that they can check this "rnpassed.exe". It could be a false positive but I can't be sure. This is a free service with a Webroot subscription.
Maybe ? or ? could add to this?
Userlevel 7
Hi wecyotee
Welcome to the Community Forums.
I am a wondering if this executable is the one reference in this Microsoft Technet article? If it is then hopefully this gives you the necessary to further explore/decide how to handle these locally.
Regards, Baldrick
Welcome to the Community Forums.
I am a wondering if this executable is the one reference in this Microsoft Technet article? If it is then hopefully this gives you the necessary to further explore/decide how to handle these locally.
Regards, Baldrick
Userlevel 7
+35
The best thing to do would be to submit a Support Ticket.
This file is a password reset tool:
"Password Renew lets the user change the password of the local Administrator account or create a new admin level user with a password of their choice. This is a great tool for getting into Windows boxes you don't have an admin password for"
If you're knowingly using it, you can create an override. If an unautorized user is using this tool, it could be for malicious purposes.
-Dan
This file is a password reset tool:
"Password Renew lets the user change the password of the local Administrator account or create a new admin level user with a password of their choice. This is a great tool for getting into Windows boxes you don't have an admin password for"
If you're knowingly using it, you can create an override. If an unautorized user is using this tool, it could be for malicious purposes.
-Dan
Userlevel 7
+56
? see here: http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx? does it matter?
Thanks,
Daniel
Thanks,
Daniel
Userlevel 7
+35
I'll have to pass this one along... The descrepancy between the determination date and first seen date is a bit confusing, but you would only see that with files going back to the Prevx days like this one. It is not something I would be all that concerned about.@ wrote:
@ see here: http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx? does it matter?
Thanks,
Daniel
-Dan
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.