systempropertiesremote.exe


Userlevel 4
I have been doing a lot of searching about this and have found that this systempropertiesremote.exe
has this potential if infected. It can be placed in two different locations one is OK the other one is not.
 
Here's what its capable of doing.
This was found in a search for the systempropertiesremote.exe virus.
 
Spyware Infection
Spyware is a latest type of computer threat; spywares can be installed in the computer in wide variety of ways. Once the computer is infected by Spyware your personal information such as online account number, passwords, and credit card numbers from the computer will be collected and sent back to remote server for malicious purpose.
 
I'm running Windows 7 Ultimate
 
The normal path is the (C: windowssystem32
 
 
The top photo is of my system.
The bottom two were found  in two different locations.
Is this correct.



24 replies

Userlevel 7
Hi Gunner
 
I am not sure what it is you are asking here, and I am wondering if you are just looking for trouble.
 
But anyway, as far as I can see SystemPropertiesRemote.exe is a legitimate part of Windows, and indeed removing or disabling it can cause issues. It is a system & hidden file. It is usually located in the %SYSTEM% folder and its usual size is 81,920 bytes. From what you are showing in the screenshots related to your system (assuming I am not confused by the surfeit of information provided) is that yours are legitimate both in terms of locations and file sizes.
 
But if in doubt why not just find the executables & right click and 'Scan with Webroot' just to make sure? Or alternatively you can submit a copy of each executable to Webroot for checking via this URL
 
Do let us know what you find.
 
Regards, Baldrick
Userlevel 7
Badge +62
Hello Gunner,
 
IF i may add to this ?
 
Here is what I have on my W/7 64bit. Maybe this will help comfirm these are legitimate files
 


 

Userlevel 4
I in no way am going to mess with it. It is way..... to important.
 
I just spotted it in webroot "active connections".
Also systempropertiesadvanced.exe is there. both are in C windows system32.
 
I was wondering why the other two in sysWOW64 were not there.
 
So I did a search and found this.
 
"TrojanClicker:Win32/Agent.ZC"  is the first important factor we cannot ignore with its description a password stealing program which exploits the security vulnerabilities in webpages to steal financial information like credit cards numbers, login passwords, bank accounts, etc. when you place the order online.. TrojanClicker:Win32/Agent.ZC could modify data in SystemPropertiesRemote exe which result in other programs like NERF Arena Blast or browser SeaMonkey 2.3 can't work as they have to invoke the functions in SystemPropertiesRemote.exe. Once the inner data gets modified or removed, the programs which is connected with DLL file.
 
I was just a little concerned when I spotted the difference in the two files sizes .
One in the group  in system 32 all related files are 81 KB and the others in SysWOW64. are all 81 KB.
 
.
 
 
 
 
 
 
Userlevel 7
Hi Gunner
 
Very wise, very wise indeed.
 
The sysWOW64 should only be present for the 64 bit Windows OS, so I take it that you are running under 32 bit?
 
As for the 'discrepencies'...I would not worry too much but just run a scan with WSA and if that comes up clean then you should be fine...but if that still does not calm your nerves then I would Open a Support Ticket and as the Support Team to check this out for you.
 
Regards, Baldrick
Userlevel 4
I seems to me that there are both.
A new SSD
and the old HD.
 
It shows that  the HD is under "local disc E: and has about 50 GB used on it.
 
Any way, Ssherjj posted the photos that I needed to see. Thank You.
 
I will run a Webroot scan on all of the files in question and if nothing come up .
I will try to put this to the side.
 
It would be cool it you could run a scan for that "Trojan" specificity.
 
Thank you both very much......
 
 
Userlevel 7
Badge +62
Anytimne Gunner! you are most welcome!:D
Userlevel 7
Hi Gunner
 
You are most welcome, but if I may say...have confidence that WSA has your back and is protecting you very well. I have run WSA since it came out, and have never been infected (to date...;)).
 
As for an option to scan for a specific "Trojan"...well there is not much point as you have to be sure that you have correclty identified and therefore named the Trojan in question and there is no certainty that you determination fo what to scan for would be right...so you might end up scanning for Trojan A when in fact you should be scanningfor Trojan AA.
 
Much better to scan for all malware and let the profesionals make the determination of whether or not one is infected, and if so then with what. But of course that is just my two pennies worth...for what it is worth...;)
 
Regards, Baldrick
Userlevel 4
I have total confidence in WSA , (sometimes it may not look that way) but I do.
 
Love the way the group here has supported me.
I like the way I can learn about malware just by watching how the WSA Complete works, and that although I don't mess with some of its aspects I do like being able to customize its configuration a bit.
 
As far as Malware is concerned my grasp of what it is and what can be has magnified 100 %.
I find it very fascinating and kind of like to " Dig a little deeper" when I find some that could be relevant to my situation.
 
I really need to take a "real" coarse on Computers and specifically the malware aspect.
Problem is, as hard as I have tried, I cant quite get a grasp on the "typing" aspect.
 
I'm still pretty fast without being real good but not good enough for a class like that.
 
Any way, me coming here with my little problems and questions keeps you guys and girls on your toes.
What else is there to do on this site...:D
 
Userlevel 7
Badge +62
Hi Gunner!
 
We love what we do here in this Community Forum. We learn every day about something from just all the questions that folks like yourself ask. We are all here to support eachother.
 
It's aleays a pleasure to have you here asking for assistance. Just being here you are supporting Webroot.
 
Webroot is what we all believe in here in this community and we are always happy to help nice people as yourself!:D
 
 
 
Userlevel 4
 
I was looking at the start up menu and was wondering if the last three boxes that are checked are necessary.
When I hold my cursor on them there is the word webroot is in the scroll. But don't like the "manufacture unknown" aspect on them.
Are they webroot ,and do they need to be started every time I start my PC ?
 
 

Userlevel 4
So I fallowed a path in C: windows an ended up clicking on a webroot icon that said "webrootwise."
It opened a large screen that said do you want to install " Last Pass" it had a small green webroot icon on the top corner.
 
I'm not familiar with last pass. I looked through the "user guide" and could not find it.
 
I guess  what those entry's I'm asking about on start up are menu are related to
 
Would some one explain it to me.
Userlevel 4
OK, I did some digging on the web and I found this in our forum.
 
"If you liked the LastPass, I think you will like the Webroot Password Manager as well: it is actually a licensed - rebranded form of LastPass" .
 
I should have done that in the beginning I guess.
 
I still would like to know if those items I mentioned in my post that are in my start up menu can be removed or at the very least stop from loading.
 
 
Userlevel 7
Hi Gunner
 
Yes, it is always best to check out the Community for anything that looks like it might in anyway be related to WSA. And as I said before beware of 'digging on the Internet' as what you find may well make you paranoid or send you off worrying about things that there is no need to worry about.
 
And to answer your question about removal of the items mentioned...the answer is 'No'...leave well alone.
 
Regards, Baldrick
Userlevel 7
@ wrote:
I have total confidence in WSA , (sometimes it may not look that way) but I do.
 
Love the way the group here has supported me.
I like the way I can learn about malware just by watching how the WSA Complete works, and that although I don't mess with some of its aspects I do like being able to customize its configuration a bit.
 
As far as Malware is concerned my grasp of what it is and what can be has magnified 100 %.
I find it very fascinating and kind of like to " Dig a little deeper" when I find some that could be relevant to my situation.
 
I really need to take a "real" coarse on Computers and specifically the malware aspect.
Problem is, as hard as I have tried, I cant quite get a grasp on the "typing" aspect.
 
I'm still pretty fast without being real good but not good enough for a class like that.
 
Any way, me coming here with my little problems and questions keeps you guys and girls on your toes.
What else is there to do on this site...:D
 
Hi Gunner
 
Whilst your quest for knowledge is admirable, playing wit malware is not for the faint hearted because of the inherent dangers to your system if one inadvertently goes to far. The same goes for the tweaking of settings, especially those related to the detection of malware as it is possible to leave ones self open to attack, just by making changes, that one is not clear on.
 
Also, I would not do any tinkering re. malware and/or WSA settings without having a full image of my disc...just in case something does unfortuantely go awry and one finds oneself inadvertently in a'pickle'.
 
It just pasy to be careful, and is why one of the things that is definitively not promoted in the Community is malware testing...not that I am saying that you do...but just because we do not want to ste people of on a path that they may eventually regret...as I said before...it is not for the fait hearted. ;)
 
Regards, Baldrick
Userlevel 4
Thats fine.
 
I unchecked the boxes on my startup menu concerning the items I had asked about. =
 
Lastpass IE runonce
Lastpass FF runonce
Install webroot IE runonce
 
Userlevel 7
Badge +62
@ wrote:
Thats fine.
 
I unchecked the boxes on my startup menu concerning the items I had asked about. =
 
Lastpass IE runonce
Lastpass FF runonce
Install webroot IE runonce
 
Hi @
 
Edit: I didn't see your previous posts! Sorry!
 
Why would you uncheck those boxes on the startup menu. Don't you use Password Manager? I have four instances of these files in my startup.I wouldn't mess with those.. @ can you advise nhere?
 
Userlevel 4
I do not use password manager.
 
I put them back even though I prefer "not" having items on my start up menu that I do not use.
 
I do not see "any" reason they they should be running or have the option to run every time I'm on my PC.
 
I thought items like that were supposed to be removed from a startup menu.
 
 
Userlevel 7
Badge +56
It's much easier on Windows 10 from the Task Manager as it has the Start-up Tab and I disable unneeded start up entries as well!
 
Daniel ;)
 


 

Userlevel 7
Badge +62
Thanks Daniel! I wasn't sure about that that's why I asked! 😉
Userlevel 4
Thank all of you for the support.
 
Gunner
Userlevel 7
Badge +62
Your Welcome Gunner! 🙂
Userlevel 4
Since I'm "NOT" smart enough to listen to the advise that's given to me on this forum by those that have tried to help me over and over again.
 
All I have done in spite of what has been suggested is ignore it.
 
To me that's disrespectful, and I apologize.
 
I'm going to retire from the group.
 
Thanks again,
                          Gunner
Userlevel 7
Badge +62
Hi ?
 
I don't think any of us thought of you as being disrespectful. Please don't leave our group. We never feel that way. Everyone has their way of thinking and so it's not necessary to withdraw as we all learn from each other! And I personally felt that I learned from you since you have been here amongst the Community. No need to withdraw?
 
Happy Easter Gunner!
Userlevel 7
Hi Gunner
 
I would wholeheartedly agree with Sherry's assessment. The advice provided by the volunteers is precisely that...advice and as such the is no onus on any member to follow that advice...it is given freely and therefore can be accepted freely or not...as the person posing the questions, that illicited the answers, deems to be in their best interests or not.
 
As to disrespecting anyone here...I would say that I do not believe that anyone has been so treated (and I can certainly say that from my perspective).
 
As to withdrawing...there is certainly no need to do so unless you really feel that you must...but we hope that you decide to stay with us...we are an open Community that thrives on a wide membership with diverse backgrounds, views, skill levels, etc...and your departure would be our loss.
 
So in hoping that you will think on it again...Happy Easter.
 
Regards, Baldrick

Reply