Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

The clash of ideas is the sound of freedom.

computers / alt.comp.os.windows-10 / Re: rundll32.exe C:\Windows\system32\advpack.dll

SubjectAuthor
* rundll32.exe C:\Windows\system32\advpack.dllJan K.
+- Re: rundll32.exe C:\Windows\system32\advpack.dllNewyana2
`- Re: rundll32.exe C:\Windows\system32\advpack.dllJJ

1
rundll32.exe C:\Windows\system32\advpack.dll

<uohg6o$92l$1$koziolja@news.chmurka.net>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=77750&group=alt.comp.os.windows-10#77750

  copy link   Newsgroups: alt.comp.os.windows-10 alt.comp.freeware
Path: i2pn2.org!i2pn.org!paganini.bofh.team!news.chmurka.net!.POSTED.211.226.120.88!not-for-mail
From: janicekoziol@nie.ma.spamu.prosze.com (Jan K.)
Newsgroups: alt.comp.os.windows-10,alt.comp.freeware
Subject: rundll32.exe C:\Windows\system32\advpack.dll
Date: Sat, 20 Jan 2024 23:15:24 +0100
Organization: news.chmurka.net
Message-ID: <uohg6o$92l$1$koziolja@news.chmurka.net>
NNTP-Posting-Host: 211.226.120.88
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 20 Jan 2024 22:07:21 -0000 (UTC)
Injection-Info: news.chmurka.net; posting-account="koziolja"; posting-host="211.226.120.88";
logging-data="9301"; mail-complaints-to="abuse-news.(at).chmurka.net"
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
Cancel-Lock: sha1:hWZm4uIXkou/472CU0T5AtFIlxs= sha256:U4Oe5FjPTnw9lvDsYzwWJHxrMuQozxgZHH3Ok5JoKlA=
sha1:3hM8XqpN08AXM6aoQFT1tKtMu+Q= sha256:kopQuHeHky5EofM+4D8vi/rm1KxdHqxsrAHfg9Z4L+M=
 by: Jan K. - Sat, 20 Jan 2024 22:15 UTC

The KC Softwares freeware "Startup Sentinel" usually reports new things after I
install poorly behaved software but this time it reported something
different. https://www.kcsoftwares.com/?sus

This is what Startup Sentinel reported after a Windows update.
HKLM:RunOnce wextract_cleanup0 rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Windows\TEMP\IXP000.TMP\"

The "advpack" sounds fishy so I looked it up a bit.
https://www.google.com/search?q=wextract_cleanup0

The first hit for "wextract_cleanup0" is this
https://www.bleepingcomputer.com/startups/21644/advpack.dll/
"Program used to cleanup after installing updates and software."

The first hit for adpack.dll is this.
https://answers.microsoft.com/en-us/windows/forum/all/advpackdll/57bd54e9-b9cf-426a-a390-f4c517e84518

Would you let it run or kill it?

Re: rundll32.exe C:\Windows\system32\advpack.dll

<uohh4k$3rn9n$1@dont-email.me>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=77751&group=alt.comp.os.windows-10#77751

  copy link   Newsgroups: alt.comp.os.windows-10 alt.comp.freeware
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Newyana2@invalid.nospam (Newyana2)
Newsgroups: alt.comp.os.windows-10,alt.comp.freeware
Subject: Re: rundll32.exe C:\Windows\system32\advpack.dll
Date: Sat, 20 Jan 2024 17:22:38 -0500
Organization: A noiseless patient Spider
Lines: 13
Message-ID: <uohh4k$3rn9n$1@dont-email.me>
References: <uohg6o$92l$1$koziolja@news.chmurka.net>
Injection-Date: Sat, 20 Jan 2024 22:23:17 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="5cf8dd4d658dfa666dc8077aadbc9e8c";
logging-data="4054327"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+Gdl+AMhnDQlQTpum/+RPXYwIkrDBIF+M="
Cancel-Lock: sha1:M20/QEzrQePTV5vsRO7YnYpjXB0=
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
X-Priority: 3
 by: Newyana2 - Sat, 20 Jan 2024 22:22 UTC

"Jan K." <janicekoziol@nie.ma.spamu.prosze.com> wrote

| The first hit for "wextract_cleanup0" is this
| https://www.bleepingcomputer.com/startups/21644/advpack.dll/
| "Program used to cleanup after installing updates and software."
|

Yes. Not a problem. When you see these things you can look in the
system32 folder and check the file properties. In this case there's
not info for advpack but it does say it's a Microsoft file. The DLL
functions are typical setup functions.

Re: rundll32.exe C:\Windows\system32\advpack.dll

<1y0dkn5x4jj3f.1w9g4cj9z5jp.dlg@40tude.net>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=77765&group=alt.comp.os.windows-10#77765

  copy link   Newsgroups: alt.comp.os.windows-10 alt.comp.freeware
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!feeder8.news.weretis.net!paganini.bofh.team!not-for-mail
From: jj4public@outlook.com (JJ)
Newsgroups: alt.comp.os.windows-10,alt.comp.freeware
Subject: Re: rundll32.exe C:\Windows\system32\advpack.
dll
Date: Mon, 22 Jan 2024 01:25:46 +0700
Organization: To protect and to server
Message-ID: <1y0dkn5x4jj3f.1w9g4cj9z5jp.dlg@40tude.net>
References: <uohg6o$92l$1$koziolja@news.chmurka.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Injection-Info: paganini.bofh.team; logging-data="1099667"; posting-host="r23+qnWvBP/8zF6MtWQekQ.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.84
Cancel-Lock: sha256:Fy1u7xLEZiinWpUrwTKcVp/Grtf5VGapPdMpTpiIkyk=
X-Face: \*\`0(1j~VfYC>ebz[&O.]=,Nm\oRM{of,liRO#7Eqi4|!]!(Gs=Akgh{J)605>C9Air?pa d{sSZ09u+A7f<^paR"/NH_#<mE1S"hde\c6PZLUB[t/s5-+Iu5DSc?P0+4%,Hl
X-Bitcoin: 1LcqwCQBQmhcWfWsVEAeyLchkAY8ZfuMnS
X-Notice: Filtered by postfilter v. 0.9.3
 by: JJ - Sun, 21 Jan 2024 18:25 UTC

On Sat, 20 Jan 2024 23:15:24 +0100, Jan K. wrote:
> The KC Softwares freeware "Startup Sentinel" usually reports new things after I
> install poorly behaved software but this time it reported something
> different. https://www.kcsoftwares.com/?sus
>
> This is what Startup Sentinel reported after a Windows update.
> HKLM:RunOnce wextract_cleanup0 rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Windows\TEMP\IXP000.TMP\"
>
> The "advpack" sounds fishy so I looked it up a bit.
> https://www.google.com/search?q=wextract_cleanup0
>
> The first hit for "wextract_cleanup0" is this
> https://www.bleepingcomputer.com/startups/21644/advpack.dll/
> "Program used to cleanup after installing updates and software."
>
> The first hit for adpack.dll is this.
> https://answers.microsoft.com/en-us/windows/forum/all/advpackdll/57bd54e9-b9cf-426a-a390-f4c517e84518
>
> Would you let it run or kill it?

ADVPACK.DLL is a legit Windows own DLL as long as its in the Windows system
directory (oterwise it'd be suspicious). It's been around since Windows 95,
and it was based on Windows 3.x's ADVINS16.DLL.

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor