Author Topic: Behavior shield question internat.exe (Read 17297 times)

cska133 · « **on:** April 07, 2011, 03:26:31 PM »

hallo,

I just starter my PC and Avast pops up this behavior question (see screenshot).
Target object cannot be seen on the popup, so here the whole path HKEY_USERS\S-1-5-21-2678822560-3673682103-668471605-1000\Software\Microsoft\Windows\CurrentVersion\Run\internat.exe.

It is strange that under this registry key I can not find internat.exe in the registry??? Internat.exe is suspisious file name :-( And the name of the targer starts registry\user but I can find only HKEY_User??? Or is this something else???
And the ubpm.dll dosent say me anything???

can someone help me
I use Win7 Home 64bit

danny96 · « **Reply #1 on:** April 07, 2011, 03:31:45 PM »

Quote from: cska133 on April 07, 2011, 03:26:31 PM

hallo,

I just starter my PC and Avast pops up this behavior question (see screenshot).
Target object cannot be seen on the popup, so here the whole path HKEY_USERS\S-1-5-21-2678822560-3673682103-668471605-1000\Software\Microsoft\Windows\CurrentVersion\Run\internat.exe.

It is strange that under this registry key I can not find internat.exe in the registry??? Internat.exe is suspisious file name :-( And the name of the targer starts registry\user but I can find only HKEY_User??? Or is this something else???
And the ubpm.dll dosent say me anything???

can someone help me
I use Win7 Home 64bit

internat.exe is a Microsoft Input Locales.
Looks like you have BS setuped to ask. Please change it to Auto-decide.
(avast! gui > resident shields > behavior shield > advanced settings > Ask change to auto-decide)

Use option "allow and add to trusted programs"
Thanks

Zyndstoff (aka Steven Gail) · « **Reply #2 on:** April 07, 2011, 03:33:54 PM »

Guckst du hier.

Set behaviour shield to "automatisch"

Zyndstoff (aka Steven Gail) · « **Reply #3 on:** April 07, 2011, 03:37:37 PM »

And just for info: Klick!

cska133 · « **Reply #4 on:** April 07, 2011, 03:42:12 PM »

I know how to set BS to auto.
On this page http://www.neuber.com/taskmanager/deutsch/prozess/internat.exe.html in the text at the beginnng it is written that this service doesnt run unter Win7 and Vista, and if so - than it is a virus or trojan

and where to find thr key Regestery\user? is it the same as HKEY_USER?

Asyn · « **Reply #5 on:** April 07, 2011, 03:47:43 PM »

Send the file to VirusTotal. http://www.virustotal.com/
Post the results here.

Zyndstoff (aka Steven Gail) · « **Reply #6 on:** April 07, 2011, 03:49:26 PM »

Okay, I read Neubert.

Then block it. Search for internat.exe on your harddrive and have it scanned at virustotal.com.

Run a malwarebytes antimalware scan and post the log here.

cska133 · « **Reply #7 on:** April 07, 2011, 04:26:57 PM »

i can not find internat.exe on my harddrive

no such file

Asyn · « **Reply #8 on:** April 07, 2011, 04:35:43 PM »

Quote from: cska133 on April 07, 2011, 04:26:57 PM

i can not find internat.exe on my harddrive no such file

Wäre gut, wenn du eine Signatur angibst, dann können wir dir besser helfen.

Danke,
asyn

cska133 · « **Reply #9 on:** April 07, 2011, 04:57:46 PM »

what do you mean with Signatur (ich bin Deutscher, aber das ist ein englischsprachiges Forum :-)

Asyn · « **Reply #10 on:** April 07, 2011, 05:00:30 PM »

Quote from: cska133 on April 07, 2011, 04:57:46 PM

what do you mean with Signatur (ich bin Deutscher, aber das ist ein englischsprachiges Forum :-)

Signatur ist deutsch;
signature would be the English term.

Zyndstoff (aka Steven Gail) · « **Reply #11 on:** April 07, 2011, 05:06:30 PM »

We do need some more information... as far as I see, it is unsuspicious.
Some program wants the "internat.exe" to be added to the autostart. Since there is no such program, nothing will happen. (If you searched your HD thoroughly and have explorer enabled to view system files and hidden files)

Did you install anything prior to the last boot?
When did this happen: first boot after installation of Avast?
Or did it happen all of a sudden without you changing anything knowingly to Avast / Windows / Installations?

Anyway, I would block it and run Malwarebytes Antimalware.

cska133 · « **Reply #12 on:** April 07, 2011, 05:23:07 PM »

Malwarebytes is running, so far 2 funds found. When it ends I will post back.

Quote

Did you install anything prior to the last boot?

no

Quote

When did this happen: first boot after installation of Avast?
Or did it happen all of a sudden without you changing anything knowingly to Avast / Windows / Installations?

I use Avast for many years. Today at the morning there was no such popup. Nothing was installed or changed. Now I start PC and Avast pops it up. Maybe does this have something to do with some windows tasks...some days ago I upgraded to v9 and turned Behavior Shield ON, till than it was off.

Zyndstoff (aka Steven Gail) · « **Reply #13 on:** April 07, 2011, 05:27:09 PM »

Quote from: cska133 on April 07, 2011, 05:23:07 PM

Malwarebytes is running, so far 2 funds found. When it ends I will post back.

...some days ago I upgraded to v9 and turned Behavior Shield ON, till than it was off.

Malwarebytes finds things... not too good a sign, I fear. Let's wait and see.

cska133 · « **Reply #14 on:** April 07, 2011, 05:56:03 PM »

Malwareb still runnung...
If I choose Deny and move to chest, which file will be moved and where is the chest?

Author Topic: Behavior shield question internat.exe (Read 17297 times)

cska133

Behavior shield question internat.exe

danny96

Re: Behavior shield question C:\Windows\System32\ubpm.dll

Zyndstoff (aka Steven Gail)

Re: Behavior shield question C:\Windows\System32\ubpm.dll

Zyndstoff (aka Steven Gail)

Re: Behavior shield question C:\Windows\System32\ubpm.dll

cska133

Re: Behavior shield question C:\Windows\System32\ubpm.dll

Asyn

Re: Behavior shield question C:\Windows\System32\ubpm.dll

Zyndstoff (aka Steven Gail)

Re: Behavior shield question C:\Windows\System32\ubpm.dll

cska133

Re: Behavior shield question C:\Windows\System32\ubpm.dll

Asyn

Re: Behavior shield question C:\Windows\System32\ubpm.dll

cska133

Re: Behavior shield question internat.exe

Asyn

Re: Behavior shield question internat.exe

Zyndstoff (aka Steven Gail)

Re: Behavior shield question internat.exe

cska133

Re: Behavior shield question internat.exe

Zyndstoff (aka Steven Gail)

Re: Behavior shield question internat.exe

cska133

Re: Behavior shield question internat.exe