New
#1
RB_1.3.77.44.exe - can't even scan it w/o changing owner!!
I am running Windows 10 Pro Version 1803 (OS Build 17134.1)
The actual questions here are in this blue color.
1. I have a suspicious .exe on my Dell 7577 laptop. My machine seems very sluggish, and it has happened twice that taskmanager reported this .exe as taking 20% of the CPU. Further the file is buried deep inside SysWOW64, inside a folder even the owner of which is hidden from me. The file is named RB_1.3.77.44.exe and it's full pathname is
C:\Windows\SysWOW64\Microsoft\Protect\S-1-22-20\RB_1.3.77.44.exe
I'll add that on this machine, the owner of the "Protect" folder is "Administrators" (Machine-Name\Administrators), and it contains nothing but the single folder "Protect". The folder "Protect" contains nothing but the folder S-1-22-20, and he securitry info for the S-1-22-20 folder shows "unable to display owner information". Nothing happens when I double-click on that S-1-22-20 folder. The only reason I know that the RB_1.3... file is there at all is that it showed up in task manager; and then the wonderful beautiful "Search Everything" utility showed me where it is. But I can't copy and paste it anywhere, or upload it to an online virus checker -- unless I take ownership of the object and change its permissions.
[OH now that I write this, I guess I could just boot linux and copy the file somewhere, and then scan the file. As usual, Linux shows its value as the pooper-scooper of choice for Windows] A search online gave me no useful info about this .exe file. Can anyone here tell me what RB_1.3.77.44.exe is? Or if it's normal to have the Protect folder there?
I know how to change the owner of the file so that I can delete it. But perhaps it's legit and needs to have the ownership it does. And even if it's malicious, I"d like to be able to report it as it actually is/was in my system, rather than with a different owner. At the very least, i'd like to be able to record the identity of the current owner, even if to do that causes me to change the owner. Can I do something to find out who the current owner is (since it "can't be displayed")?
If there is a correct or best-practise way to check out this file which doesn't require a reboot or a different OS, I'd be grateful to learn what it is.
THanks!
scott
P.S. if it would be better to post separate queries for the separate quesitons (1. is RB_1.3.77.44.exe dangrous? 2. how to virus-check a file that one can't see without changing it? 3. How to find the identity of the owner of a file whose identitiy "can't be displayed"? please let me know and I''ll do that.