Announcement

Collapse
No announcement yet.

shortcut vzrock appears on desktop during firefox operations

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • shortcut vzrock appears on desktop during firefox operations

    Hello,

    I noticed a strange behaviour. I have Firefox installed in a Symactec Virtualization system. Every time firefox downloads something, for a short moment, a shortcut with the name vzrock appears on the desktop. I have been using that Symantec system for a long time now, and never saw it.

    It may be related to this virtualization, but I want to make sure. The PC on which is happens has a slow harddisk, so that may be why it appears on this one, but I want to make sure it does not come from some malware or so. Scans show the PC is clean...

    Googling vzrock does not seem to yield good results. Any thoughts?


    Jörg
    pixar
    Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

  • #2
    Other than "Muwhahahahaha!"? No.
    Join MURCs Distributed Computing effort for Rosetta@Home and help fight Alzheimers, Cancer, Mad Cow disease and rising oil prices.
    [...]the pervading principle and abiding test of good breeding is the requirement of a substantial and patent waste of time. - Veblen

    Comment


    • #3
      Could you download something big like an iso and copy the shortcut during the download?
      Maybe then you could see what it points to.
      Chuck
      秋音的爸爸

      Comment


      • #4
        It is only there for a short time, at the end of the download... even for big files.

        I cannot select it, but I don't know if it is because Windows does not let me, or because it just is there too short.
        pixar
        Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

        Comment


        • #5
          Originally posted by Umfriend View Post
          Other than "Muwhahahahaha!"? No.
          Yeah, If it's a laptop or has a camera, I'd cover the lens with a piece of tape when I wasn't using it.
          Chuck
          秋音的爸爸

          Comment


          • #6
            Originally posted by VJ View Post
            It is only there for a short time, at the end of the download... even for big files.

            I cannot select it, but I don't know if it is because Windows does not let me, or because it just is there too short.
            have you got "show all files" and "show hidden system files" ticked in the folder properties of Windows ?
            It could be some system file.

            Navigate to desktop in a window, and try and see if you can see the file or its size/extension.
            C:\Users\YOURLOGININFO\Desktop\
            That might give you some more info.
            PC-1 Fractal Design Arc Mini R2, 3800X, Asus B450M-PRO mATX, 2x8GB B-die@3800C16, AMD Vega64, Seasonic 850W Gold, Black Ice Nemesis/Laing DDC/EKWB 240 Loop (VRM>CPU>GPU), Noctua Fans.
            Nas : i3/itx/2x4GB/8x4TB BTRFS/Raid6 (7 + Hotspare) Xpenology
            +++ : FSP Nano 800VA (Pi's+switch) + 1600VA (PC-1+Nas)

            Comment


            • #7
              Originally posted by Evildead666 View Post
              have you got "show all files" and "show hidden system files" ticked in the folder properties of Windows ?
              It could be some system file.
              I'm guessing that, but I never saw it before (and always have those two things ticked).

              I noticed that the Symantec program is giving errors for normal operations (e.g. stopping the firefox layer, or trying to delete it). So I'll prevent the layer from automatically activating, and then reinstall firefox. Perhaps some thing went corrupt...? (it also performs worse than it normally does).
              pixar
              Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

              Comment


              • #8
                Assuming this is a Windows system you can use Process Monitor or Process Explorer from SysInternals. That should give you a better clue.

                Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more.


                Monitor file system, Registry, process, thread and DLL activity in real-time.


                Procexp is more user friendly. Hit the binocular icon in the toolbar and enter the file name. If the file has a handle on it procexp will tell you what it is. You may need to time the search to the time the file is created to find it.

                Procmon is a running log of just about everything that goes in in Windows. It is daunting to look at the first few hundred times. What you can do is start procmon, start Firefox and wait for the file to appear. Then go back to procmon and press Ctrl+E to stop the trace. Add a filter (the funnel like icon) with the conditions:

                Path - contains - vzrock - then - Include

                Add

                OK

                This will filter the trace by paths with your filename. In the process column you wee see what process performed the operations to create the file. Open the properties (double-click) of any line to see process and stack details. With these tabs you can drill down to specific DLLs and modules related to that operation.

                From there you should be able to figure out what's creating the file. Post the process and stack details if you would like any assistance.
                “Inside every sane person there’s a madman struggling to get out”
                –The Light Fantastic, Terry Pratchett

                Comment


                • #9
                  Great advice!
                  I'll try it, but don't know yet when... (organizing new year's party, then going to Belgium for some time, ...)
                  pixar
                  Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

                  Comment


                  • #10
                    I managed to find it in the Symantec forum:

                    It is a fake link they use to force a refresh of the desktop.
                    So this is normal.

                    Something else also appeared. I could no longer control the layers, so I removed the entire program and cleaned the system. I installed it againm it resurfaced, and then I found it was caused by a bug in the layer system (fix should come soon).

                    But now I have a problem with a firefox installation: I can execute it once, but then the firefox.exe file disappears, and an emtpy folder named firefox.exe appears in its place. The few articles I found are suggesting to run a malware scan, but nothing is found. They are also mentioning specific registry entries, which are not present on my system. I'll play it safe and just delete the entire OS and reinstall it.

                    I'm a bit weary of using the Symantec SWV layer system now, due to the bugs and the vzrock link thing (it is annoying). What would you guys recommend for sandboxing applications?
                    I found this thread: http://malwaretips.com/threads/best-...software.4907/
                    It mentions Evalaze, Bufferzone and Cameyo as free options. Any suggestions?
                    pixar
                    Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

                    Comment


                    • #11
                      Just use knoppix live CD.

                      Or use VMware workstation and always revert to snapshot.

                      Comment


                      • #12
                        I have snapshots of the system, made with partimage. I'll now revert to the oldest one, and start from that one.

                        The system is used for htpc and occasional gaming, so I don't want to run it fully virtual. I was happy with that Symantec solution to virtualize applications (and then be able to revert on a per-application basis), but some annoying bugs make me consider something else...
                        pixar
                        Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

                        Comment


                        • #13
                          A second scan with malwarebytes revealed a single registry entry, related to a my DVB-S tuner. I found that it can trigger a false positive. Still, I've scanned all my disks and computers, with both malwarebytes and security essentials and everything seems clean.

                          Just to be on the safe side, I restored the oldest image I had (clean installation of W7 + SP1), and started from that one. It took all day to get the updates, next I'll make a new image, scan, and then start installing again.
                          pixar
                          Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

                          Comment

                          Working...
                          X