Results 1 to 13 of 13

Thread: shortcut vzrock appears on desktop during firefox operations

  1. #1
    Moderator VJ's Avatar
    Join Date
    Mar 2001
    Location
    Poland/Belgium
    Posts
    8,828

    Default shortcut vzrock appears on desktop during firefox operations

    Hello,

    I noticed a strange behaviour. I have Firefox installed in a Symactec Virtualization system. Every time firefox downloads something, for a short moment, a shortcut with the name vzrock appears on the desktop. I have been using that Symantec system for a long time now, and never saw it.

    It may be related to this virtualization, but I want to make sure. The PC on which is happens has a slow harddisk, so that may be why it appears on this one, but I want to make sure it does not come from some malware or so. Scans show the PC is clean...

    Googling vzrock does not seem to yield good results. Any thoughts?


    Jörg
    pixar
    Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

  2. #2
    Crabby Smurf Umfriend's Avatar
    Join Date
    Mar 2001
    Location
    Netherlands
    Posts
    6,302

    Default

    Other than "Muwhahahahaha!"? No.
    Join MURCs Distributed Computing effort for Rosetta@Home and help fight Alzheimers, Cancer, Mad Cow disease and rising oil prices.
    [...]the pervading principle and abiding test of good breeding is the requirement of a substantial and patent waste of time. - Veblen

  3. #3
    Super MURCer cjolley's Avatar
    Join Date
    Aug 1999
    Location
    Oklahoma City, OK
    Posts
    8,135

    Default

    Could you download something big like an iso and copy the shortcut during the download?
    Maybe then you could see what it points to.
    Chuck
    秋音的爸爸

  4. #4
    Moderator VJ's Avatar
    Join Date
    Mar 2001
    Location
    Poland/Belgium
    Posts
    8,828

    Default

    It is only there for a short time, at the end of the download... even for big files.

    I cannot select it, but I don't know if it is because Windows does not let me, or because it just is there too short.
    pixar
    Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

  5. #5
    Super MURCer cjolley's Avatar
    Join Date
    Aug 1999
    Location
    Oklahoma City, OK
    Posts
    8,135

    Default

    Quote Originally Posted by Umfriend View Post
    Other than "Muwhahahahaha!"? No.
    Yeah, If it's a laptop or has a camera, I'd cover the lens with a piece of tape when I wasn't using it.
    Chuck
    秋音的爸爸

  6. #6
    Super MURCer Evildead666's Avatar
    Join Date
    Mar 2002
    Location
    Paris, France
    Posts
    2,983

    Default

    Quote Originally Posted by VJ View Post
    It is only there for a short time, at the end of the download... even for big files.

    I cannot select it, but I don't know if it is because Windows does not let me, or because it just is there too short.
    have you got "show all files" and "show hidden system files" ticked in the folder properties of Windows ?
    It could be some system file.

    Navigate to desktop in a window, and try and see if you can see the file or its size/extension.
    C:\Users\YOURLOGININFO\Desktop\
    That might give you some more info.
    PC-1 Fractal Design Arc Mini R2, i5-3570K@4GHz, ASRock Extreme4-M, 4x4Gb GSkill DDR3-2000-10-10-10-30, Intel 335 180Gb SSD, Samsung 840EVO 250Gb, 2xWD Black 750Gb HDD (Raid-0), AMD R9-290, Seasonic 850W Gold, H100i for CPU + Black Ice SR-1/Laing DDC/EKWB 240 Loop for R9-290.
    Na$ : Chenbro ES34069, Asus P8H77-I, 2x4Gb DDR3-1600, i3-2120 3.3Ghz, AMD Radeon 6670-LP, 2Tb(x2), 1Tb(x2), 64Gb Crucial M4 SSD, BDR, USB->SCSI:1Gb MO Drive(x3), FSP-270W PSU. Win7x64
    +++ : MGE UPS 650VA (Na$+switch+PC-1 Cooling)

  7. #7
    Moderator VJ's Avatar
    Join Date
    Mar 2001
    Location
    Poland/Belgium
    Posts
    8,828

    Default

    Quote Originally Posted by Evildead666 View Post
    have you got "show all files" and "show hidden system files" ticked in the folder properties of Windows ?
    It could be some system file.
    I'm guessing that, but I never saw it before (and always have those two things ticked).

    I noticed that the Symantec program is giving errors for normal operations (e.g. stopping the firefox layer, or trying to delete it). So I'll prevent the layer from automatically activating, and then reinstall firefox. Perhaps some thing went corrupt...? (it also performs worse than it normally does).
    pixar
    Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

  8. #8
    The Berserker Jammrock's Avatar
    Join Date
    Aug 1999
    Location
    Right behind you.
    Posts
    8,736

    Default

    Assuming this is a Windows system you can use Process Monitor or Process Explorer from SysInternals. That should give you a better clue.

    http://technet.microsoft.com/en-us/s...rnals/bb896653

    http://technet.microsoft.com/en-us/s...rnals/bb896645

    Procexp is more user friendly. Hit the binocular icon in the toolbar and enter the file name. If the file has a handle on it procexp will tell you what it is. You may need to time the search to the time the file is created to find it.

    Procmon is a running log of just about everything that goes in in Windows. It is daunting to look at the first few hundred times. What you can do is start procmon, start Firefox and wait for the file to appear. Then go back to procmon and press Ctrl+E to stop the trace. Add a filter (the funnel like icon) with the conditions:

    Path - contains - vzrock - then - Include

    Add

    OK

    This will filter the trace by paths with your filename. In the process column you wee see what process performed the operations to create the file. Open the properties (double-click) of any line to see process and stack details. With these tabs you can drill down to specific DLLs and modules related to that operation.

    From there you should be able to figure out what's creating the file. Post the process and stack details if you would like any assistance.
    However [political parties] may now and then answer popular ends, they are likely in the course of time and things, to become potent engines, by which cunning, ambitious, and unprincipled men will be enabled to subvert the power of the people and to usurp for themselves the reins of government, destroying afterwards the very engines which have lifted them to unjust dominion.

    GEORGE WASHINGTON, Farewell Address, Sep. 17, 1796

  9. #9
    Moderator VJ's Avatar
    Join Date
    Mar 2001
    Location
    Poland/Belgium
    Posts
    8,828

    Default

    Great advice!
    I'll try it, but don't know yet when... (organizing new year's party, then going to Belgium for some time, ...)
    pixar
    Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

  10. #10
    Moderator VJ's Avatar
    Join Date
    Mar 2001
    Location
    Poland/Belgium
    Posts
    8,828

    Default

    I managed to find it in the Symantec forum:
    http://www.symantec.com/connect/forums/vzrocklnk
    It is a fake link they use to force a refresh of the desktop.
    So this is normal.

    Something else also appeared. I could no longer control the layers, so I removed the entire program and cleaned the system. I installed it againm it resurfaced, and then I found it was caused by a bug in the layer system (fix should come soon).

    But now I have a problem with a firefox installation: I can execute it once, but then the firefox.exe file disappears, and an emtpy folder named firefox.exe appears in its place. The few articles I found are suggesting to run a malware scan, but nothing is found. They are also mentioning specific registry entries, which are not present on my system. I'll play it safe and just delete the entire OS and reinstall it.

    I'm a bit weary of using the Symantec SWV layer system now, due to the bugs and the vzrock link thing (it is annoying). What would you guys recommend for sandboxing applications?
    I found this thread: http://malwaretips.com/threads/best-...software.4907/
    It mentions Evalaze, Bufferzone and Cameyo as free options. Any suggestions?
    pixar
    Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

  11. #11
    Super MURCer UtwigMU's Avatar
    Join Date
    Jul 2002
    Location
    Slovenia/EU
    Posts
    4,311

    Default

    Just use knoppix live CD.

    Or use VMware workstation and always revert to snapshot.
    はてらけあり!

  12. #12
    Moderator VJ's Avatar
    Join Date
    Mar 2001
    Location
    Poland/Belgium
    Posts
    8,828

    Default

    I have snapshots of the system, made with partimage. I'll now revert to the oldest one, and start from that one.

    The system is used for htpc and occasional gaming, so I don't want to run it fully virtual. I was happy with that Symantec solution to virtualize applications (and then be able to revert on a per-application basis), but some annoying bugs make me consider something else...
    pixar
    Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

  13. #13
    Moderator VJ's Avatar
    Join Date
    Mar 2001
    Location
    Poland/Belgium
    Posts
    8,828

    Default

    A second scan with malwarebytes revealed a single registry entry, related to a my DVB-S tuner. I found that it can trigger a false positive. Still, I've scanned all my disks and computers, with both malwarebytes and security essentials and everything seems clean.

    Just to be on the safe side, I restored the oldest image I had (clean installation of W7 + SP1), and started from that one. It took all day to get the updates, next I'll make a new image, scan, and then start installing again.
    pixar
    Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •