Tartan Posted January 24, 2004 Share Posted January 24, 2004 Ok I found this mysterious program in my C:\ root directory called "gendel32.exe" I have searched various search engines with no real luck, ran AdAware, spybot S&D, and of course norton anti-virus on it, all with latest updates and reference files. I have found nothing. The file is also referenced in "windows\wininit.ini" So does anyone have any idea of what this is or does?....apparently if deleted it reappears after reboot. Any help is appreciated. P.S. Sorry if this is not in the right forum, mods please move if needed. Link to comment https://www.neowin.net/forum/topic/134781-what-is-gendel32exe/ Share on other sites More sharing options...
John Veteran Posted January 24, 2004 Veteran Share Posted January 24, 2004 sounds like a virus. reasons: you say it's in wininit.ini. that file is not part of windows, so gendel32.exe isn't used by windows. search engines return few results. even if it was a legit file, it would show up. it's in your root directory. i don't know of any programs/applications that place executables in the root of your hard drive... most importantly: it reappears when you reboot. this means there is a second copy or another infected file that creates gendel32.exe on bootup. Link to comment https://www.neowin.net/forum/topic/134781-what-is-gendel32exe/#findComment-1641457 Share on other sites More sharing options...
Tartan Posted January 24, 2004 Author Share Posted January 24, 2004 sounds like a virus. reasons:you say it's in wininit.ini. that file is not part of windows, so gendel32.exe isn't used by windows. search engines return few results. even if it was a legit file, it would show up. it's in your root directory. i don't know of any programs/applications that place executables in the root of your hard drive... most importantly: it reappears when you reboot. this means there is a second copy or another infected file that creates gendel32.exe on bootup. Yeah it is suspicious, I just don't know why none of the programs I ran detetcted it. :/ Link to comment https://www.neowin.net/forum/topic/134781-what-is-gendel32exe/#findComment-1641478 Share on other sites More sharing options...
John Veteran Posted January 24, 2004 Veteran Share Posted January 24, 2004 first, find out how it's starting. run msconfig and look on the startup tab. find the item that starts gendel32.exe, and post it's location here. also, run regedit and run a search for gendel32. post the keys that it shows up in, but don't delete them (they might be used by windows). Link to comment https://www.neowin.net/forum/topic/134781-what-is-gendel32exe/#findComment-1641493 Share on other sites More sharing options...
Tartan Posted January 24, 2004 Author Share Posted January 24, 2004 first, find out how it's starting. run msconfig and look on the startup tab. find the item that starts gendel32.exe, and post it's location here.also, run regedit and run a search for gendel32. post the keys that it shows up in, but don't delete them (they might be used by windows). Yeah i did both them too, it doesn't appear in either msconfig or regedit. Also zonealarm has never asked for an outgoing connection related with it. So it is a mystery. Link to comment https://www.neowin.net/forum/topic/134781-what-is-gendel32exe/#findComment-1641522 Share on other sites More sharing options...
John Veteran Posted January 24, 2004 Veteran Share Posted January 24, 2004 check HKCR\exefile\shell\open\command and see what the default value is set to. it should be "%1 *1", but if it's not, post what it's set to. if it's set to something else, then the virus is probably launching every time you open a new program :pinch: Link to comment https://www.neowin.net/forum/topic/134781-what-is-gendel32exe/#findComment-1641557 Share on other sites More sharing options...
Tartan Posted January 24, 2004 Author Share Posted January 24, 2004 yes its set too "%1" %* Link to comment https://www.neowin.net/forum/topic/134781-what-is-gendel32exe/#findComment-1641592 Share on other sites More sharing options...
John Veteran Posted January 24, 2004 Veteran Share Posted January 24, 2004 does it start on bootup? i never asked, i've always assumed it's started with windows :unsure: i might be wrong :s post a list of your current processes if you can, that should lead to something. Link to comment https://www.neowin.net/forum/topic/134781-what-is-gendel32exe/#findComment-1641619 Share on other sites More sharing options...
Tartan Posted January 24, 2004 Author Share Posted January 24, 2004 Well I edited wininit.ini just now, adding a ' ; ' character to each line and renamed the gendel.exe to gendel.bak and rebooted...after which it hasn't renamed back, so maayyyybee I've stopped it for now. I'm still not sure what it is though seeing as none of the detection programs for adware, spyware and antivirus detects it. I can only assume some website put it there without permission, since I am very careful about the stuff I install etc. BTW, thanks for your help and ideas gameguy. :) If anyone does find out what this is, let us know. Link to comment https://www.neowin.net/forum/topic/134781-what-is-gendel32exe/#findComment-1641698 Share on other sites More sharing options...
John Veteran Posted January 24, 2004 Veteran Share Posted January 24, 2004 glad to help :happy: if you want, look at the file's version properties (you'll have to rename it to .exe first) and then look up that info on google, it might help. Link to comment https://www.neowin.net/forum/topic/134781-what-is-gendel32exe/#findComment-1641705 Share on other sites More sharing options...
NoNeX Posted January 24, 2004 Share Posted January 24, 2004 Hi No need to worry, afaik it's part of the install-software from http://www.install-us.com One of the programs you have or had installed prolly used that installer and gendel32.exe is either a leftover from some installation or it'll be needed for a prog to uninstall. Suggestion: rename it to gendel32.exe.bak or something similiar and wait for a program to say "hey, I need gendel32.exe" =) NoNeX Link to comment https://www.neowin.net/forum/topic/134781-what-is-gendel32exe/#findComment-1643091 Share on other sites More sharing options...
Tartan Posted January 24, 2004 Author Share Posted January 24, 2004 HiNo need to worry, afaik it's part of the install-software from http://www.install-us.com One of the programs you have or had installed prolly used that installer and gendel32.exe is either a leftover from some installation or it'll be needed for a prog to uninstall. Suggestion: rename it to gendel32.exe.bak or something similiar and wait for a program to say "hey, I need gendel32.exe" =) NoNeX Ok thanks NoNex. :) Link to comment https://www.neowin.net/forum/topic/134781-what-is-gendel32exe/#findComment-1643311 Share on other sites More sharing options...
Miek Posted January 24, 2004 Share Posted January 24, 2004 I also got this program in C:. I checked it with help of ResHacker and all strings is in German, eg: STRINGTABLE LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL { 65440, "Samstag" 65441, "%s kann nicht zu %s zugewiesen werden" 65442, "Datei %s kann nicht erstellt werden" 65443, "Datei %s kann nicht ge?ffnet werden" 65444, "Stream-Read-Fehler" 65445, "Stream-Write-Fehler" 65446, "Der Index der Liste ?berschreitet das Maximum (%d)" 65447, "Die Kapazit?t der Liste ist ersch?pft (%d)" 65448, "Zu viele Eintr?ge in der Liste (%d)" 65449, "Operation bei sortierten Stringlisten nicht erlaubt" 65450, "In der Stringliste sind Duplikate nicht erlaubt" 65451, "Ung?ltiger Wert der Eigenschaft" } and since "install-us" is from a german company, it can be from that package. I think I got it from installing the latest version of Nero. /Michael Link to comment https://www.neowin.net/forum/topic/134781-what-is-gendel32exe/#findComment-1643343 Share on other sites More sharing options...
Recommended Posts