FNTCACHE.dat?

Virus & Spyware

Virus & Spyware
Perspectives on PC security, including antivirus, anti-spyware and firewall solutions.

FNTCACHE.dat?

  • I am seeing FNTCACHE.dat file in C:\WINNT\system32. Is this a bad file? Can I remove this file?
     
     
  • FNTCACHE.DAT (FoNT CACHE) comes with a clean install of Microsoft Windows 2000 Professional.   FNTCACHE.DAT is located in "C:\WINNT\system32\".    

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • Thanks ky331 for your response.

    Today I got a popup asking me to install winfixer 2005.. I cancelled the popup from taskmanager (without pressing ok or cancel)... My question, am I affected by Winfixer 2005? Is there any other way to check this (I would like to avoid executing hijack this as much as possible).

     

     

     

  • part of the problem with winfixer is that there are at least 6  (??) distinct versions, and each version has a separate "fix"-procedure of its own.   a tool such as HiJackThis will hopefully reveal which particular version you have, and then, we can offer you the appropriate cure.
     
    if you absolutely insist on avoiding HJT, and just want to "play the odds" [which are strongly in favor of this particular version], you can try the following, which will handle the most common forms of WinFixer (O2-MSEvents; and/or "blank"-O2 with corresponding O20):
     

    Download [but do *NOT* yet run] FixVundo from

    http://securityresponse.symantec.com/avcenter/FixVundo.exe

    [we'll have you run it later]

    Note: If you have previously download this file on another occasion, please download it again, to be absolutely sure you have the most current version.

    ********************

    Next, download VirtumundoBeGone from:

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    * Save it to your Desktop
    * Close all running programs (including your Internet Browser)
    * Double-click VirtumundoBeGone.exe on the desktop
    * Follow the directions as indicated

    please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.

    just reboot if your system "jams"

    *********************

    After rebooting, it's now time to run FixVundo (which you had downloaded earlier).

    Make sure all other programs, including your Internet Browser, are closed.

    Double-click the FixVundo.exe file to start the removal tool.

    Click Start to begin the process, and then allow this tool to run.

    Important: Do not launch any new applications while the tool is running!

    Reboot your computer.

    Run the FixVundo removal tool again to ensure that the system is clean.

    *********************

    It's now time to report back to us:

    VirtumundoBeGone

    generated a "log" file of its own, which it should have placed on your Desktop... please REPLY to this thread, and copy/paste the VirtumundoBeGone log back here.
     
     

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • Thanx for your prompt reply ky331.

    If you get a popup (only once) asking you to install winfixer, mean that your PC is infected (eventhough I cancelled the popup using task manager and have no visible performance problems / unwanted popups)?

  • believe it or not, despite all the "expert" advice i've been giving people about winfixer over the past few weeks, i've never personally encountered it on any of my machines (hope this isn't gonna be a "jinx" now).   i've been working with (and learning from the likes of) RKinner, as to how to analyze symptoms and respond accordingly.
     
    most people complain that, once they get an initial popup requesting them to install winfixer, the program will go ahead and do so, even against the expressed will of the user, who clicks on NO, CANCEL, or X-out-the-program.   on that basis, it's likely that you still have some form of the infection.
     
    however, if you've received the popup only once, and it doesn't come back again (in particular, after re-booting your system), maybe you're one of the rare, lucky people.   so, unless/until you get another/more winfixer popups, if you want to sit by and "hope for the best", that's certainly your option.
     

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • Thanks kyy331!!!

    Do you know if anybody got infected after cancelling the popup using task manager (I was aware that 'NO', cancel or 'X' exiting the popup does not help)...

    I have rebooted it once and haven't had any more popups.. But I will keep my fingers crossed.. Is there any symptoms that I should look for, that will tell me if I am infected (like new files in system32 folder?)

     

  • "killing" the program mid-process, via task manager, might have made a difference... but i just can't say with any certainty.
     
    since there are so many different versions of winfixer, i really can't say what to look for, and where.... things don't necessarily have to be placed in the system32 folder.
     
    i've searched around, and see that you've previously generated and posted HJT logs here.  I also see you had significant problems, with "major" fixes suggested,  so i can understand your reluctance to get "overly" involved.   if you want to post a log here, for me to look just for winfixer (no more, no less), i can do that.   and then you can decide whether or not you want to proceed any further with it.
     
    if i don't get to it today, i'll be back tomorrow.

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]