Results 1 to 13 of 13
  1. #1
    New Lounger
    Join Date
    Nov 2013
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    elxe.exe runs on startup - what is it?

    I have an entry in msconfig -> startup and I have not been able to find any information on it.
    Startup Item: ThreadTCPReport
    Manufacturer: Super Network Industrial
    Command: C:\Users\<user_name>\AppData\Roaming\Ynsi\elxe.exe
    Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    I deleted the registry key, but it came right back after a re-boot.
    Google search on any of the above items does not come up with anything.
    Add/Remove programs doesn't list anything that might be related to this.

    I'm using Windows 7 Home Premium SP1 64 bit.

    Thanks to all that can enlighten me.
    Last edited by pjv; 2013-11-08 at 18:04.

  2. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    See if you can't dig a little deeper;
    Examine the contents of the above folder.
    Use Sysinternal's process explorer, TCPView, and or Autoruns to help sort it out.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  3. #3
    New Lounger
    Join Date
    Nov 2013
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    That is the only file (elxe.exe) in the Ynsi folder.
    Folder view is set to show hidden and protected files.

    Task manager or Resource Monitor does not show this process running and I don't see any running services that might be associated with it.

  4. #4
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Try to use an app such as What's In Startup to disable the elxe.exe from starting and see what happens. The download link is a ways down the page. This little app is recommended often on the Lounge.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  5. #5
    New Lounger
    Join Date
    Nov 2013
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks to both of you for the help.
    I was able to stop it from loading at startup. The WhatsInStartup showed the same entries as msconfig.
    I renamed the elxe.exe to elxe-orig.exe, deleted the registry run key, and rebooted. The entry did not re-appear.
    I thought I would do some more registry searching, so I renamed it back to the original filename and re-booted.
    The entry did not show up in the msconfig or WhatsInStartup, so I guess I'll never know.
    Perhaps I never actually deleted the registry key as I had intended at the start.
    I was more interested in finding out what it was and where it came from, maybe someone else will know.

  6. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    I fear there is not much info about it. If you right click the file and choose the Details tab, is there a manufacturer's name?
    Rui
    -------
    R4

  7. #7
    New Lounger
    Join Date
    Nov 2013
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Not much more info than in my first post..

    Capture.JPG

  8. #8
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    I would guess it seems to be network related, but can't find any other info about it or the manufacturer. It seems you have posted that already and I missed it. Sorry about that.

    Well, you have stopped it running, so you will notice if something is amiss.
    Rui
    -------
    R4

  9. #9
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,484
    Thanks
    283
    Thanked 572 Times in 476 Posts
    Related to the following by the manufacturer name, check the File detail tabs:
    https://www.virustotal.com/en/file/9...6233/analysis/
    https://www.virustotal.com/en/file/e...07d2/analysis/

  10. #10
    New Lounger
    Join Date
    Nov 2013
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Interesting site - Thanks!

    Still can't find much info on the web.
    Looks like this .exe might be from around 2008.
    My PC has it as a create date of 08/2013. I remember having some sharing problems on my local network a while ago.
    I'm guessing I was doing some tcp logging and tracing
    Must be something I installed. Oh well - onto the next mystery.

    https://www.virustotal.com/en/file/5...is/1384194604/

  11. #11
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,484
    Thanks
    283
    Thanked 572 Times in 476 Posts
    So when you uploaded the file to VT, there hadn't been a previous upload of it (there would have been an option to view the most recent scan)?

    With something as unusual (a 2008 exe file that's not been scanned before) as that, I'd have to head to a good Malware forum such as Majorgeeks, TechSupportforum, Sysnative, GeeksToGo, etc. to get it checked by those trained to investigate these things.

  12. #12
    New Lounger
    Join Date
    Nov 2013
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I was not presented with the option to view.
    I just went back to VT and searched for elxe.exe and also ThreadTCPReport.exe.
    Neither file was in their database.
    Since this is not causing me any problems, I'm pretty much done with this investigation.
    Thanks to all for your help and insights.

  13. #13
    New Lounger
    Join Date
    Feb 2010
    Location
    Melbourne, Victoria, Australia
    Posts
    20
    Thanks
    0
    Thanked 5 Times in 5 Posts
    I'd be immediately running Malwarebytes Anti-Malware. Anything that autoruns from your appdata\roaming folder should be treated with extreme suspicion. Even more so if it has a helper program that puts back the registry key after you delete it. It's almost certainly up to no good.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •