LMIR0001.tmp.bat.js
March 15, 2011 5:16 AM Subscribe
What the heck is LMIR0001.tmp.bat.js??
Today when I opened my Windows 7 computer, this file opened up Adobe Dreamweaver. The file was LMIR0001.tmp.bat.js. The function was entitled DeleteCleanup.
Never seen it before. Nothing shows up on any spyware or virus scans.
What the heck is it??
Today when I opened my Windows 7 computer, this file opened up Adobe Dreamweaver. The file was LMIR0001.tmp.bat.js. The function was entitled DeleteCleanup.
Never seen it before. Nothing shows up on any spyware or virus scans.
What the heck is it??
Oh also, if you still have the file, you could post some of its contents here...maybe some of us would be able to decipher if its obfuscating malicious code.
posted by samsara at 5:28 AM on March 15, 2011
posted by samsara at 5:28 AM on March 15, 2011
Best answer: I think it's related to the Log Me In Rescue client. Does your IT department remote into computers to resolve infections? If so, they might be using that provider. What you're seeing would be the cleanup agent that runs afterward to remove the software from your computer.
Assuming the filename is legitimate, of course.
posted by Phyltre at 7:53 AM on March 15, 2011
Assuming the filename is legitimate, of course.
posted by Phyltre at 7:53 AM on March 15, 2011
Assuming the filename is legitimate, of course.
Legitimate files never have multiple extensions.
If you open this with Notepad, you can copy the contents and put them into Pastebin, then come back to us with a link. But otherwise, be super-careful about how you handle this file.
posted by mhoye at 8:50 AM on March 15, 2011
Legitimate files never have multiple extensions.
If you open this with Notepad, you can copy the contents and put them into Pastebin, then come back to us with a link. But otherwise, be super-careful about how you handle this file.
posted by mhoye at 8:50 AM on March 15, 2011
Response by poster: Here is the Pastebin linky: http://pastebin.com/x1WDa1fe
I think Phyltre is correct on this one. Just yesterday I had to contact a software vendor and they logged into my machine using log me in rescue. It makes sense now.
Thanks.
posted by Jackie_Treehorn at 10:09 AM on March 15, 2011
I think Phyltre is correct on this one. Just yesterday I had to contact a software vendor and they logged into my machine using log me in rescue. It makes sense now.
Thanks.
posted by Jackie_Treehorn at 10:09 AM on March 15, 2011
That looks safe if the LMIR0001.tmp.bat (not .js) file is from LogMeIn. It's only trying to run then delete the associated LMIR0001.tmp.bat, which is likely cleaning up LMIR. When you can, delete the pastebin to protect any private information that could be found in the temp path.
You'll probably want to keep your file association for .js as-is or switched to notepad so you can catch any potential unwanted javascript files running on your PC in the future. .vbs might another one worth associating to notepad. You'll still be able to execute them by right-clicking and selecting "open with."
posted by samsara at 10:32 AM on March 15, 2011
You'll probably want to keep your file association for .js as-is or switched to notepad so you can catch any potential unwanted javascript files running on your PC in the future. .vbs might another one worth associating to notepad. You'll still be able to execute them by right-clicking and selecting "open with."
posted by samsara at 10:32 AM on March 15, 2011
Legitimate files never have multiple extensions.
bullshit.tar.gz
posted by AkzidenzGrotesk at 11:18 PM on March 15, 2011 [2 favorites]
bullshit.tar.gz
posted by AkzidenzGrotesk at 11:18 PM on March 15, 2011 [2 favorites]
This thread is closed to new comments.
You might also want to check out your system out with HijackThis to see if there are any further questionable startup items. Try CCleaner to help clean out any dormant temporary files or startup scripts/programs.
posted by samsara at 5:24 AM on March 15, 2011 [2 favorites]