Jump to content

Strange Win 10 Behavior


itman
 Share

Recommended Posts

I just upgraded to Win 10 From Win 7.

 

I am puzzled by the file shown in the below screen shot, R00000000000d.clb, that is being injected into every running process. Only info I can glean from the web is its a necessary file. It certainly didn't exist in Win 7. Appears that when a process starts up in Win 10, svchost.exe is doing the injection but can't determine what service is being used. Is this something to do with Win 10 telemetry?

 

post-28635-0-76655500-1469919816_thumb.png

Link to comment
Share on other sites

It's a COM+ catalog file. As for what the file in question is being used for, I can't be certain. Have you tried uploading it to VirusTotal?

Been discussing this over at wilderssecurity.com and appears it is Win 10 build related. I upgraded to Win 10 from Win 7 using a initial release build 10240 ISO. People on later Win 10 builds are not seeing the same injection occurring.

 

BTW - string display from Process Explorer indicates its COM+ utilities. Might be being used by RuntimeBroker.exe?

Link to comment
Share on other sites

People who upgraded using newer builds, or people who have newer builds installed?

It is a "mixed bag." Some see the injection on clean installs, some don't. Ditto for latter ver. clean installs and updates from.

 

BTW - the .clb file is injected into EAM's service and GUI. Ditto for Eset ones. Interestingly, it is not injected into EMET's service or GUI.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...