Virus found in c:\windows\temp\gthrsvc

My Antivirus is finding lots of virues in 
c:\windows\temp\gthrsvc and when I run a Windows Filemon 
store.exe is consistently accessing this folder.  Does 
anyone know why Exchange is using this folder?
0
anonymous (74717)
9/10/2004 2:32:39 PM
exchange.admin 57650 articles. 1 followers. Follow

4 Replies
1821 Views

Similar Articles

[PageSpeed] 46

This the folder used to build the Full-text index.

If virus are catched here (probably by the file scanner), it's because you
have some mails with virus in the Information Store (does not mean here that
you are infected yet).

To fix it
- 1 Lauch a complete scanner on your information store
- 2 Check on all the mailboxes using Outlook if you have a folder called
"Quarantine"(or equivalent) and empty it if it exists
3- Launch a full scan of your drive (to ensure that no virus are alive on
the machine)
4- Exclude c:\windows\temp\gthrsvc  from your File Scanner
5- Make sure your Exchange Ani-virus works well.

"Ken Ostrowski" <anonymous@discussions.microsoft.com> wrote in message
news:9a8201c49743$05e5dd50$a301280a@phx.gbl...
> My Antivirus is finding lots of virues in
> c:\windows\temp\gthrsvc and when I run a Windows Filemon
> store.exe is consistently accessing this folder.  Does
> anyone know why Exchange is using this folder?


0
tophe_news (33)
9/10/2004 3:24:37 PM
I'm concerned about the advice you are giving here..... My understanding is 
that it is a ***VERY BAD IDEA*** to run a virus scan on the information/data 
stores.  If a virus is found, it can delete the data store or log files that 
will make it impossible to run Exchange.......

Any file level scan must exclude the Exchange directories (see the MS site 
for specific directories to exclude.

I don't have specific advice for his problem, but I think yours is an 
invitation to disaster.....

-- 
Regards,
Hank Arnold

"Chris" <tophe_news@hotmail.com> wrote in message 
news:eNzUKp0lEHA.3712@TK2MSFTNGP15.phx.gbl...
> This the folder used to build the Full-text index.
>
> If virus are catched here (probably by the file scanner), it's because you
> have some mails with virus in the Information Store (does not mean here 
> that
> you are infected yet).
>
> To fix it
> - 1 Lauch a complete scanner on your information store
> - 2 Check on all the mailboxes using Outlook if you have a folder called
> "Quarantine"(or equivalent) and empty it if it exists
> 3- Launch a full scan of your drive (to ensure that no virus are alive on
> the machine)
> 4- Exclude c:\windows\temp\gthrsvc  from your File Scanner
> 5- Make sure your Exchange Ani-virus works well.
>
> "Ken Ostrowski" <anonymous@discussions.microsoft.com> wrote in message
> news:9a8201c49743$05e5dd50$a301280a@phx.gbl...
>> My Antivirus is finding lots of virues in
>> c:\windows\temp\gthrsvc and when I run a Windows Filemon
>> store.exe is consistently accessing this folder.  Does
>> anyone know why Exchange is using this folder?
>
> 


0
rasilon1 (689)
9/11/2004 9:50:46 AM
Sorry. I misexpress myself. Using an Exchange dedicated Anti-virus, not a
"Normal" file scanner.
However, run files scanner on the Information Store files is usually not a
big issue, I am not aware about any File scanner able to decrypt the content
of the Information store.

Next time, I'll put all the details in only one post :-)


With correction, this gives :
> > - 1 Lauch a complete scanner on your information store using your
Exchange Scanner
> > - 2 Check on all the mailboxes using Outlook if you have a folder called
> > "Quarantine"(or equivalent) and empty it if it exists
> > 3- Launch a full Files scanner of your drives (to ensure that no virus
are alive on
> > the machine), do not allow the scanner to take any actions without you
to confirm
> > 4- Exclude c:\windows\temp\gthrsvc  from your File Scanner
> > 5- Make sure your Exchange Ani-virus works well.


"Hank Arnold" <rasilon@aol.com> a �crit dans le message de
news:2qg03gFuthndU1@uni-berlin.de...
> I'm concerned about the advice you are giving here..... My understanding
is
> that it is a ***VERY BAD IDEA*** to run a virus scan on the
information/data
> stores.  If a virus is found, it can delete the data store or log files
that
> will make it impossible to run Exchange.......
>
> Any file level scan must exclude the Exchange directories (see the MS site
> for specific directories to exclude.
>
> I don't have specific advice for his problem, but I think yours is an
> invitation to disaster.....
>
> -- 
> Regards,
> Hank Arnold
>
> "Chris" <tophe_news@hotmail.com> wrote in message
> news:eNzUKp0lEHA.3712@TK2MSFTNGP15.phx.gbl...
> > This the folder used to build the Full-text index.
> >
> > If virus are catched here (probably by the file scanner), it's because
you
> > have some mails with virus in the Information Store (does not mean here
> > that
> > you are infected yet).
> >
> > To fix it
> > - 1 Lauch a complete scanner on your information store
> > - 2 Check on all the mailboxes using Outlook if you have a folder called
> > "Quarantine"(or equivalent) and empty it if it exists
> > 3- Launch a full scan of your drive (to ensure that no virus are alive
on
> > the machine)
> > 4- Exclude c:\windows\temp\gthrsvc  from your File Scanner
> > 5- Make sure your Exchange Ani-virus works well.
> >
> > "Ken Ostrowski" <anonymous@discussions.microsoft.com> wrote in message
> > news:9a8201c49743$05e5dd50$a301280a@phx.gbl...
> >> My Antivirus is finding lots of virues in
> >> c:\windows\temp\gthrsvc and when I run a Windows Filemon
> >> store.exe is consistently accessing this folder.  Does
> >> anyone know why Exchange is using this folder?
> >
> >
>
>


0
tophe_news (33)
9/11/2004 12:36:36 PM
I've seen numerous posting of people who have had their data stores  as well 
as log files quarantined or deleted by AV scanners. MS and the AV vendors 
are very specific. DO NOT DO A FILE LEVEL SCAN OF YOUR EXCHANGE DIRECTORIES.

-- 
Regards,
Hank Arnold

"Chris" <tophe_news@hotmail.com> wrote in message 
news:u2K5po$lEHA.2612@TK2MSFTNGP15.phx.gbl...
> Sorry. I misexpress myself. Using an Exchange dedicated Anti-virus, not a
> "Normal" file scanner.
> However, run files scanner on the Information Store files is usually not a
> big issue, I am not aware about any File scanner able to decrypt the 
> content
> of the Information store.
>
> Next time, I'll put all the details in only one post :-)
>
>
> With correction, this gives :
>> > - 1 Lauch a complete scanner on your information store using your
> Exchange Scanner
>> > - 2 Check on all the mailboxes using Outlook if you have a folder 
>> > called
>> > "Quarantine"(or equivalent) and empty it if it exists
>> > 3- Launch a full Files scanner of your drives (to ensure that no virus
> are alive on
>> > the machine), do not allow the scanner to take any actions without you
> to confirm
>> > 4- Exclude c:\windows\temp\gthrsvc  from your File Scanner
>> > 5- Make sure your Exchange Ani-virus works well.
>
>
> "Hank Arnold" <rasilon@aol.com> a �crit dans le message de
> news:2qg03gFuthndU1@uni-berlin.de...
>> I'm concerned about the advice you are giving here..... My understanding
> is
>> that it is a ***VERY BAD IDEA*** to run a virus scan on the
> information/data
>> stores.  If a virus is found, it can delete the data store or log files
> that
>> will make it impossible to run Exchange.......
>>
>> Any file level scan must exclude the Exchange directories (see the MS 
>> site
>> for specific directories to exclude.
>>
>> I don't have specific advice for his problem, but I think yours is an
>> invitation to disaster.....
>>
>> -- 
>> Regards,
>> Hank Arnold
>>
>> "Chris" <tophe_news@hotmail.com> wrote in message
>> news:eNzUKp0lEHA.3712@TK2MSFTNGP15.phx.gbl...
>> > This the folder used to build the Full-text index.
>> >
>> > If virus are catched here (probably by the file scanner), it's because
> you
>> > have some mails with virus in the Information Store (does not mean here
>> > that
>> > you are infected yet).
>> >
>> > To fix it
>> > - 1 Lauch a complete scanner on your information store
>> > - 2 Check on all the mailboxes using Outlook if you have a folder 
>> > called
>> > "Quarantine"(or equivalent) and empty it if it exists
>> > 3- Launch a full scan of your drive (to ensure that no virus are alive
> on
>> > the machine)
>> > 4- Exclude c:\windows\temp\gthrsvc  from your File Scanner
>> > 5- Make sure your Exchange Ani-virus works well.
>> >
>> > "Ken Ostrowski" <anonymous@discussions.microsoft.com> wrote in message
>> > news:9a8201c49743$05e5dd50$a301280a@phx.gbl...
>> >> My Antivirus is finding lots of virues in
>> >> c:\windows\temp\gthrsvc and when I run a Windows Filemon
>> >> store.exe is consistently accessing this folder.  Does
>> >> anyone know why Exchange is using this folder?
>> >
>> >
>>
>>
>
> 


0
rasilon1 (689)
9/12/2004 10:41:22 AM
Reply:

Similar Artilces:

Microsoft Money 2004 Deluxe freezes after installation on Windows 2000 Pro SP4
I am looking for a fix that will enable me to use my Microsoft Money 2004 Deluxe application with Windows 2000 Professional Service Pack 4. After installing the Windows 2000 Professional Service Pack 4, the Microsoft Money 2004 Deluxe application that I have loaded on my PC freezes during start-up. I can do nothing with this application except End the Task while in the Windows Task Manager. You could try reinstalling Money -- Glyn Simpson, Microsoft MVP - Money Check http://support.microsoft.com/default.aspx?scid=fh;EN-GB;mny for UK tips and fixes for MS Money. To send Microsoft your ...

Viruses
I heard that Outlook is not really as risky as one would think about getting a virus attack and that Outlook Express is what is usally attacked. Is there any truth to that? Can anyone share any experiences they have had with virus attacks and Outlook? Please tell us your version number too. Thanks These two articles will give you a clue as to which versions of Outlook are most at-risk. Short version: if you use a current version and have all updates installed, you are quite safe from everything except your own stupidity. http://www.slipstick.com/emo/2005/up050120.htm#preview http...

Are Outlook On C-Drive
I'm saving a lot of my folders (emails) in my Archivefolder in MS Outlook using in internet email account (Hotmail) I can't access thhem through my Hotmail account anymore because I moved them into my archive folder. Other then through Outlook is tere any other way i can access these folders No, since they are now stored locally on your computer in a pst-file (mail database). You can see the linked location in; File-> Data File Management... If you would like to keep them on the server, you can move them back and disable AutoArchive; Tools-> Options-> tab O...

Internet Explorer Windows 7 64 bit
I'm trying to create an Internet Explorer object using the below code. It works fine in XP and Windows 7 32 bit. But it using the Windows 7 64 bit, which has a 32 bit IE and a 64 bit IE, it opens a 64 bit browser which does not load the toolbar and extension in the add-ons. I'm looking for an idea how to default to the 32 bit IE. object IeApplication = null; public IEHelper() { Type ieType = Type.GetTypeFromProgID("InternetExplorer.Application"); IeApplication = Activator.CreateInstance(ieType); } On 1/7/2010 11:13 AM, Mel Weaver wrote: > I...

Virus like behaviour but no virus
G'day Hope I can get some help with this one 1)Exchange 2003 on Windows 2003 2) I have scanned the server for viruses using two reputable brands and no virus has been detected. I have an Exchange compatible virus scanner; no viruses. 3) The SMTP service is running; The Exchange Virtual SMTP server is stopped. 4) As soon as the virtual SMTP server is started my link is flooded with outbound traffic. If I then pause the virtual server the flooding continues. If I stop the virtual SMTP server the flooding stops. 5) I cannot see anything in the queues. Getting desperate so any suggesti...

How to frreze cells for an entire year in a category so that no c.
If you provide some details on what you're trying to do, someone may be able to help you. Bailey wrote: -- Debra Dalgleish Excel FAQ, Tips & Book List http://www.contextures.com/tiptech.html ...

outlook won't run in windows7 Error an object could not be found
just installed ootlook 2007 on windows7 . configured accounts to pre-existing email accounts clicked send received got message The opertion failed . An object could not be found Any addvice please on the nature of the problem Any advice on precise steps to reproduce your problem? You've provided no information. Spare no detail if you want others to help you. -- Russ Valentine "Skipton" <Skipton@discussions.microsoft.com> wrote in message news:7C43D7CC-34E8-4567-9DEB-10ECFDEB6A8F@microsoft.com... > just installed ootlook 2007 on windows7 . configured ac...

Virus e-mails
I posted a Question Oct 4 at 11:45 PM "Balanced or Mixed Asset Funds" Sence then my e-mail address has received hundreds of virus carrying e-mails every day some purported to be from Microsoft or Postmaster, etc. My virus S/W deleted them and I don't run .exe e-mail attachments. My e-mail is overloaded and useless. Only the e-mail given to this newsgroup is effected. Why are our e-mail addresses included in the post? To whom should I report this? It is not just this newsgroup. The spammers have software that scans all the newsgroups and pull out anything that look...

Cannot open pps files from Windows Mail
In order to view pps files, I downloaded and installed the free pp viewer from Microsoft. I checked the pps file association to be sure they are associated with PowerPoint Viewer. However, I cannot open the pps attachments in Windows Mail. Rather, I have to save the attachments to my hard drive and then open them from My Documents. What do I need to do to be able to open them directly from within Windows Mail? Thanks, Mack In Windows Mail, do the following: 1. Click on "Tools" 2. Click on "Options" 3. Click on "Security" 4. Untick ...

Can One Windows Live mail account handle multi-language?
Have Windows 7 home premium in English on my laptop without Microsoft Office products. I want to use the laptop in English most of the time, but I need to send/receive email in French sometimes and English the rest of the time. I use Live Mail in English now, but can I configure it for French also? OR Do I need two Live mail accounts, One for English and One for French? Or is another option open to me? -- Steve (Home Coder) The accounts aren't the issue. Accounts don't have a language. An installed copy of WLM will be in a single language for menus and such. A...

AVG Virus software
Hi, I use the free version of AVG. When I looked at my VIRUS VAULT I saw about 10 entries, some described as virus, but I am not sure what to do to get rid of these things. Do I select EMPTY VAULT or else select each item and click on DELETE ? Thanks, Peter Since it's not part of Windows XP, you would ask here: http://forums.avg.com/us-en/avg-free-forum "Peter Buttuls" <ye025@victoria.tc.ca> wrote in message news:%23dhtl4%23hKHA.4912@TK2MSFTNGP02.phx.gbl... : Hi, : I use the free version of AVG. When I looked at my VIRUS VAULT I saw about : 10 entr...

powerpoint viewer 2007 on Windows Embedded Standard 2009
I had trying to install powerpoint viewer 2007 to my windows embedded system, but it cannot open pptx file and get an error message "This file requires the Compatibility Pack for the 2007 Office system to view its contents." After i installed fileformatconverter.exe, i get another error message "The converter failed to save the file". The powerpoint viewer does run 2003 ver file only for 2007 ver having this problem. This is a multi-part message in MIME format. ------=_NextPart_000_0034_01CAA3DD.08611340 Content-Type: text/plain; charset="utf-8"...

takes about 5 tries to get email to send from windows mail
Hi, I keep receiving an error message when i attempt to send email. It continues to occur as I try to resend several times, and then eventually for some reason does send. It's driving me nuts! please help? error message: Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Subject 'test', Account: 'web networks', Server: 'smtp.broadband.rogers.com', Protocol: SMTP, Port: 25, Secure(SSL): No, Error Number: 0x800CCC0F oh and I tried enabling the ssl ...

Anybody knows native group to discuss C++ fundas ?
Hi, anybody please know microsoft newsgroup to discuss C++ fundamentals and concepts ?? does ms have such kind of group to discuss c or c++ problems.. ?? -- --Jigar Mehta Software Developer +91 98258 69961 Microsoft.public.vc.language "Jigar Mehta" <jigar.programmer@gmail.com> wrote in message news:enuTCpmVFHA.3076@TK2MSFTNGP12.phx.gbl... > Hi, anybody please know microsoft newsgroup to discuss C++ fundamentals and > concepts ?? does ms have such kind of group to discuss c or c++ problems.. > ?? > > > -- > --Jigar Mehta > Software Developer > ...

Is it worthwhile to start learning and using C# and forms instead of C++ and MFC?
Now that I've learned to make C++ GUIs using MFC-dialogs and -Doc/View apps, is it worth my time to start using C# and formviews? The only argument I've heard from people (who btw do not know how to use MFC) is "but forms in c# are so much easier". Well, I don't think MFC is hard and can't imagine anything easier, especially when I can do things in MFC I have no idea about how to even get started with in c# forms. It's always a good idea to learn as much as possible. Microsoft is obviously pushing .NET and specifically C# (check out the options for C# in VS...

I think i have a virus
I have a problem with exchange. each time I start it up the internet connection comes to a stand still. I looked into the queues and found a huge list of domains with messages. I noticed that is I stop the virtual SMTP server the internet comes back to life, I ended up delete all the queues and uninstalling reinstalling SMTP. But still I have the problem? any answers? It might be that one of your accounts is compromised. Disable SMTP relay for authenticated users and change passwords on all accounts. AlanM wrote: > I have a problem with exchange. > > each time I start it up t...

Outlook 2003 won't start under Windows 7
Reinstalled Office 2003 after converting to W7. This error message appears immediately after starting OL: "Unable to open your default e-mail folders. The information store could not be opened." Try; Start Run Outlook.exe /resetnavpane (space between exe /) "Kay" <Kay@kayknapp.com> wrote in message news:eYf7cZufKHA.2184@TK2MSFTNGP04.phx.gbl... > Reinstalled Office 2003 after converting to W7. This error message > appears immediately after starting OL: > > "Unable to open your default e-mail folders. The information store ...

From Borland C++ 502 to Visual C++ 6
HI,I need help!!! I've the source code of a software written with Borland C++ 5.02 IDE. I want to port this code from Borland C++ 502 to Visual C++ 6. Is this possible?? Do you have any advice for me?? Thank's for All Jasp Jasp, I've done this by hand a long time ago, porting from Borland 5.x to MSVC++. And by hand is how I think you'll have to do it as well. A good way to start is to create an empty app, of the same type as the BC one (SDI, MDI or whatever), and add resources. Create dialog box classes, and go through each dialog box class in the original, map the sa...

Using the MS CRM standard lookup window in a custom form?
Hi, I am writing a custom web form that I am opening within the ms crm web application. I need to lookup a contact and populate a field on my webform with the selected contact from the lookup form. I would rather not reinvent the wheel, is it possible to use the standard MS CRM lookup records web form and return data from it to my custom form? TIA Hi. I have the same needings. How do you solve it ? Sebastiano "Karl Iuel" <karli@ispartners.co.za> ha scritto nel messaggio news:uD0ALlVbDHA.2928@tk2msftngp13.phx.gbl... > Hi, > > I am writing a custom web form th...

Windows ce database, campo FILETIME error obteniendo campo
Hola estoy intentando crear una Base de datos en Windows CE con las clases CCeDBDatabase, CCeDBRecord, CCeDBProp . Introduzco los registros correctamente en la BD pero a la hora de leer la aplicacion genera excepcion cuando intento leer un campo de fecha. CCeDBProp *pFechaUlt; pFechaUlt=rec.GetPropFromIdent(PROP_FECHAULT) //hasta aqui correcto //en este punto la aplicacion se jode FechaUltAux=pFechaUlt->GetFiletime(); Agradeceria mucho cualquier ayuda, gracias ...

email virus alerts
I am getting tons of Email virus alerts with the address coming from MS Corporation Public Assistance, MS Corporate Security Internet Department. What does this mean. Is there anyway I can set this up so that it automatically deletes it from my inbox? See www.microsoft.com/security and you'll learn that this junk is not from Microsoft. Spam detector software can usually detect and handle this stuff. Hope this is useful to you. Let us know. rms margie wrote: > I am getting tons of Email virus alerts with the address > coming from MS Corporation Public Assistance, MS ...

how do you get office suite to use windows mail for emailing
how do you get office suite to use windows mail for emailing You probably don't. But it would help if you'd give more information about what version of this and that you're using. Windows Mail is for people who don't want to have things work. "TEENA" <TEENA@discussions.microsoft.com> wrote in message news:60C614C9-F514-487F-A202-2BCC94C5C8D3@microsoft.com... > how do you get office suite to use windows mail for emailing See: http://support.microsoft.com/?kbid=918792 "The 'E-mail' command is missing or is unavailable in Exc...

Outlook 2003
I get an error every time I open Outlook 2003 that says: "The add-in "C:\WINDOWS\System32\AdMailOK.1" could not be installed or loaded. This problem may be resolved by using Detect and Repair on the Help menu." I've tried "Detect and Repair" and it didn't kill the error from appearing every time I load Outlook. Any ideas? I searched Google and came up empty on this. Thanks! Have you tried reinstalling the program? ----- Thundersmash wrote: ---- I get an error every time I open Outlook 2003 that says "The add-in ...

Virus
We use outlook express I think my wife has a virusin her E-mail Identity. Ive updated Norton and it does not detect any virus but every time she opens her E-mail some thing keepes trying to send E-mails to address we never heard of. Norton stops them from going. It's only my wife Identity. Does anyone have a suggestion how to fix it Thanks Gary Gary, I would try also runing a spyware program like Ad-aware to clean out any unwanted programs that you didn't even know where there. Also, make sure you have the latest virus definitions from symantec for your norton. Good luck! Brett &...

Blue screen of death after Windows Vista Update in August 2010
In these days I updated my vista as always. Anyway a blue screen of death appeared at new restart and it is impossible to launch Windows. Therefore I restored my system and I forbade to install August updates. Now it works. Suspected updates are: Protection Update Windows Vista KBxxxx ( 9 items) Security Update .NET Framework Service SP1, SP2 and Server Undesired mail filter ( Windows Mail ) Compatibility Internet Explorer 8 Protection for Internet Explorer 8 Tool to remove malware - August 2010 They are 14 items, released 10th August. Some of these are itemized here: http:/...