I have a file called aux.txz which my Sophos anti-virus always takes several hours to crawl through. What is aux.txz? What does it do? Is it expendable? Can it be deleted? I have only ever found one reference to it on Google and that is on another forum - but in Polish. I speak several languages, but Polish ............. !!!

__________________
Barry Wood
Group MD The Bradley Wood Group of Companies
www.thesatellitecouk.com

Hi,
same problem here, it seems like a trojan or virus to me.
i found it on my father's laptop, along with half a dozen of virii. got NAV corporate 7 on this computer and it hangs forever when the scan reaches this file (in system32).
don't know wich virus it is.
the size of the file is 2.2mb, locked by a process (don't know wich one).
it could be a keylogger, gonna test if the size grow when i type something.

What operating system are you guys running? It's not found on mine with Windows 2000.

__________________
"North Dakota Fishing Fun!" | Dakota SEO and Design! | Web Design ~ SEO

aux.txz is a text file. .txz, .txt, .doc are all text file extensions.

__________________
Forum Rules
"Cat washing IS a martial art."
"Remember Today IS Yesterdays Tomorrow"

These days, DOC is more often associated with Word or WordPerfect....

Never heard of .txz before, but is it possible it's a compressed ("zip") file of some sort? I don't even see it im my WinXP registry but .tz is a filetype associated with WinZip - if the file is compressed, that would explain why it takes so long to scan... maybe a log file of some sort?

__________________
Psychology Mental Health & Self-Help Forum
Online Counseling & Therapy | Mental Health Directory

It is a compressed file. I've had two people tell me different things.

One that it is associated with GP32's and the other says it's perl and VB.

The only thing I ever knew was that it was a text file extension.

__________________
Forum Rules
"Cat washing IS a martial art."
"Remember Today IS Yesterdays Tomorrow"

Not only one, but three!!!!
I was just about to give up so I thought I'd try the old 'search within results' trick. - A real rags to riches story :O) -

http://www.google.ca/search?hl=en&lr...G=Search%C2%A0

within%C2%A0results



Got it!!! - TXZ = Morfwarp au file
http://www.icdatamaster.com/t.html





txz Gzipped text file
http://www-2.cs.cmu.edu/afs/cs/proje...il/gzip/0.html




Data structures


Hypertext documents consist of two basic data structures - nodes and links. Nodes include the

content of the document and links represent the document structure. The two data structures and the

essence of hypertext itself is preciously described in [?].
INTERES stores these structures in the following ordered files (with corresponding extensions):
1. Text file containing all text nodes of the hypertext document (.txe)
2. Directory of all text nodes of the previous file with their addresses (.adr)
3. File containing links (.ref)
4. Backup text file (.txz)
http://www.uniba.sk/~kravcik/interes.html


From the Animations shareware collection.
# Filename
(click to download) Size Date Description
1 morfwarp.zip 767327 12-04-93 Morphing and Warping Effects generated with D-MORF. Player included.

Good animations
http://www.filelibrary.com:8080/desc...arp.zip.shtml3

So it is either a unix compressed txt file, a dos backup txt file , or a game/animation program file.
I vote for the last one. I remember trying to 'disassemble' a file type that was in one of the games I had (it wouldn't copy!) and I came across all sorts of exotic software compilers and decompilers - dragon extract(or something) was one. Lots of these files are like .cab files, oe dll files - compressed, large, self contained, and could contain all manner of COM or EXE etc.
Maybe delete it!

__________________
What I am is what I am, are you what you are, or what.
Eddie Brickel

So this is happening MUCH to often these days!
By the time I submit my post, there is one ahead of me that wasn't there wen(lol) I started!

Typing lessons, please wen! (I'm up to about thirty, thirty five a min. Scared yet? :o)

__________________
What I am is what I am, are you what you are, or what.
Eddie Brickel

You're startin' to scare me there Mik, do I hear 40 wpm by next week? ;)

__________________
Forum Rules
"Cat washing IS a martial art."
"Remember Today IS Yesterdays Tomorrow"

wen wrote: Pretty soon, wen, I'm warnin' ya' :o)
Only 5 times faster and not looking at my keyboard or even my moniter, then... be afraid, be very afraid. I sure will be. lol I already get the shakes!

__________________
What I am is what I am, are you what you are, or what.
Eddie Brickel

Hi,
seems, I'm number three with this file. The facts:
- I'm running WinXP.
- aux.txz has been created 29.June2003, half a year after I bought the computer.
- It resides in system32.
- It gets changed (I guess extended) every time I connect to the internet.
- It's got 34,197 KB (!) right now.
- It's attribute is only "A", no system, no hidden...
- It has NO entry in the Explorer's column "owner".
- Deleting isn't possible. Seems to be locked by a process (don't know yet which one).
- Trying to move it leads - INDEPENDENT of the destination dir - to the response:
..'This directory already contains a file "aux."
..Do you wish to replace the existing file 0 byte
..by this one 'icon' 0 byte ?'
- There is NO string "aux.txz" in the registry.
- But there are a lot of keys mentioning "txz", e.g.:
..HKCR/.txz/(standard) of the type REG_SZ and the value "txz_auto_file",
..HKCR/txz_auto_file/shell/... ,
..HKCR/txz_auto_file/open/... and some others
..connecting ".txz" to notepad.exe .
- Opening Notepad and loading aux.txz results in 'access denied'.
- Trying to store some information using the file name "AUX.TXZ.txt" gave me the following response:
..'This file name is a reserved device name.
..Choose a different name.'
- I never installed any game. So that's no possibility of the origin of aux.txz .

Anyone out there, who is able to help in any way?
Thanks so far...

The word AUX is used in reference to RS-232 communications. It is one of the lines to transmit and receive with.

Two of the Pin terminations on the RS-232 serial com are marked TX and RX. These abbreviations are often used to describe the flow of data in serial communications.

It is a possiblity that all three of these people are using the serial port to upload data from some type of device. The serial software they are using, possibly HyperTerminal??? is depositing this file in the System32 directory....why there I do not know.

Another possibility is that all three are using dial-up modem connections, and the dialer they are using has something in common -- possibly being outdated and not XP compatible.

If there is a way that you can transmit that file to me, I would be able to tell you more. Perhaps if you can zip the file up and send it to my Yahoo email address --- I can take a look at it for you.

__________________
Web Design & Development News
The BoG Reborn

Since you are the first one to post about using the registry (and the latest post on this thread) could you go to your Folder Options and click on the File Type tab?

The little flashlight will start it's search. When the list comes up....scroll down to the .TXZ entry and tell me what it says, if you would please?

You were possibly looking at the program registered to that extension in the Registry....but you cut that information off in your post above.

The Shell and Open commands registered for that extension would of told us that...but sometimes not. These entries appear more than once in the Registry.
The best way is in the File Type list.

Your error for the filename kind of makes sense to me, because AUX is a registered device name. But then it does not make sense that it would restrict it as a filename. But then again it does, cuz everyone is saying the file is in use and locked....this all leads back to my previous post about the serial ports and how there might be connection (pardon the pun..hehehe).

__________________
Web Design & Development News
The BoG Reborn

Out of curiosity also....are any of you or have you been involved with a NetFirms free web hosting site at all???

This struck me as odd was that they have a sub-domain with the extension it in www.txz.netfirms.com

__________________
Web Design & Development News
The BoG Reborn

Also, can you boot to "safe-mode without network support' and do anything?
There is a programcalled PrcessView that is like a super steroided version of 'Task Manger' and you may be able to track down a running application's access path (or whatever - this is area that gets slightly over my head) and drivers and dll's in use.
Actually, this "Filemon" looks good for this task:
http://www.webattack.com/get/filemon.html
(I think 'processMon is at sysinternal.com)
Ron, you seem to be quite knowledgeable! (no surprise)
I'm wondering if this thread shouldn't get relocated to the IT forum?

__________________
What I am is what I am, are you what you are, or what.
Eddie Brickel

Total bytes read: 170
HTTPS GET request "/" to www.txz.netfirms.com port 80 (209.171.43.28)

GET request "/" to www.txz.netfirms.com (209.171.43.28)

HTTP/1.1 503 Unknown site

Date: Fri, 26 Dec 2003 03:44:25 GMT

Server: Apache/1.3.26 (Unix) mod_ssl/2.8.10 OpenSSL/0.9.7c

Connection: close

Content-Type: text/html
---------------------------
Welcome to the Network Solutions WHOIS Server.
There is no match for this domain name.
This domain is available for purchase!
Go to www.netsol.com to register it today!
---------------------------
ARIN:
No match for "WWW.TXZ.NETFIRMS.COM".

>>> Last update of whois database: Thu, 25 Dec 2003 18:29:08 EST <<<

-----------------------------
Check this out!
I used superscan from here:

http://foundstone.com/index.htm?subn.../freetools.htm

ALL APPS THAT I RECOMMEND are freeware, spyware/adware free, and almost always run from a directory (folder) and do not install into windows.

These foundstone tools are wild!!

__________________
What I am is what I am, are you what you are, or what.
Eddie Brickel

Some of those utilities look interesting. And they are Freeware. I usually have a problem with Freeware, cuz a lot of it is junk. But I looked at some of this Authors work and I may bend my rules a little...hehehe. It looks pretty good to me.

One that looked good, and thought I would pass on to Minstrel for use in identifying his FP publishing problem is this TCP Monitor. It monitors your connection and what ports are getting hit, and which are transmitting....looked like it might help identify if one of your ports is gettin hit by your suspected authentication echo.

http://www.webattack.com/get/tcpview.html

Booting in SafeMode will not help if it is a driver problem MikMik....only generic drivers are loaded for just he basics. But it might release the lock on the file so you can at least view it maybe. That might be worth a shot.

And I got lost when you started talking about IT this, and TaskModerators being on steroids that, and how you fell down on your head....it was all too confusing. But I agree that we should move this to the Break Room where we could get a laugh out of it...that was good idea you have there MikMik. ;0)

__________________
Web Design & Development News
The BoG Reborn

Thanks for the suggestion, Ron - I got a lot of script errors on that website but after clicking "no don't bother to debug" about 6 times I was able to download the utility - I'll give it a shot and see what it reveals...

__________________
Psychology Mental Health & Self-Help Forum
Online Counseling & Therapy | Mental Health Directory

Dang I hate those script errors. I had a debugger running, and ran into that all the time. I finally just turned the damn thing off. Don't know why I even had up and running anyway....like I am going to debug script errors, sure! :0)

No problem. There are some other utilities there for port monitoring and tcp connections in there too. Whole slews of them.

You would know better than I what to look for. But, I am not too partial to freeware as I said. There is a shareware side to that site. I don't like that stuff much either....so forget I even mentioned any of this. Erase from your mind, cuz it too late...I already typed it. ;0)

I did download one thing off of there called IP Updater. If you are running an Apache Server (which I am) and your IP address is dynamic (which mine is) this sends out changes in your address and updates your sub-domain name. Which is kind of cool. They give you a free sub-domain name too. I am still reading about it to see what the catch is. But if it is any good I will be able to at least have a regular easy to remember domain name and not just an IP address that keeps changing. http://12.178.132.123 right now.

__________________
Web Design & Development News
The BoG Reborn

minstrel wrote:
Thanks for the suggestion, Ron - I got a lot of script errors on that website but after clicking "no don't bother to debug" about 6 times I was able to download the utility - I'll give it a shot and see what it reveals...

Yes, I find a lot of sites with javascript errors, I even had to put a script that blocks the javascript error notification because the script works perfectly! And logging in here, let me tell you. The only prob is that I forget to turn the notification back on when try out my pages. Woe is me.

Hey, ronniethedodger, I used to DESPISE third party software of any type, but there is a lot of very good stuff out there these days. I am up to 50 or 60 add-ons, this install (I wipe and re-install every 2-3 months or so), and my boot-ups are still at 75 seconds, 105Mb RAM, and 19 processes with IIS and Norton2003 running, all critical updates done also. No windows messenger.
I am amazed at what is available. Why are you hesitant? I find sites that offer user reviews AND editor recommendations to give good indications of what I'm getting into. I agree that there is a lot of crapola around, but...

By the way, minstrel, remember that discuassion, re: disable windows/msn messenger from startup etc? I got the startup manager app you recommended - there is another freeware/runs from folder/no overhead baby that is nifty.

My point is, though, I still had to go to Program Files and rename it "'x'msnmsg.exe" to disable it from running in background, but good app you got me, nevertheless.

Anyways, I'm thinking of winning the lottery soon so I can devote more time to this forum and helping you guys with any medication costs that you may be incurring as a result of needing treatment for injuries/brain damage/hangovers and to prevent potential lucid posting that can be used as blackmail leverage by the women. It is stuff like this that has me concerned:
I wish you a lengthy, demoral enhanced convalescence. Let me know if things start making sense and we'll bring in re-enforcements.
(Oh, no. Another de-dijeree-doo-ja-vu experience...)

Yes, I meant to use safe mode to try to see if there was a dll thayt could be disabled in order to at least prevent the thingy we're talking aboot here from launching.

Let's see, what else....

__________________
What I am is what I am, are you what you are, or what.
Eddie Brickel