Skip to main content
Greetings,

Daniel K. Hall Computer specialist Sr. from Univ. of Wyoming - InfoTech. We just introduced WR to our campus in the past months and as a part of our desktop support group, I am often charged with following up on heavily infected machines. We recently had a dozen or so machine flag an unknown sourse file named "prpasswd.exe". When I look it up i see that only 2 of 30 security utilities are reporting it as a threat. It is classed as a password renew executable and there is no known company association. How can I lookup more information on why this file was flagged by WR and why? Here is the informaiton i have;

File Name     : rnpasswd.exe

File Size     : 95744 byte

File Type     : application/x-dosexec

MD5           : 0216af893b002b3596a953b106dd354d

SHA1           : 158904ca6c1b2d4359ad765a7ca3f64899e1ba5d

 

Thank you, and Have a Great...Day!!!

:
Hello wecyotee,

 

Welcome to the Webroot Community,

 

My advise is to Submit a Support Ticket so that they can check this "rnpassed.exe". It could be a false positive but I can't be sure. This is a free service with a Webroot subscription.

 

Maybe ? or ? could add to this?
Hi wecyotee

 

Welcome to the Community Forums.

 

I am a wondering if this executable is the one reference in this Microsoft Technet article? If it is then hopefully this gives you the necessary to further explore/decide how to handle these locally. 

 

Regards, Baldrick
The best thing to do would be to submit a Support Ticket.

 

This file is a password reset tool:

 

"Password Renew lets the user change the password of the local Administrator account or create a new admin level user with a password of their choice. This is a great tool for getting into Windows boxes you don't have an admin password for"

 

If you're knowingly using it, you can create an override. If an unautorized user is using this tool, it could be for malicious purposes. 

 

-Dan

 
? see here: http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx? does it matter?

 

Thanks,

 

Daniel

 


@ wrote:

@ see here: http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx? does it matter?

 

Thanks,

 

Daniel

 



I'll have to pass this one along... The descrepancy between the determination date and first seen date is a bit confusing, but you would only see that with files going back to the Prevx days like this one. It is not something I would be all that concerned about.

 

-Dan

Reply