Hello everyone,

After updating to SP2 on WinXp Home, I noticed a new folder within C:\Windows named EHome. Within the folder is one file, medctrro.cmd.

Did a bit of research and found it is associated with Windodws Media Center or possibly a virus.

Checked with an updated AVG and a couple of other online scanners, and everything came up clean.

Ran an updated Spybot, AdAware, Windows Defender, CWShredder, and Hijackthis. All came up clean.

The contents of the command file is;

if EXIST %~dp0\ehshell.exe (
if EXIST %~dp0\medctrro.exe (
start %~dp0\medctrro.exe /o -RunOnce
)
)

I searched the registry and found nothing for medctrro or ehshell.

Any ideas of why this folder was installed during the SP2 update?

Does anyone else have this folder?

Best Regards and Wishes,
Mesich, Webmaster of mesich.com
Currently stored on a temporary webhost.

Yep I have it all that is in it is
custsat.dll

opening the driver file with a resourse hacker program was only able to retrive the following

1 VERSIONINFO
FILEVERSION 9,0,2600,2180
PRODUCTVERSION 9,0,2600,2180
FILEOS 0x40004
FILETYPE 0x1
{
BLOCK "StringFileInfo"
{
BLOCK "040904B0"
{
VALUE "CompanyName", "Microsoft Corporation"
VALUE "FileDescription", "custsat"
VALUE "FileVersion", "9.0.2600.2180 (xpsp_sp2_rtm.040803-2158)"
VALUE "InternalName", "custsat"
VALUE "LegalCopyright", "© Microsoft Corporation. All rights reserved."
VALUE "OriginalFilename", "custsat.dll"
VALUE "ProductName", "Microsoft® Windows® Operating System"
VALUE "ProductVersion", "9.0.2600.2180"
}
}

BLOCK "VarFileInfo"
{
VALUE "Translation", 0x0409 0x04B0
}
}

Will play around a bit more and let you know if I find anything

I had also got the folder EHome but it was totally empty and so now it has been erased from my computer.

Dougie

mesich do you have msn messenger installed ?

if so go here C:\Program Files\Messenger

What do you see in here but that driver file again ?

HI all,

What is medctrro.exe?

i_XpUser

Also...

What is medctrro.cmd?

i_XpUser

Hello everyone,

All with the folder, 1 with a command file which points to 2 executables which don't exist, one with a .dll file and one empty.

Starting to sound like a SP2 upgrade glitch.

Out of curiousity, how did you install SP2?
I used the CD provided by Microsoft.

Hi IamBiGePaNtS,

Yeah, messenger is installed but disabled. No instance of ehshell.exe or medctrro.exe however the custstat.dll is there and also in;
C:\Program Files\Windows Media Player and C:\WINDOWS\ServicePackFiles\i386.

No instance of the other two files in those locations either.

Hi XpUser,

Thanks for the info.

Best Regards and Wishes,
Mesich, Webmaster of mesich.com
Currently stored on a temporary webhost.

Report Offensive Follow Up For Removal

You're welcome :-) BTW all my PCs got SP2 thru Windows Updater.

i_XpUser

I have searched my whole drive for any instance of medctrro.exe doesn't exist on either of my 2 or the one I am working on right now (the one I am working on hasn't been updated or seen the internet for over a year been locked away in an office without any network or fresh air for month's !)

PS they are all XP Pro

This is getting more intriguing. According to Windows XP Professional Resource Kit System Files Reference (CLICK ME), under Table A-4 Windows Folder and Subfolders, ehome is used by Windows Media Center Edition. I think it's a "boilerplate" folder that apply to all Windows XP platforms whether or not you have WMCE.

i_XpUser

Hi IamBiGePaNtS,

Thanks for checking it out.

You should take that poor thing out for a bit of air more often. :-)

It's just a curiousity thing as I know I can safely delete the file and folder. Bit more curious now that yours has the .dll file and Dougie's EHome folder was empty.

Best Regards and Wishes,
Mesich, Webmaster of mesich.com
Currently stored on a temporary webhost.

Report Offensive Follow Up For Removal

My hitch is right. I went over to my next-door neighbor to check her WMCE HP. Under the ehome folder there are many files and subfolders all used with WMCE. I would just leave the ehome folder alone. IT's not bothering me.

i_XpUser

Hi XpUser,

That certainly explains the folder.

It appears the only one that would be a "boilerplate" is Dougie's.

I'm still curious as to why SP2 loaded the .dll in IamBiGePaNtS, and the worthless command file in mine.

Thanks again. :-)

Best Regards and Wishes,
Mesich, Webmaster of mesich.com
Currently stored on a temporary webhost.

Report Offensive Follow Up For Removal

Hi XpUser,

Yeah, I just get curious when I see new folders, especially within the Windows directory and even more curious when they contain executable files which I don't recognize. :-)

Bit cold there this time of night to be out running the neighborhood isn't it? :-)

Thanks again.

Best Regards and Wishes,
Mesich, Webmaster of mesich.com
Currently stored on a temporary webhost.

Report Offensive Follow Up For Removal

I think I need to clarify what I meant by "boilerplate." In my specialized field of work before I retired, boilerplate refers to a standard item that is throw in as part of the master plan, whether or not you need it. This explains the circumstances surrounding the dll in IamBiGePaNtS, and the worthless command file in yours.

i_XpUser

I agree with your queries as to what a MSN dll file (I assume only that it is an MSN dll 'cause it also appear's in the messenger folder same version same size and viewing with notepad is Identical)is doing in that "ehome" folder and why I never got any of the other stuff .

I wonder is update smart enough to know what is installed on each of our machines and give us different files in that folder for different installed enviroments and if so the significance of that folder must be more sinister then first thought ...

DAMN more things to ponder