Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
{reposted from XP forum)
Yesterday I stupidly ran an exe file which popped up all these windows and Zone Alarm was asking if this file could have access to the net, to which i promptly said no. I also run AVG Anti Virus and this picked up something, but I chose to move it to the vault and delete. Then this morning when I turned my PC on, I had an adult website popup from nowhere and then the AVG Virus alert box came up, having found an infected file in my temporary Internet Files folder. I deleted this also, and ran a virus scan, and it found infected files in my Documents and settings\Alex\Application Data\Sun\java\Deployment\Cache\JavaAPI\1.0\Jar folder. I uninstalled Java and deleted these files but there are still weird goings on, such as in my TEMP folder, 0 byte files are created every few minutes, called WIN1A.TMP, WIN3.TMP, WIN4.TMP, WIN5.TMP and so on.
I have ran both AdAware and Spybot, these haven't found anything, and I'm also now running the Microsoft Malicious Software removal tool, which, so far, has also found nothing. I also tried running System Restore, as I had two restore points in recent days, but this failed, and said it was not able to restore my computer to those dates, although it didn't give me a reason for this.Do you think those Temp files are somewhat suspicious? Is there any way I can search my PC properly (registry, folders etc) to get rid of this?
Cheers
maybe turn off system restore and run Crap Cleaner and also ATF-cleaner in safe mode. Then reboot and turn restore back on. That should get rid of the temp files and infected cookies.
Hopefully my advice will help you...Please post back with your results....thanks
0 
0
Back again, I've done as suggested, and those applications cleared out a lot of crap, however, i've restarted and am still seeing zero byte WIN*.TMP (where *=1,2,3,etc) files being created in my C:\Windows\Temp folder. I don't even KNOW if this is a virus, they might have always been generated in that folder as temp files, but they look too similar to the files that AVG picked up during its virus scan (WIN148.TMP.exe for example) for my liking. So i'm a bit concerned.
0
As an extra bit of info, I've just looked at the timestamp on the 0 byte TMP files and one is created exactly every 2 minutes.
0
What executable did you run that started all this? What anti-virus program are you running?
Life is more painless for those who are brainless.
0
It was a keygen file someone sent me, i'd better leave it at that (forum rules etc) As for the latest, i've got an interesting screenshot taken from FILEMON:
It shows what i'm talking about, and it also shows that WINLOGON is the process creating these TMP files. This could be normal, I have no idea, because i've never checked before!
I thought about replacnig the WINLOGON file with my original on my XP cd, but I can't remember the name of the utility.
Cheers
0
It looks that way :S But I never disputed that, I just want to know if this is usual behaviour for the system ;)
I haven't been getting popups etc anymore, but I'm still concerned about these temp files for some reason.
0
Please do the following and save all logs but "Do Not" post them until asked by someone like "Jabuck".
Download Ewido then set it up this way Ewido Setup Instructions You will need this later in safe mode
Please download ATF-Cleaner to your desktop from this link
ATF-Cleaner You will need it later in safe modeNext follow these directions to reboot into Safe Mode
Run Ewido and let it delete all that it finds.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Reboot into normal mode.Run this free online scan from Kaspersky
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop.Download Hijack This Here then place it into a folder of it's own, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log.
0
Ok thanks VERY much for the information so far people, it is much appreciated.
I'll try that out in Safe Mode and then get back to you,
Cheers
0
wow Murr said it all,
[QUOTE
all i would say is be wary of Crap Cleaner,
After I downloaded Ccleaner and Hijack This on to my own computer I instantly had problems. Eventually (after my password failed about 20 times...it finally booted again an hour later with the same password) I ran spybot and it detected at least 25 spyware, adware programs. This is way more than I ussually find. Now my computers password keeps changing and I cannot log on. I changed the setup and boot password, and that seemed to work, but now it has changed them. CCleaner also made my mates computer unusable. BE CAREFULL!!! ]try downloading cleanup its a much better and safer tool
http://www.stevengould.org/software/cleanup/
Forward As one.
0
I have stuck with version 1.26 of CCleaner and it's very good.You have to be careful with the new "Full Version" though because it installs a toolbar which could be the reason for your problems.
0
Thanks Murr, you're a legend lol, and thanks to everyone else who answered my post - I did as suggested, using the ewido program, and never did i realise i had so much crap on my computer - it found around 300 'infected files' including the culprit, winhdn32.dll which was interacting with winlogon.exe.
I rebooted after cleaning, and now the Temp files are no longer created. Overall, I was really impressed with the ewido program although it did take over 2 hours to complete lol. But at least it appears to have done the job. I have saved my HiJack this log, and I think it has something interesting in it, but like you said earlier, i won't post that until someone asks me to!
Thanks again
Alex
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
