Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
G'day,
A friend of mine unwittingly downloaded a programme that said that it would monitor his RAM usage. It promptly insertes itself in his start menu and onto his hard drive. He then asked me to remove it. So, I deleted from his windows directory and from the start menu.
Needless to say, after reboot it was back.
So, I started in command mode (F8) and deleted it. Rebooted and back it came.
I then went into the registry and deleted all refernces to it.
It now no longer runs in the start memu and doesn't seem to be running as a task, but it has still managed to get itself into the windows directory?????
Does anyone know where this little ***&& is hiding??
The program is TVTMD.exe and also another directory c:\windows\memorymeter\memorymeter.exe. was created.
Thanks in advance.
regards,
Elric
According to http://www.pacs-portal.co.uk/startup_index.htm memorymeter.exe is an autoinstalling SPYWARE by Total Velocity
According to http://216.239.57.100/search?q=cache:wDNWNT2F6JUJ:www.softonic.com/forums/list.php%3Ff%3D5+TVTMD.EXE&hl=en&ie=UTF-8 TVTMD.exe may be a virus. I can’t read Spanish? LOL
I would go to the http://www.spywareinfo.com/forums/ and post your problem in the “Spyware and Hijackware Removal Support” forum, they will try and help you solve this problem. When posting you should also post your HijackThis logfile which you can get at http://www.tomcoyote.org/hjt/
0 
My twin nieces downloaded the MemoryMeter, too. I don't know what site.
I was able to delete it with AdAware.
However, I've been left with a file in C:\Windows that I can't delete.
Error message reads: Cannot delete TVTMD. The specified file is being used by Windows.
Virus checks from three different sources do not detect it as a virus. It is, however, trying to get back to the Internet. My Firewall has stopped it, so far.
Any clues would be appreciated
0
Hummmm, TVTMD could be called in the registry by an unrecognizable character string.
What you could do is look at it's file attributes with windows. If it's read only uncheck it if it will let you. If it doesn't and i suspect this, you have to get tough.
Insert the EBD and reboot to the a: prompt. change to c:\ and the directory to c:\windows and verify it's there. Remane the file, remove the EBD and reboot.
When windows boots you should get an error that a TVTMD is missing and it may give some clue to what called it. You may be able to remove that from the registry and then go to the renamed TVTMD and delete that as well.
the DOS commands
c:
cd c:\windows
dir
attrib /? shows the attrib syntax
attrib TVTMD shows current file attributes
attrib -r TVTMD removes read only
rename TVTMD to whatever
erase changed TVTMD filename
0
Thanks for the advice.
I think I may have figured out a way to get rid of it.
If you track it down, using Windows Explorer, it appears that you ARE able to delete the file. It's now sitting in my Re-cycle bin and a search for the file fails to turn it up on my C or D drive.
Just maybe I've seen the last of it.
I hope this is of help to others.
0
I don't know...
I went through this a week ago and thought I had it gone, and it re-appeared last night...
I'm confident that I was infected at a site that offered DSS info, but can't remember the site. It will come to me sooner or later though.
0
Do a regedit search on ff0b99368c0b, or, memorymeter. Delete the key. This should clear it out completely; along with what else you have already gotten rid of.
That is, if the anti-spyware software didn't already find the key.
0
The spyware didn't work for me. This is how I got rid of it:
1.Delete the memorymeter folder from the c:\windows\programs or c:\windows folder.
2. Run regedit and search for tvtmd. I found 3 entries. I deleted these entries from the registry.
3. Reboot the computer in dos mode (running the dos prompt from windows will not work)and delete the file c:\windows\tvtmd.exe. The problem was solved.
0
xd_1999.....The Dss site I believe you got this from, was DSSFilexchange_com. I got it last night. Not sure if its a virus, but I do believe its spyware. That is used in conjunction with Memorymeter(software that supposedly helps you manage you're ram memory)
0
Autocrat... I believe you are correct on the site. Ad-aware 6.0 did not remove it completely. I've deleted all references to tvtmd and memorymeter, and will folllow Codgers advice on the registery.
0
AdAware 6 (build 162) with the latest reference file 0R142 *finds* parts of TVTMD but is unable to remove all of it. There is a "directory" off the root of my C: drive that contains a file that I can't delete. Its name changes each time the machine starts and it is ALWAYS "in use" so it can't be deleted. It is about 33K and is named something like a005000.cpy. The "directory" is: C:\_RESTORE\TEMP\
This "directory" does not show using DIR when the machine is booted from DOS. I don't know how to make this non-directory and its files visible from DOS.
I'm wondering how this got into my machine. I have downloaded anything for ages. Anybody have an idea?
It is spyware; my copy of ZoneAlarm caught TVTMD trying to access the net.
0
One further observation:
Both Memory Meter and TVTMD appear in my list installed programs. They go through the motions of allowing themselves to be removed.
At this point (and possibly others) TVTMD tries to "phone home"
0
This is a "drive-by download. It showed up on my computer this morning. I have been agressively combating ads, spyware, highjack ware, so when I saw the following three things, I looked for it right away: ads popping up onscreen again, memory blaster in the systray, and memory meter in add/remove programs. Also found the memory meter folder which has the dll and deleted it. I had only been to one web site this morning, so after I thought the computer was clean, I went to several other sites, then back to SCREENIT.COM, the offending site. Sure enough, after looking at two movie reviews, the third one popped up a window asking for my year of birth, zip code, and sex. After closing the window (unfilled in), memory blaster was in the systray again. Had to do all the same cleaing. Rebooted computer, and TVTMD tried to access the Internet, but was stopped by Zone Alarm. I appreciate all the info on getting rid of this pest. Screenit.com is not likely to be the only place it comes from, but it DEFINITELY comes from there - this is relatively new for them as I have used the site extensively in the past.
0
G'day,
Thanks for the very usefull discussion guys; it's nice to know I'm not the only one with the problem..
Got rid of all references in the registry and deleted it from the system directory whilst in command mode.
It doesn't appear to have come back, but I will keep my eyes peeled..
thanks,
Elric
0
Keep having the same issue myself.
Yep - kept popping up on my system - and no downloads/installs have been performed. I'm guessing it's a vulnerability in IE that MS hasn't caught yet - and I keep checking for updates but no go. Was popping up on my system once a week or so and it wass getting RATHER ANNOYING. To all the above - keep checking your systems - found a way I'll describe below that seems to work - but until I did that it kept popping back up.
One way to 'disable it' - you can replace the MemoryMeter.exe with another (benign) executable and make it READ-ONLY (for the time being - until I find a permanent way of keeping it off my *&@&#%# system). One idea I tried and it seems to work.
Wish everyone luck - hope there is a perm fix out there somewhere (aside from lack of web use).
Joe
0  |
 Can't access the hard dri...
|
Router security worries
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
