 |
|
|
|
Next: Spyware or a benign virus on my PC ?
|
| Author |
Message |
External
Since: Jul 17, 2003
Posts: 3
|
(Msg. 1) Posted: Thu Jul 17, 2003 1:02 am
Post subject: Damn trojan in my temp (probably). Advice needed.
Archived from groups: alt>comp>virus (more info?)
|
|
|
Ok , this is how the situation has. 3 days my firewall poped up and an
application in my C:\Documents And Settings\Administrator\Local
Settings\temp wanted to connect at port 80 of an address.
It had a weird icon and a weird name ( Rar1.exe).
I denied all connection to the internet from the application , killed
it from the taskmanager and then deleted the exe from the temp folder.
I rebooted and the damn thing showed up again , everything the same
except the file name. tub1.exe this time.
Every time i deleted it it showed up in the next reboot with diffrent
name. I searched the registy but i didnt find anything, neither on
google for the names of the file. I also used plenty different trojan
cleaners with no success and Norton Antivirus with latest dfinitions
but again, no success.
I cant find the file where the executable is being generated from
everytime i start my computer. Does anyone had the same problem or
knows a solution for this?
Other names that the executable in my temp had: uvw4.exe , pgv1.exe ,
mid1.exe, mus1.exe , rip1.exe , yfb1.exe , iki1.exe |
|
| Back to top |
|
 | |
External
Since: Jul 19, 2003
Posts: 4
|
(Msg. 2) Posted: Thu Jul 17, 2003 1:10 pm
Post subject: Re: Damn trojan in my temp (probably). Advice needed. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On 17 Jul 2003 01:02:16 -0700 crash01x.TakeThisOut@linuxmail.org (blinga) wrote:
>Ok , this is how the situation has. 3 days my firewall poped up and an
>application in my C:\Documents And Settings\Administrator\Local
>Settings\temp wanted to connect at port 80 of an address.
>It had a weird icon and a weird name ( Rar1.exe).
Did you try a trojan removal program? |
|
| Back to top |
|
| |
External
Since: Jul 17, 2003
Posts: 3
|
(Msg. 3) Posted: Thu Jul 17, 2003 6:36 pm
Post subject: Re: Damn trojan in my temp (probably). Advice needed. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
blinga wrote:
> Ok , this is how the situation has. 3 days my firewall poped up and an
> application in my C:\Documents And Settings\Administrator\Local
> Settings\temp wanted to connect at port 80 of an address.
> It had a weird icon and a weird name ( Rar1.exe).
>
> I denied all connection to the internet from the application , killed
> it from the taskmanager and then deleted the exe from the temp folder.
> I rebooted and the damn thing showed up again , everything the same
> except the file name. tub1.exe this time.
>
> Every time i deleted it it showed up in the next reboot with diffrent
> name. I searched the registy but i didnt find anything, neither on
> google for the names of the file. I also used plenty different trojan
> cleaners with no success and Norton Antivirus with latest dfinitions
> but again, no success.
>
> I cant find the file where the executable is being generated from
> everytime i start my computer. Does anyone had the same problem or
> knows a solution for this?
>
> Other names that the executable in my temp had: uvw4.exe , pgv1.exe ,
> mid1.exe, mus1.exe , rip1.exe , yfb1.exe , iki1.exe
Disable System Restore, then scan with NAV.
--
Winerr 00B - Push Error; Removing Files to Make Room for Advertisement >> Stay informed about: Damn trojan in my temp (probably). Advice needed. |
|
| Back to top |
|
| |
External
Since: Jul 17, 2003
Posts: 3
|
(Msg. 4) Posted: Fri Jul 18, 2003 1:25 pm
Post subject: Re: Damn trojan in my temp (probably). Advice needed. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
I forgot to tell you that i am using Windows 2000 and not Windows XP -
which has option to disable system restore -
Any ideas how i do it under Win2k ?
"S.Heenan" wrote in message ...
> blinga wrote:
> > Ok , this is how the situation has. 3 days my firewall poped up and an
> > application in my C:\Documents And Settings\Administrator\Local
> > Settings\temp wanted to connect at port 80 of an address.
> > It had a weird icon and a weird name ( Rar1.exe).
> >
> > I denied all connection to the internet from the application , killed
> > it from the taskmanager and then deleted the exe from the temp folder.
> > I rebooted and the damn thing showed up again , everything the same
> > except the file name. tub1.exe this time.
> >
> > Every time i deleted it it showed up in the next reboot with diffrent
> > name. I searched the registy but i didnt find anything, neither on
> > google for the names of the file. I also used plenty different trojan
> > cleaners with no success and Norton Antivirus with latest dfinitions
> > but again, no success.
> >
> > I cant find the file where the executable is being generated from
> > everytime i start my computer. Does anyone had the same problem or
> > knows a solution for this?
> >
> > Other names that the executable in my temp had: uvw4.exe , pgv1.exe ,
> > mid1.exe, mus1.exe , rip1.exe , yfb1.exe , iki1.exe
>
> Disable System Restore, then scan with NAV. >> Stay informed about: Damn trojan in my temp (probably). Advice needed. |
|
| Back to top |
|
| |
External
Since: Sep 19, 2003
Posts: 98
|
(Msg. 5) Posted: Sat Jul 19, 2003 1:50 am
Post subject: Re: Damn trojan in my temp (probably). Advice needed. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Maybe my mind is going.......but I don't think you have System Restore
on Windows 2000.......at least, not when I used it for a couple of weeks
last summer. Or am I misreading what you are asking. To disable System
Restore on Win2000? Or get rid of your problem.
HF
"blinga" wrote in message
> I forgot to tell you that i am using Windows 2000 and not Windows XP -
> which has option to disable system restore -
> Any ideas how i do it under Win2k ?
>
> "S.Heenan" wrote in message
...
> > blinga wrote:
> > > Ok , this is how the situation has. 3 days my firewall poped up
and an
> > > application in my C:\Documents And Settings\Administrator\Local
> > > Settings\temp wanted to connect at port 80 of an address.
> > > It had a weird icon and a weird name ( Rar1.exe).
> > >
> > > I denied all connection to the internet from the application ,
killed
> > > it from the taskmanager and then deleted the exe from the temp
folder.
> > > I rebooted and the damn thing showed up again , everything the
same
> > > except the file name. tub1.exe this time.
> > >
> > > Every time i deleted it it showed up in the next reboot with
diffrent
> > > name. I searched the registy but i didnt find anything, neither on
> > > google for the names of the file. I also used plenty different
trojan
> > > cleaners with no success and Norton Antivirus with latest
dfinitions
> > > but again, no success.
> > >
> > > I cant find the file where the executable is being generated from
> > > everytime i start my computer. Does anyone had the same problem or
> > > knows a solution for this?
> > >
> > > Other names that the executable in my temp had: uvw4.exe ,
pgv1.exe ,
> > > mid1.exe, mus1.exe , rip1.exe , yfb1.exe , iki1.exe
> >
> > Disable System Restore, then scan with NAV. >> Stay informed about: Damn trojan in my temp (probably). Advice needed. |
|
| Back to top |
|
| |
External
Since: Jul 17, 2003
Posts: 3
|
(Msg. 6) Posted: Sun Jul 20, 2003 11:31 pm
Post subject: Re: Damn trojan in my temp (probably). Advice needed. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
I was asking how to get rid of this thing in my temp but someone said
something about system restore which i also believe can't be disabled
in Windows 2000.
"Heather" wrote in message ...
> Maybe my mind is going.......but I don't think you have System Restore
> on Windows 2000.......at least, not when I used it for a couple of weeks
> last summer. Or am I misreading what you are asking. To disable System
> Restore on Win2000? Or get rid of your problem.
>
> HF
> "blinga" wrote in message
>
> > I forgot to tell you that i am using Windows 2000 and not Windows XP -
> > which has option to disable system restore -
> > Any ideas how i do it under Win2k ?
> >
> > "S.Heenan" wrote in message
> ...
> > > blinga wrote:
> > > > Ok , this is how the situation has. 3 days my firewall poped up
> and an
> > > > application in my C:\Documents And Settings\Administrator\Local
> > > > Settings\temp wanted to connect at port 80 of an address.
> > > > It had a weird icon and a weird name ( Rar1.exe).
> > > >
> > > > I denied all connection to the internet from the application ,
> killed
> > > > it from the taskmanager and then deleted the exe from the temp
> folder.
> > > > I rebooted and the damn thing showed up again , everything the
> same
> > > > except the file name. tub1.exe this time.
> > > >
> > > > Every time i deleted it it showed up in the next reboot with
> diffrent
> > > > name. I searched the registy but i didnt find anything, neither on
> > > > google for the names of the file. I also used plenty different
> trojan
> > > > cleaners with no success and Norton Antivirus with latest
> dfinitions
> > > > but again, no success.
> > > >
> > > > I cant find the file where the executable is being generated from
> > > > everytime i start my computer. Does anyone had the same problem or
> > > > knows a solution for this?
> > > >
> > > > Other names that the executable in my temp had: uvw4.exe ,
> pgv1.exe ,
> > > > mid1.exe, mus1.exe , rip1.exe , yfb1.exe , iki1.exe
> > >
> > > Disable System Restore, then scan with NAV. >> Stay informed about: Damn trojan in my temp (probably). Advice needed. |
|
| Back to top |
|
| |
External
Since: Jul 21, 2003
Posts: 33
|
(Msg. 7) Posted: Mon Jul 21, 2003 12:12 pm
Post subject: Re: Damn trojan in my temp (probably). Advice needed. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On 20 Jul 2003 23:31:42 -0700, crash01x.RemoveThis@linuxmail.org (blinga) wrote:
>I was asking how to get rid of this thing in my temp but someone said
>something about system restore which i also believe can't be disabled
>in Windows 2000.
Can't be enabled there either. It was only added to NT in NT 5.1 (XP)
after prototype horror in WinME.
>--------------- ----- ---- --- -- - - -
Error Messages Are Your Friends
>--------------- ----- ---- --- -- - - - >> Stay informed about: Damn trojan in my temp (probably). Advice needed. |
|
| Back to top |
|
| |
| Related Topics: | Trojan Advice Please - Hi all, I found a trojan on a users system because it was broadcasting to the network like mad trying to find a way to the internet. It had opened lots of listening connections on various ports. The file causing this was a 93 Kb Win32 Portable..
advice on steps following trojan removal - A trojan infected files in Windows/system32 as detected by Norton Antivirus Corporate 10. I also have a firewall - Zone Alarm, and XP Pro SP2 I did the scan, and deleted files quaranteened. Then I did another scan in safe mode and no additional viruse...
Trojan Agent.FK help needed - A friend running XP Home has had it slow down to crawl pace and I am trying to help from a distance(not easy to get to PC distance wise). She has Mcafee and Adaware &Spybot that show nothing. One of my suggestions was to run Trend Micro online sca...
trojan or virus? help needed - Hi hoping you could help me out. lately my computer has been acting funny, ie jpgs wont open. the association with that extension had been deleted. I figured just some glitch, easily fixed, but yesterday my file folders are all blank, but only when I vie...
Virus/Trojan help needed...... - I have found in C\windows\temp numerous "exe" programs that all start with "winxxxxx" the "x's" being a jumble of letters,such as "winffgty" and "winsertf" and so on..usually 20 or more of these little... |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Search
Profile
Private Messages
Log in
