 |
|
|
|
Next: Spyware or a benign virus on my PC ?
|
| Author |
Message |
External
Since: Jul 17, 2003
Posts: 3
|
(Msg. 1) Posted: Thu Jul 17, 2003 1:02 am
Post subject: Damn trojan in my temp (probably). Advice needed.
Archived from groups: alt>comp>virus (more info?)
|
|
|
Ok , this is how the situation has. 3 days my firewall poped up and an
application in my C:\Documents And Settings\Administrator\Local
Settings\temp wanted to connect at port 80 of an address.
It had a weird icon and a weird name ( Rar1.exe).
I denied all connection to the internet from the application , killed
it from the taskmanager and then deleted the exe from the temp folder.
I rebooted and the damn thing showed up again , everything the same
except the file name. tub1.exe this time.
Every time i deleted it it showed up in the next reboot with diffrent
name. I searched the registy but i didnt find anything, neither on
google for the names of the file. I also used plenty different trojan
cleaners with no success and Norton Antivirus with latest dfinitions
but again, no success.
I cant find the file where the executable is being generated from
everytime i start my computer. Does anyone had the same problem or
knows a solution for this?
Other names that the executable in my temp had: uvw4.exe , pgv1.exe ,
mid1.exe, mus1.exe , rip1.exe , yfb1.exe , iki1.exe |
|
| Back to top |
|
 | |
External
Since: Jul 19, 2003
Posts: 4
|
(Msg. 2) Posted: Thu Jul 17, 2003 1:10 pm
Post subject: Re: Damn trojan in my temp (probably). Advice needed. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On 17 Jul 2003 01:02:16 -0700 crash01x.TakeThisOut@linuxmail.org (blinga) wrote:
>Ok , this is how the situation has. 3 days my firewall poped up and an
>application in my C:\Documents And Settings\Administrator\Local
>Settings\temp wanted to connect at port 80 of an address.
>It had a weird icon and a weird name ( Rar1.exe).
Did you try a trojan removal program? |
|
| Back to top |
|
| |
External
Since: Jul 17, 2003
Posts: 3
|
(Msg. 3) Posted: Thu Jul 17, 2003 6:36 pm
Post subject: Re: Damn trojan in my temp (probably). Advice needed. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
blinga wrote:
> Ok , this is how the situation has. 3 days my firewall poped up and an
> application in my C:\Documents And Settings\Administrator\Local
> Settings\temp wanted to connect at port 80 of an address.
> It had a weird icon and a weird name ( Rar1.exe).
>
> I denied all connection to the internet from the application , killed
> it from the taskmanager and then deleted the exe from the temp folder.
> I rebooted and the damn thing showed up again , everything the same
> except the file name. tub1.exe this time.
>
> Every time i deleted it it showed up in the next reboot with diffrent
> name. I searched the registy but i didnt find anything, neither on
> google for the names of the file. I also used plenty different trojan
> cleaners with no success and Norton Antivirus with latest dfinitions
> but again, no success.
>
> I cant find the file where the executable is being generated from
> everytime i start my computer. Does anyone had the same problem or
> knows a solution for this?
>
> Other names that the executable in my temp had: uvw4.exe , pgv1.exe ,
> mid1.exe, mus1.exe , rip1.exe , yfb1.exe , iki1.exe
Disable System Restore, then scan with NAV.
--
Winerr 00B - Push Error; Removing Files to Make Room for Advertisement >> Stay informed about: Damn trojan in my temp (probably). Advice needed. |
|
| Back to top |
|
| |
External
Since: Jul 17, 2003
Posts: 3
|
(Msg. 4) Posted: Fri Jul 18, 2003 1:25 pm
Post subject: Re: Damn trojan in my temp (probably). Advice needed. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
I forgot to tell you that i am using Windows 2000 and not Windows XP -
which has option to disable system restore -
Any ideas how i do it under Win2k ?
"S.Heenan" <SusanH705removethis.DeleteThis@hotmail.com> wrote in message news:<J0CRa.449174$3C2.12239381@news3.calgary.shaw.ca>...
> blinga wrote:
> > Ok , this is how the situation has. 3 days my firewall poped up and an
> > application in my C:\Documents And Settings\Administrator\Local
> > Settings\temp wanted to connect at port 80 of an address.
> > It had a weird icon and a weird name ( Rar1.exe).
> >
> > I denied all connection to the internet from the application , killed
> > it from the taskmanager and then deleted the exe from the temp folder.
> > I rebooted and the damn thing showed up again , everything the same
> > except the file name. tub1.exe this time.
> >
> > Every time i deleted it it showed up in the next reboot with diffrent
> > name. I searched the registy but i didnt find anything, neither on
> > google for the names of the file. I also used plenty different trojan
> > cleaners with no success and Norton Antivirus with latest dfinitions
> > but again, no success.
> >
> > I cant find the file where the executable is being generated from
> > everytime i start my computer. Does anyone had the same problem or
> > knows a solution for this?
> >
> > Other names that the executable in my temp had: uvw4.exe , pgv1.exe ,
> > mid1.exe, mus1.exe , rip1.exe , yfb1.exe , iki1.exe
>
> Disable System Restore, then scan with NAV. >> Stay informed about: Damn trojan in my temp (probably). Advice needed. |
|
| Back to top |
|
| |
External
Since: Sep 19, 2003
Posts: 98
|
(Msg. 5) Posted: Sat Jul 19, 2003 1:50 am
Post subject: Re: Damn trojan in my temp (probably). Advice needed. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Maybe my mind is going.......but I don't think you have System Restore
on Windows 2000.......at least, not when I used it for a couple of weeks
last summer. Or am I misreading what you are asking. To disable System
Restore on Win2000? Or get rid of your problem.
HF
"blinga" <crash01x.TakeThisOut@linuxmail.org> wrote in message
news:6e64d471.0307181225.46f8f458@posting.google.com...
> I forgot to tell you that i am using Windows 2000 and not Windows XP -
> which has option to disable system restore -
> Any ideas how i do it under Win2k ?
>
> "S.Heenan" <SusanH705removethis.TakeThisOut@hotmail.com> wrote in message
news:<J0CRa.449174$3C2.12239381@news3.calgary.shaw.ca>...
> > blinga wrote:
> > > Ok , this is how the situation has. 3 days my firewall poped up
and an
> > > application in my C:\Documents And Settings\Administrator\Local
> > > Settings\temp wanted to connect at port 80 of an address.
> > > It had a weird icon and a weird name ( Rar1.exe).
> > >
> > > I denied all connection to the internet from the application ,
killed
> > > it from the taskmanager and then deleted the exe from the temp
folder.
> > > I rebooted and the damn thing showed up again , everything the
same
> > > except the file name. tub1.exe this time.
> > >
> > > Every time i deleted it it showed up in the next reboot with
diffrent
> > > name. I searched the registy but i didnt find anything, neither on
> > > google for the names of the file. I also used plenty different
trojan
> > > cleaners with no success and Norton Antivirus with latest
dfinitions
> > > but again, no success.
> > >
> > > I cant find the file where the executable is being generated from
> > > everytime i start my computer. Does anyone had the same problem or
> > > knows a solution for this?
> > >
> > > Other names that the executable in my temp had: uvw4.exe ,
pgv1.exe ,
> > > mid1.exe, mus1.exe , rip1.exe , yfb1.exe , iki1.exe
> >
> > Disable System Restore, then scan with NAV. >> Stay informed about: Damn trojan in my temp (probably). Advice needed. |
|
| Back to top |
|
| |
External
Since: Jul 17, 2003
Posts: 3
|
(Msg. 6) Posted: Sun Jul 20, 2003 11:31 pm
Post subject: Re: Damn trojan in my temp (probably). Advice needed. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
I was asking how to get rid of this thing in my temp but someone said
something about system restore which i also believe can't be disabled
in Windows 2000.
"Heather" <fergie RemoveThis @nospam.com> wrote in message news:<Pt1Sa.29857$Ci2.6861@news01.bloor.is.net.cable.rogers.com>...
> Maybe my mind is going.......but I don't think you have System Restore
> on Windows 2000.......at least, not when I used it for a couple of weeks
> last summer. Or am I misreading what you are asking. To disable System
> Restore on Win2000? Or get rid of your problem.
>
> HF
> "blinga" <crash01x RemoveThis @linuxmail.org> wrote in message
> news:6e64d471.0307181225.46f8f458@posting.google.com...
> > I forgot to tell you that i am using Windows 2000 and not Windows XP -
> > which has option to disable system restore -
> > Any ideas how i do it under Win2k ?
> >
> > "S.Heenan" <SusanH705removethis RemoveThis @hotmail.com> wrote in message
> news:<J0CRa.449174$3C2.12239381@news3.calgary.shaw.ca>...
> > > blinga wrote:
> > > > Ok , this is how the situation has. 3 days my firewall poped up
> and an
> > > > application in my C:\Documents And Settings\Administrator\Local
> > > > Settings\temp wanted to connect at port 80 of an address.
> > > > It had a weird icon and a weird name ( Rar1.exe).
> > > >
> > > > I denied all connection to the internet from the application ,
> killed
> > > > it from the taskmanager and then deleted the exe from the temp
> folder.
> > > > I rebooted and the damn thing showed up again , everything the
> same
> > > > except the file name. tub1.exe this time.
> > > >
> > > > Every time i deleted it it showed up in the next reboot with
> diffrent
> > > > name. I searched the registy but i didnt find anything, neither on
> > > > google for the names of the file. I also used plenty different
> trojan
> > > > cleaners with no success and Norton Antivirus with latest
> dfinitions
> > > > but again, no success.
> > > >
> > > > I cant find the file where the executable is being generated from
> > > > everytime i start my computer. Does anyone had the same problem or
> > > > knows a solution for this?
> > > >
> > > > Other names that the executable in my temp had: uvw4.exe ,
> pgv1.exe ,
> > > > mid1.exe, mus1.exe , rip1.exe , yfb1.exe , iki1.exe
> > >
> > > Disable System Restore, then scan with NAV. >> Stay informed about: Damn trojan in my temp (probably). Advice needed. |
|
| Back to top |
|
| |
External
Since: Jul 21, 2003
Posts: 33
|
(Msg. 7) Posted: Mon Jul 21, 2003 12:12 pm
Post subject: Re: Damn trojan in my temp (probably). Advice needed. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On 20 Jul 2003 23:31:42 -0700, crash01x DeleteThis @linuxmail.org (blinga) wrote:
>I was asking how to get rid of this thing in my temp but someone said
>something about system restore which i also believe can't be disabled
>in Windows 2000.
Can't be enabled there either. It was only added to NT in NT 5.1 (XP)
after prototype horror in WinME.
>--------------- ----- ---- --- -- - - -
Error Messages Are Your Friends
>--------------- ----- ---- --- -- - - - >> Stay informed about: Damn trojan in my temp (probably). Advice needed. |
|
| Back to top |
|
| |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Profile
Private Messages
Log in
