Need help: recently infected with malware, can't even doubleclick programs to start!

**indypooh** · 2010-04-19, 20:03

I probably should be hit with an idiot tax, but:

C:\Documents and Settings\User\Application Data\Temp\3A.tmp

I cannot find the \temp\ subfolder, even after displaying the hidden files/folders.

Thanks again for your patience.

**ken545** · 2010-04-19, 20:13

Try here, forgive me I am at work and juggling about 12 things at once

C:\Documents and Settings\User\Local Settings\Temp\3A.tmp

**indypooh** · 2010-04-19, 20:24

Ken:

In the
C:\Documents and Settings\User\Local Settings\Temp

folder, I found the following .tmp files:

~DF7B09.tmp
~DF19F1.tmp
~DFD66D.tmp
28D.tmp

Would any of those be the one(s) I should delete? I am unfortunately unable to find the the 3A.tmp file anywhere.

Thanks again.

**ken545** · 2010-04-19, 20:26

You can delete them all.

**indypooh** · 2010-04-19, 20:37

Thanks again,

I was able to delete 28D.tmp with no issues, but unable to delete:

~DF7B09.tmp
~DF19F1.tmp
~DFD66D.tmp

as they were listed "in use". I tried to close all programs, but got the same result.

If there is more I should do, please let me know!

Thanks again.

**ken545** · 2010-04-19, 21:15

Run this cleaner and see if there gone

Please download ATF Cleaner by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.

Thank You Atribune

**indypooh** · 2010-04-19, 21:27

After running that program,

~DF7B09.tmp
~DF19F1.tmp
~DFD66D.tmp

remain in the C:\Documents and Settings\User\Local Settings\temp folder.

In case it helps, all 3 files are 16k in size, and were created today at 4/19/2010 about 2 hours ago (1:19p eastern).

Thanks again.

**ken545** · 2010-04-19, 23:27

I don't think those files are anything to worry about, I was looking through a few older posts in other forums and they where not removed by the helpers.

You can browse to that folder and upload one or all to be checked, post back with the results

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see.

C:\Documents and Settings\User\Local Settings\temp <--Upload the ones in this folder

If the site is busy you can try this one

http://virusscan.jotti.org/en

**indypooh** · 2010-04-20, 16:40

2 of the files returned with the message "0 bytes size received"

One file returned this:

File _DFD66D.tmp received on 2010.04.20 14:36:41 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)

a-squared 4.5.0.50 2010.04.20 -
AhnLab-V3 5.0.0.2 2010.04.20 -
AntiVir 7.10.6.143 2010.04.20 -
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.20 -
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.20 -
BitDefender 7.2 2010.04.20 -
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
Comodo 4652 2010.04.20 -
DrWeb 5.0.2.03300 2010.04.20 -
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7436 2010.04.20 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.20 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.20 -
Ikarus T3.1.1.80.0 2010.04.20 -
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.20 -
McAfee 5.400.0.1158 2010.04.20 -
McAfee-GW-Edition 6.8.5 2010.04.20 -
Microsoft 1.5703 2010.04.20 -
NOD32 5044 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
Panda 10.0.2.7 2010.04.19 -
PCTools 7.0.3.5 2010.04.20 -
Prevx 3.0 2010.04.20 -
Rising 22.44.01.03 2010.04.20 -
Sophos 4.52.0 2010.04.20 -
Sunbelt 6199 2010.04.20 -
Symantec 20091.2.0.41 2010.04.20 -
TheHacker 6.5.2.0.265 2010.04.19 -
TrendMicro 9.120.0.1004 2010.04.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.20 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.19 -
Additional information
File size: 16384 bytes
MD5...: 8e1b7b72517a867522cf1ada8275394f
SHA1..: 803f51c3c1ce2a6515b96543f1e4adba8a163ea1
SHA256: ac6c8c1dcab1f386300e51dc92027ad5b1a14076947ec8258e6e8ab13abdc5bd
ssdeep: 192:EKiWk7ZYrlBk7ZYrlYQKk7ZYrlaNznUjsV:EKXktElBktElY5ktElizH
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
trid..: Generic OLE2 / Multistream Compound File (100.0%)
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

**ken545** · 2010-04-20, 19:12

There fine, not a problem.

How are things running now ?

Thread: Need help: recently infected with malware, can't even doubleclick programs to start!

Thread Tools

Display

Posting Permissions