Persistent problem continued.... :(

[Vince]

Hello to the moderators of this area

I was recently under the guidance of Juliet, and was advised to post in here linking back to the other thread...
http://forums.spybot.info/showthread...tant-problem-(

Im sure you will see in there what problems I have been having, but the basics of it are:

Im a regular gamer and administrator. I recently noticed regular packets being dropped and suspected something was wrong.

I was infected with a Trojan.... the day I found it was the day my paypal was robbed.

I scan in safe mode and I use Spybot and Malwarebytes.
Spybot found a load of tracking cookies, but nothing other than that. I scanned after with Malwarebytes and found the Trojan.

Since then the lag in game has stayed and I have noticed a large amount of temp files always being created and not being able to delete some of them.

About 10 days of not being able to shift the lag I reported a problem on these forums. Juliet identified evilhook on my PC, but this was a tool that was temporarily was used in the administration of the call of duty servers that I administer. (it has an inbuilt cheat detector). But it never worked with my pc after I installed w7. I tried over 6 months ago, but it never visibly did anything.
Malware or not, evilhook was removed by Juliet and... yes... the lag in game has gone

My concern now is the amount of temp files that are created when getting to the desktop... and a frustration with my IE11 tabs... I cannot drag a tab to a new window anymore :(

Anyway.. have a read and let me know what you think.

All the best

Vince

[Zenobia]

I cannot drag a tab to a new window anymore :(

What happens if you press Ctrl + N?If you have a tab open,that should open a new window with the contents in the tab in the new window,from the looks of things when I tried it in IE.

Your temp files should be located at C:\Windows\Temp and C:\Users\(your user name)\AppData\Local\Temp.If you go to those locations,do any of the large amounts of temp files indicate to you where they might be coming from in their names?

[Vince]

Hello Zenobia

I tried the Ctrl + n, and yes, it opens a new window with the same URL.

I looked in the locations you said. I was able to locate about 150 files. I have attached some screen shots of those two folders.

wTemp.jpg lTemp.jpg lTemp1.jpg

I have no idea what the MEI folders are about or the {2C1334AC-28AF-4CBA-867C-F4B2741A9BD4} to be honest there are a few files there I have no idea about :(

[Zenobia]

Hi.

The _MEI files may be from Google drive:
https://productforums.google.com/for...ve/pjPc-4hYrtA

I have the temp folders with the numbers in curly brackets,too.I'm not sure what they are either,but they should be okay.They might possibly be related to something with windows update,though that isn't for certain.

I searched a couple more of the files I saw in your C:\Users\(user name)\AppData\Local\Temp folder.
This should be what the fla.*tmp files are:
https://forums.adobe.com/thread/190160?tstart=0

This should explain the cvrafe.tmp.cvr file:
http://www.file-extensions.org/cvr-file-extension

This may explain the .od file extension in your temp folder:
http://answers.microsoft.com/en-us/o...6-13901cf103a1

FXSAPIDebugLogFile.txt should have something to do with fax or a printer(I have that one,too,appears to be legit.)

What I haven't been able to find anything about what might create them are these sets of files in your temp folder:
The browserview*****.tmp files,~DF*************.TMP files and the INS_**********.TMP files.That doesn't mean they're necessarily from something bad,though.

What you could try for some of the unidentified ones is to delete the contents of your C:\Users\(user name)\AppData\Local\Temp folder.If the files are in use,then you should get a message that the file couldn't be deleted because it's Open in some program,etc,and that might help identify what is generating them,since if large amounts of temp files are being generated quickly it's likely they will be in use.
If you'd like to try that,go to C:\Users\(user name)\AppData\Local\Temp,click Edit,then Select All,then rightclick and select delete.Make a note of which files/folders will not delete,and which location or program Windows says it is open in,then press Skip.For groups of similar files that will not delete,there's no need to note where it is Open for each one,for example,if the INS_*<randomnumber>*.TMP files are in use,note where they are in use at,then you can zone out a bit,then pay attention when it gets to the ~DF*************.TMP files,and note where it says they are in use.Hope that makes sense,it's difficult to explain.

For you not being able to drag a tab to a new window,I think that might possibly be related to Permissions,but I haven't completely found that yet,so I'll look further for that later on.

[Vince]

Thanks for the directions

I deleted all in the tempfolder, and identified programs as you said.

I stoped the application from running and then removed the files.

Im now left with

lTemp2.jpg

Ill try in safe mode and see what remains and post back

[Vince]

I got so safe mode and these were the files there
lTemp3.png

I deleted all of them but was left with
FXSAPIDebugLogFile.txt (in use by another program)

on reboot back to normal mode these were back
lTemp4.jpg

Guess I must be over paranoid?

[Vince]

I think I may have found the problem...

You may have noticed the xampp running... I have a webserver and mail server running on this machine... im in the process of setting up a new business and wanted to get some experience with servers.

I think my server has been hijacked?.... a relay? idk

relay.jpg

[Zenobia]

Guess I must be over paranoid?

Nope,if I were to have a large amount of temp files in use,and also being generated quickly,I would want to investigate where they were coming from and where they were in use.If they start being generated again in large numbers,please mention them here,and if you aren't sure about the program that is generating them,you can mention that too,if you wish,and I'll try my best to look for whatever I can.

Please bear with me as I'm not familiar with Mercury/32,it will take me a bit to learn,and frankly,I may not exactly know what the heck I'm talking about as of yet,but I am getting the general gist I think.
I see from your screenshot that you have quite a few 'processing failed deliveries and generating notifiication' jobs all roughly around the same time.Is there any further info there if you expand the screen,or is there a logfile available for that anywhere?
Since you mentioned Relay,is the problem that Mercury/32 seems to be acting as an Open relay?
I see the wiki page mentions Relaying Controls:
http://en.wikipedia.org/wiki/Mercury...ystem#Features
Do you have those set?

[Vince]

Thanks again for being supportive, I am feeling very stupid at the moment... 1, for somehow getting infected with a Trojan and 2, for yes, having my email server set up as a relay :(

I have changed the settings in Mercury and it is no longer acting as a relay...... there were over 280,000 queued emails and the end to end window (top left) was non stop just like the core processes (bottom right)

I had to delete the queued items, all im getting now are the attempts from the outside asking me to pass mail on. (rejected).
merc.jpg

I had not mentioned it, certain websites have not let me in until I prove im not a bot (capatcha etc).
im guessing my IP has now been blacklisted somewhere as a spammer? Mail is not being delivered by my server now... Ill restart again and see a what comes up.

Thanks again

Vince

[Zenobia]

You're welcome.No need to feel stupid,many people get infected(including myself in the past),and it takes a bit to learn how to run anything,including an email server.

This is the forum for Mercury Mail Transport System:
http://community.pmail.com/forums/de...aspx?GroupID=7
The Mercury Community Support looks to be pretty helpful.

About not being able to drag tabs to a new window.Are you still able to drag tabs back and forth across internet explorer?