Need help: recently infected with malware, can't even doubleclick programs to start!
- Thread starter indypooh
- Start date
Ken:
In the
C:\Documents and Settings\User\Local Settings\Temp
folder, I found the following .tmp files:
~DF7B09.tmp
~DF19F1.tmp
~DFD66D.tmp
28D.tmp
Would any of those be the one(s) I should delete? I am unfortunately unable to find the the 3A.tmp file anywhere. :sad:
Thanks again.
In the
C:\Documents and Settings\User\Local Settings\Temp
folder, I found the following .tmp files:
~DF7B09.tmp
~DF19F1.tmp
~DFD66D.tmp
28D.tmp
Would any of those be the one(s) I should delete? I am unfortunately unable to find the the 3A.tmp file anywhere. :sad:
Thanks again.
ken545
Emeritus-Security Expert
Run this cleaner and see if there gone
Please download ATF Cleaner by Atribune to your desktop.
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Thank You Atribune
Please download ATF Cleaner by Atribune to your desktop.
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Thank You Atribune
After running that program,
~DF7B09.tmp
~DF19F1.tmp
~DFD66D.tmp
remain in the C:\Documents and Settings\User\Local Settings\temp folder. :sad:
In case it helps, all 3 files are 16k in size, and were created today at 4/19/2010 about 2 hours ago (1:19p eastern).
Thanks again.
~DF7B09.tmp
~DF19F1.tmp
~DFD66D.tmp
remain in the C:\Documents and Settings\User\Local Settings\temp folder. :sad:
In case it helps, all 3 files are 16k in size, and were created today at 4/19/2010 about 2 hours ago (1:19p eastern).
Thanks again.
ken545
Emeritus-Security Expert
I don't think those files are anything to worry about, I was looking through a few older posts in other forums and they where not removed by the helpers.
You can browse to that folder and upload one or all to be checked, post back with the results
Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see.
C:\Documents and Settings\User\Local Settings\temp <--Upload the ones in this folder
If the site is busy you can try this one
http://virusscan.jotti.org/en
You can browse to that folder and upload one or all to be checked, post back with the results
Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see.
C:\Documents and Settings\User\Local Settings\temp <--Upload the ones in this folder
If the site is busy you can try this one
http://virusscan.jotti.org/en
2 of the files returned with the message "0 bytes size received"
One file returned this:
File _DFD66D.tmp received on 2010.04.20 14:36:41 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
a-squared 4.5.0.50 2010.04.20 -
AhnLab-V3 5.0.0.2 2010.04.20 -
AntiVir 7.10.6.143 2010.04.20 -
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.20 -
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.20 -
BitDefender 7.2 2010.04.20 -
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
Comodo 4652 2010.04.20 -
DrWeb 5.0.2.03300 2010.04.20 -
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7436 2010.04.20 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.20 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.20 -
Ikarus T3.1.1.80.0 2010.04.20 -
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.20 -
McAfee 5.400.0.1158 2010.04.20 -
McAfee-GW-Edition 6.8.5 2010.04.20 -
Microsoft 1.5703 2010.04.20 -
NOD32 5044 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
Panda 10.0.2.7 2010.04.19 -
PCTools 7.0.3.5 2010.04.20 -
Prevx 3.0 2010.04.20 -
Rising 22.44.01.03 2010.04.20 -
Sophos 4.52.0 2010.04.20 -
Sunbelt 6199 2010.04.20 -
Symantec 20091.2.0.41 2010.04.20 -
TheHacker 6.5.2.0.265 2010.04.19 -
TrendMicro 9.120.0.1004 2010.04.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.20 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.19 -
Additional information
File size: 16384 bytes
MD5...: 8e1b7b72517a867522cf1ada8275394f
SHA1..: 803f51c3c1ce2a6515b96543f1e4adba8a163ea1
SHA256: ac6c8c1dcab1f386300e51dc92027ad5b1a14076947ec8258e6e8ab13abdc5bd
ssdeep: 192:EKiWk7ZYrlBk7ZYrlYQKk7ZYrlaNznUjsV:EKXktElBktElY5ktElizH
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
trid..: Generic OLE2 / Multistream Compound File (100.0%)
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
One file returned this:
File _DFD66D.tmp received on 2010.04.20 14:36:41 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
a-squared 4.5.0.50 2010.04.20 -
AhnLab-V3 5.0.0.2 2010.04.20 -
AntiVir 7.10.6.143 2010.04.20 -
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.20 -
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.20 -
BitDefender 7.2 2010.04.20 -
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
Comodo 4652 2010.04.20 -
DrWeb 5.0.2.03300 2010.04.20 -
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7436 2010.04.20 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.20 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.20 -
Ikarus T3.1.1.80.0 2010.04.20 -
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.20 -
McAfee 5.400.0.1158 2010.04.20 -
McAfee-GW-Edition 6.8.5 2010.04.20 -
Microsoft 1.5703 2010.04.20 -
NOD32 5044 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
Panda 10.0.2.7 2010.04.19 -
PCTools 7.0.3.5 2010.04.20 -
Prevx 3.0 2010.04.20 -
Rising 22.44.01.03 2010.04.20 -
Sophos 4.52.0 2010.04.20 -
Sunbelt 6199 2010.04.20 -
Symantec 20091.2.0.41 2010.04.20 -
TheHacker 6.5.2.0.265 2010.04.19 -
TrendMicro 9.120.0.1004 2010.04.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.20 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.19 -
Additional information
File size: 16384 bytes
MD5...: 8e1b7b72517a867522cf1ada8275394f
SHA1..: 803f51c3c1ce2a6515b96543f1e4adba8a163ea1
SHA256: ac6c8c1dcab1f386300e51dc92027ad5b1a14076947ec8258e6e8ab13abdc5bd
ssdeep: 192:EKiWk7ZYrlBk7ZYrlYQKk7ZYrlaNznUjsV:EKXktElBktElY5ktElizH
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
trid..: Generic OLE2 / Multistream Compound File (100.0%)
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
ken545
Emeritus-Security Expert
Great :bigthumb:
ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.
Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.
Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system
Now to remove most of the tools that we have used in fixing your machine:
Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
Safe Surfn
Ken
ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.
Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.
Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system
- Click START then RUN
- Now type Combofix /uninstall in the runbox and click OK.
Now to remove most of the tools that we have used in fixing your machine:
- Make sure you have an Internet Connection.
- Download OTC to your desktop and run it
- A list of tool components used in the cleanup of malware will be downloaded.
- If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
- Click Yes to begin the cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.- Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
- WhattheTech
- Grinler BleepingComputer
- GeeksTo Go
- Dslreports
Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
- Spybot Search and Destroy 1.6
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
- Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
- Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
- IE-Spyad
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
- Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
Safe Surfn
Ken