Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

Help me get rid of this virus!

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Help me get rid of this virus!

Old 02-26-06, 11:36 PM
  #1  
DVD Talk Hall of Fame
Thread Starter
 
Join Date: Jul 1999
Location: Texas
Posts: 7,758
Likes: 0
Received 0 Likes on 0 Posts
Help me get rid of this virus!

I think it's trojan, actually. Seems simlar to Sober but not the same, the Sober tools won't remove it.

It generates files called winxxx.tmp.exe where XXX is a random series of numbers and letters.

Also get random EXEs that try to run and give a NTVDM CPU error (16 bit MS-DOS Subsystem)

It also generates other EXEs with random strings.

Ideas?
Old 02-26-06, 11:57 PM
  #2  
DVD Talk Legend
 
Join Date: Apr 2002
Posts: 20,765
Likes: 0
Received 13 Likes on 6 Posts
if this is on a secondary-type computer, get the latest anti-virus definitions, then unplug it from the net, reboot into safe mode, do a full virus scan.

but if you can't do that, try going to the registry - around HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce and delete any suspicion key values then move up from the runonce to run section and repeat. then install a good software firewall like zonealarm or outpost. block the bad connections, then try going on housecall for the online virus scan.

all this is to identify the name of the virus so you can figure out the proper steps to remove it.
Old 02-27-06, 12:20 AM
  #3  
DVD Talk Hall of Fame
Thread Starter
 
Join Date: Jul 1999
Location: Texas
Posts: 7,758
Likes: 0
Received 0 Likes on 0 Posts
Already tried a virus scan. (Norton AntiVirus Corporate 8 and TrendMicro 3) No joy.

Just put on ZA.

Will look at the registry.
Old 02-27-06, 12:24 AM
  #4  
DVD Talk Hall of Fame
Thread Starter
 
Join Date: Jul 1999
Location: Texas
Posts: 7,758
Likes: 0
Received 0 Likes on 0 Posts
Nothing out of place in the Registry....

Will try Housecall.

Those tmp.exe files have been trying to access the net. Random IPs, like Microsoft Update, Feed Burner, etc, all with DNS at the end. (ie 123.456.78.90:DNS)

Last edited by shaun3000; 03-06-06 at 12:33 AM.
Old 03-06-06, 12:33 AM
  #5  
DVD Talk Hall of Fame
Thread Starter
 
Join Date: Jul 1999
Location: Texas
Posts: 7,758
Likes: 0
Received 0 Likes on 0 Posts
I'm going to bump this up.

Still no luck getting rid of the damn thing. Does anyone know of any way to figure out what is calling a certain program? I still have the winXXX.tmp.exe programs running but I can't figure out what's creating them. They just seem to appear out of nowhere.
Old 03-06-06, 10:11 AM
  #6  
DVD Talk Legend
 
Join Date: Jan 2000
Posts: 16,171
Likes: 0
Received 1 Like on 1 Post
Have you tried a spyware removal tool?

Sometimes AV software (especially Norton 8) will not go after spyware. The Trend Product should, but you would be better off if you could run something like Webroot's Spysweeper on the machine.

If you want free, try the Micro$oft Defender product

http://www.microsoft.com/athome/secu...e/default.mspx

There are a dozen things you can "try" - but these require some knowledge to use (or at least an ability to google.com search the correct names and understand what you find)

This tool is a much better way to see what is starting up on your system automatically

http://www.sysinternals.com/Utilities/Autoruns.html


You can use Process Explorer to attempt to find it manually

http://www.sysinternals.com/Utilitie...sExplorer.html

TCPView is helpful to see what is using the internet connection

http://www.sysinternals.com/Utilities/TcpView.html

Once you know what program + file are causing the problem (hint: google.com search)

Then you might be able to use this to delete them

http://www.softpedia.com/get/Securit...-Killbox.shtml
Old 03-06-06, 12:58 PM
  #7  
DVD Talk Hall of Fame
Thread Starter
 
Join Date: Jul 1999
Location: Texas
Posts: 7,758
Likes: 0
Received 0 Likes on 0 Posts
Thanks for that. I'd tried googling but got no helpful results. The Autoruns looks promising. I'd actually used TCP View, before, but couldn't remember the name! haha

I've got Microsoft's Antispyware on and need to upgrade. I think I'll also try AdAware or similar, as well.

Thanks for the reply.
Old 03-06-06, 03:12 PM
  #8  
DVD Talk Legend
 
Join Date: Jan 2000
Posts: 16,171
Likes: 0
Received 1 Like on 1 Post
When I said google the results, I meant to use the utilities I listed to view items you have running in memory, google any item that you don't know what it does. This way you can determine if it is a normal windows items or application item or a possible virus/spyware. Usually if google comes up with no hits on a topic, then you don't need it running on your machine.

I was not implying a general 'google it'. I was trying to be specific that you should google items that these tools reveal about things on your machine.
Old 03-06-06, 04:07 PM
  #9  
DVD Talk Hall of Fame
Thread Starter
 
Join Date: Jul 1999
Location: Texas
Posts: 7,758
Likes: 0
Received 0 Likes on 0 Posts
Yes, got it. But thanks for clarifying.

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information -

Copyright 2021 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.