Solved

Worm

Posted on 2004-10-09
4
1,559 Views
Last Modified: 2007-12-19
I am running Windows XP and have put all the latest service packs on, at least I think I have. But every time get online, a worm is creating a folder in the following path called temp.
C:\documents and settings\Myusername\Local Settings\
I keep deleting the folder, but as soon as I get online, the folder is recreated and several files are placed in it:
ranreco.exe
dummy.htm
perflib perfdata 548.dat
(folder) THI14C4.tmp
No matter how many times I have my anti software take it off it comes back. Is there a patch for this or something I can do?
Thanks,
John O'Neil
0
Comment
Question by:jmoneilthe2
4 Comments
 
LVL 33

Expert Comment

by:hongjun
ID: 12266034
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 500 total points
ID: 12266125
Hi jmoneilthe2,

Donot remove the folders , just empty them

Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Since they are used to store for temp files , the files will keep accumulating in those folders..
Temp folder is created by XP and NOT by worm

You need to scan your system for virus/worms using these

a)Anti-virus in your machine with latest virus definitions
b) Stinger : http://vil.nai.com/vil/stinger/
c) Online virus scanner : http://housecall.trendmicro.com/ 

If none of them show any sign of worm both running them in Normal mode and Safe mode, you donot have to worry .

SR..
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12266171
Getting rid of the problem...

1)  Run a full Stinger scan in Safe Mode - http://vil.nai.com/vil/stinger/
2)  Install and run LavaSoft AdAware - http://www.lavasoftusa.com/support/download/
3)  Download and run HijackThis (HJT) http://www.snapfiles.com/get/hijackthis.html
4)  Post the log at http://www.hijackthis.de/index.php?langselect=english
5)  Run MSBA - http://www.microsoft.com/technet/security/tools/mbsahome.mspx & take appropriate patching action

Stopping it happen again...

1)  Ensure WindowsUpdate is set to update your system
2)  Download a pop-up blocker - eg toolbar.google.com
3)  Install Lavasoft AdAware and run regular scans, or just leave it and have it handy for when problems start recurring.
4)  Keep your AV software up to date - daily updates recommended
5)  Enable Internet Connection Firewall, or use ZoneAlarm if you don't use XP
6)  Stay vigilant.  Don't bother opening non-work related email attachments, or install an on-access virus scanner so that it doesn't matter if you do.
7)  Look at a host IPS - eg www.prevx.com to cover your machine between when a virus hits the wild and when a patch is finally released that fixes it.  Average time is roughly 6 days.

0
 

Expert Comment

by:futurelogix
ID: 12272096
first have av which is updated !!!
and  best thing is to have pest patrol software from www.pestpatrol.com(best anti spyware in net)but it costs ..u may try evaluation version which detects but not fixes it!!!!It has many options in it ,they even scan ur system for spywares!!!! and other ad, malwares.


0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now