Solved

Worm

Posted on 2004-10-09
4
1,565 Views
Last Modified: 2007-12-19
I am running Windows XP and have put all the latest service packs on, at least I think I have. But every time get online, a worm is creating a folder in the following path called temp.
C:\documents and settings\Myusername\Local Settings\
I keep deleting the folder, but as soon as I get online, the folder is recreated and several files are placed in it:
ranreco.exe
dummy.htm
perflib perfdata 548.dat
(folder) THI14C4.tmp
No matter how many times I have my anti software take it off it comes back. Is there a patch for this or something I can do?
Thanks,
John O'Neil
0
Comment
Question by:jmoneilthe2
4 Comments
 
LVL 33

Expert Comment

by:hongjun
ID: 12266034
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 500 total points
ID: 12266125
Hi jmoneilthe2,

Donot remove the folders , just empty them

Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Since they are used to store for temp files , the files will keep accumulating in those folders..
Temp folder is created by XP and NOT by worm

You need to scan your system for virus/worms using these

a)Anti-virus in your machine with latest virus definitions
b) Stinger : http://vil.nai.com/vil/stinger/
c) Online virus scanner : http://housecall.trendmicro.com/ 

If none of them show any sign of worm both running them in Normal mode and Safe mode, you donot have to worry .

SR..
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12266171
Getting rid of the problem...

1)  Run a full Stinger scan in Safe Mode - http://vil.nai.com/vil/stinger/
2)  Install and run LavaSoft AdAware - http://www.lavasoftusa.com/support/download/
3)  Download and run HijackThis (HJT) http://www.snapfiles.com/get/hijackthis.html
4)  Post the log at http://www.hijackthis.de/index.php?langselect=english
5)  Run MSBA - http://www.microsoft.com/technet/security/tools/mbsahome.mspx & take appropriate patching action

Stopping it happen again...

1)  Ensure WindowsUpdate is set to update your system
2)  Download a pop-up blocker - eg toolbar.google.com
3)  Install Lavasoft AdAware and run regular scans, or just leave it and have it handy for when problems start recurring.
4)  Keep your AV software up to date - daily updates recommended
5)  Enable Internet Connection Firewall, or use ZoneAlarm if you don't use XP
6)  Stay vigilant.  Don't bother opening non-work related email attachments, or install an on-access virus scanner so that it doesn't matter if you do.
7)  Look at a host IPS - eg www.prevx.com to cover your machine between when a virus hits the wild and when a patch is finally released that fixes it.  Average time is roughly 6 days.

0
 

Expert Comment

by:futurelogix
ID: 12272096
first have av which is updated !!!
and  best thing is to have pest patrol software from www.pestpatrol.com(best anti spyware in net)but it costs ..u may try evaluation version which detects but not fixes it!!!!It has many options in it ,they even scan ur system for spywares!!!! and other ad, malwares.


0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ways to verify USB ports are blocked on 30,000 PCs/laptops 12 138
Compromised PC? 17 219
Rate limit for DNS queries 7 75
7 camera surveillance system hacked 6 52
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question