?
Solved

Worm

Posted on 2004-10-09
4
Medium Priority
?
1,591 Views
Last Modified: 2007-12-19
I am running Windows XP and have put all the latest service packs on, at least I think I have. But every time get online, a worm is creating a folder in the following path called temp.
C:\documents and settings\Myusername\Local Settings\
I keep deleting the folder, but as soon as I get online, the folder is recreated and several files are placed in it:
ranreco.exe
dummy.htm
perflib perfdata 548.dat
(folder) THI14C4.tmp
No matter how many times I have my anti software take it off it comes back. Is there a patch for this or something I can do?
Thanks,
John O'Neil
0
Comment
Question by:jmoneilthe2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 33

Expert Comment

by:hongjun
ID: 12266034
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 2000 total points
ID: 12266125
Hi jmoneilthe2,

Donot remove the folders , just empty them

Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Since they are used to store for temp files , the files will keep accumulating in those folders..
Temp folder is created by XP and NOT by worm

You need to scan your system for virus/worms using these

a)Anti-virus in your machine with latest virus definitions
b) Stinger : http://vil.nai.com/vil/stinger/
c) Online virus scanner : http://housecall.trendmicro.com/ 

If none of them show any sign of worm both running them in Normal mode and Safe mode, you donot have to worry .

SR..
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12266171
Getting rid of the problem...

1)  Run a full Stinger scan in Safe Mode - http://vil.nai.com/vil/stinger/
2)  Install and run LavaSoft AdAware - http://www.lavasoftusa.com/support/download/
3)  Download and run HijackThis (HJT) http://www.snapfiles.com/get/hijackthis.html
4)  Post the log at http://www.hijackthis.de/index.php?langselect=english
5)  Run MSBA - http://www.microsoft.com/technet/security/tools/mbsahome.mspx & take appropriate patching action

Stopping it happen again...

1)  Ensure WindowsUpdate is set to update your system
2)  Download a pop-up blocker - eg toolbar.google.com
3)  Install Lavasoft AdAware and run regular scans, or just leave it and have it handy for when problems start recurring.
4)  Keep your AV software up to date - daily updates recommended
5)  Enable Internet Connection Firewall, or use ZoneAlarm if you don't use XP
6)  Stay vigilant.  Don't bother opening non-work related email attachments, or install an on-access virus scanner so that it doesn't matter if you do.
7)  Look at a host IPS - eg www.prevx.com to cover your machine between when a virus hits the wild and when a patch is finally released that fixes it.  Average time is roughly 6 days.

0
 

Expert Comment

by:futurelogix
ID: 12272096
first have av which is updated !!!
and  best thing is to have pest patrol software from www.pestpatrol.com(best anti spyware in net)but it costs ..u may try evaluation version which detects but not fixes it!!!!It has many options in it ,they even scan ur system for spywares!!!! and other ad, malwares.


0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question