Solved

Worm

Posted on 2004-10-09
4
1,581 Views
Last Modified: 2007-12-19
I am running Windows XP and have put all the latest service packs on, at least I think I have. But every time get online, a worm is creating a folder in the following path called temp.
C:\documents and settings\Myusername\Local Settings\
I keep deleting the folder, but as soon as I get online, the folder is recreated and several files are placed in it:
ranreco.exe
dummy.htm
perflib perfdata 548.dat
(folder) THI14C4.tmp
No matter how many times I have my anti software take it off it comes back. Is there a patch for this or something I can do?
Thanks,
John O'Neil
0
Comment
Question by:jmoneilthe2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 33

Expert Comment

by:hongjun
ID: 12266034
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 500 total points
ID: 12266125
Hi jmoneilthe2,

Donot remove the folders , just empty them

Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Since they are used to store for temp files , the files will keep accumulating in those folders..
Temp folder is created by XP and NOT by worm

You need to scan your system for virus/worms using these

a)Anti-virus in your machine with latest virus definitions
b) Stinger : http://vil.nai.com/vil/stinger/
c) Online virus scanner : http://housecall.trendmicro.com/ 

If none of them show any sign of worm both running them in Normal mode and Safe mode, you donot have to worry .

SR..
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12266171
Getting rid of the problem...

1)  Run a full Stinger scan in Safe Mode - http://vil.nai.com/vil/stinger/
2)  Install and run LavaSoft AdAware - http://www.lavasoftusa.com/support/download/
3)  Download and run HijackThis (HJT) http://www.snapfiles.com/get/hijackthis.html
4)  Post the log at http://www.hijackthis.de/index.php?langselect=english
5)  Run MSBA - http://www.microsoft.com/technet/security/tools/mbsahome.mspx & take appropriate patching action

Stopping it happen again...

1)  Ensure WindowsUpdate is set to update your system
2)  Download a pop-up blocker - eg toolbar.google.com
3)  Install Lavasoft AdAware and run regular scans, or just leave it and have it handy for when problems start recurring.
4)  Keep your AV software up to date - daily updates recommended
5)  Enable Internet Connection Firewall, or use ZoneAlarm if you don't use XP
6)  Stay vigilant.  Don't bother opening non-work related email attachments, or install an on-access virus scanner so that it doesn't matter if you do.
7)  Look at a host IPS - eg www.prevx.com to cover your machine between when a virus hits the wild and when a patch is finally released that fixes it.  Average time is roughly 6 days.

0
 

Expert Comment

by:futurelogix
ID: 12272096
first have av which is updated !!!
and  best thing is to have pest patrol software from www.pestpatrol.com(best anti spyware in net)but it costs ..u may try evaluation version which detects but not fixes it!!!!It has many options in it ,they even scan ur system for spywares!!!! and other ad, malwares.


0

Featured Post

To Patch or not to Patch? That is the question!

Don't get caught out like thousands of others around the world in the recent Ransomware Fiasco!
Discuss..
- Why it's not a good idea to wait before Patching
- Sensible approaches to Patching discussed
- Add your feedback, comments and suggestions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

736 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question