Solved

Worm

Posted on 2004-10-09
4
1,576 Views
Last Modified: 2007-12-19
I am running Windows XP and have put all the latest service packs on, at least I think I have. But every time get online, a worm is creating a folder in the following path called temp.
C:\documents and settings\Myusername\Local Settings\
I keep deleting the folder, but as soon as I get online, the folder is recreated and several files are placed in it:
ranreco.exe
dummy.htm
perflib perfdata 548.dat
(folder) THI14C4.tmp
No matter how many times I have my anti software take it off it comes back. Is there a patch for this or something I can do?
Thanks,
John O'Neil
0
Comment
Question by:jmoneilthe2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 33

Expert Comment

by:hongjun
ID: 12266034
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 500 total points
ID: 12266125
Hi jmoneilthe2,

Donot remove the folders , just empty them

Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Since they are used to store for temp files , the files will keep accumulating in those folders..
Temp folder is created by XP and NOT by worm

You need to scan your system for virus/worms using these

a)Anti-virus in your machine with latest virus definitions
b) Stinger : http://vil.nai.com/vil/stinger/
c) Online virus scanner : http://housecall.trendmicro.com/ 

If none of them show any sign of worm both running them in Normal mode and Safe mode, you donot have to worry .

SR..
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12266171
Getting rid of the problem...

1)  Run a full Stinger scan in Safe Mode - http://vil.nai.com/vil/stinger/
2)  Install and run LavaSoft AdAware - http://www.lavasoftusa.com/support/download/
3)  Download and run HijackThis (HJT) http://www.snapfiles.com/get/hijackthis.html
4)  Post the log at http://www.hijackthis.de/index.php?langselect=english
5)  Run MSBA - http://www.microsoft.com/technet/security/tools/mbsahome.mspx & take appropriate patching action

Stopping it happen again...

1)  Ensure WindowsUpdate is set to update your system
2)  Download a pop-up blocker - eg toolbar.google.com
3)  Install Lavasoft AdAware and run regular scans, or just leave it and have it handy for when problems start recurring.
4)  Keep your AV software up to date - daily updates recommended
5)  Enable Internet Connection Firewall, or use ZoneAlarm if you don't use XP
6)  Stay vigilant.  Don't bother opening non-work related email attachments, or install an on-access virus scanner so that it doesn't matter if you do.
7)  Look at a host IPS - eg www.prevx.com to cover your machine between when a virus hits the wild and when a patch is finally released that fixes it.  Average time is roughly 6 days.

0
 

Expert Comment

by:futurelogix
ID: 12272096
first have av which is updated !!!
and  best thing is to have pest patrol software from www.pestpatrol.com(best anti spyware in net)but it costs ..u may try evaluation version which detects but not fixes it!!!!It has many options in it ,they even scan ur system for spywares!!!! and other ad, malwares.


0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question