Kunio7
asked on
0240.exe - unknown prog accessing the net
Recently, I noticed an an prog access the internet called 0240.exe
My firewall picked it up and I denied it permission everytime to acess the internet. I've updated Spybot and Adaware, but they dont detect anything with 0240.exe
Anybody have any idea what 0240.exe is?
My firewall picked it up and I denied it permission everytime to acess the internet. I've updated Spybot and Adaware, but they dont detect anything with 0240.exe
Anybody have any idea what 0240.exe is?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>> Anybody have any idea what 0240.exe is?
Its surealy a faked process...... so no need to keep it on ur system :)
Also dont forget to run ur Adaware, Spybot, and AV scan in safemode to make sure they dont pick anything !!
and run Disk Cleanup to delete all the temp files from ur hard drive also :)
Its surealy a faked process...... so no need to keep it on ur system :)
Also dont forget to run ur Adaware, Spybot, and AV scan in safemode to make sure they dont pick anything !!
and run Disk Cleanup to delete all the temp files from ur hard drive also :)
To begin with where on your hard drive is it.
Your firewall should be able to tell you where it is please tell me what it says.
Which firewall do you have
Your firewall should be able to tell you where it is please tell me what it says.
Which firewall do you have
It's a valid application, RECALC Computersystem PCA 5.5.
try Alt + C to see if anything happens.
For details see the link.
http://www.recalc.nl/pcablok.html
Anyway as most experts recommends, if not in use, just remove it.
try Alt + C to see if anything happens.
For details see the link.
http://www.recalc.nl/pcablok.html
Anyway as most experts recommends, if not in use, just remove it.
ASKER
Well, I figured out what 0240.exe is-
http://securityresponse.symantec.com/avcenter/venc/data/adware.margoc.html
Removal is gonna take a while, but at least I got an idea where to start.
Thx for the feedback guys, I'll post the results soon
http://securityresponse.symantec.com/avcenter/venc/data/adware.margoc.html
Removal is gonna take a while, but at least I got an idea where to start.
Thx for the feedback guys, I'll post the results soon
hmmmmm means u have those other files also from this adware ?? :)
weird.... :-/
weird.... :-/
ASKER
I did run norton and it did remove the virus.
However, the virus showed up again!
The site shows the registry entires for this virus. I dont think it removed it the entries so I'll have to remove the entries and rerun norton again...
Btw- I use zonealarm but doesnt say much about the prog.
However, the virus showed up again!
The site shows the registry entires for this virus. I dont think it removed it the entries so I'll have to remove the entries and rerun norton again...
Btw- I use zonealarm but doesnt say much about the prog.
have you tried to disable system restore if you have xp ?
navigate in all these locations and remove if you see the presence of that virus
http://windowsxp.mvps.org/Startup.htm
Remove temporary internet files, folders and cookies
Also remove windows Temp files going to
1) Start --> run --> typein: %systemroot%/temp
2) Start --> run --> typein: %temp%
navigate in all these locations and remove if you see the presence of that virus
http://windowsxp.mvps.org/Startup.htm
Remove temporary internet files, folders and cookies
Also remove windows Temp files going to
1) Start --> run --> typein: %systemroot%/temp
2) Start --> run --> typein: %temp%
>> so I'll have to remove the entries and rerun norton again...
this time plzz run it and delete the keys and files in Safemode :)
this time plzz run it and delete the keys and files in Safemode :)
ASKER
Ok! I finally cleaned it out! Using the Norton link
( http://securityresponse.symantec.com/avcenter/venc/data/adware.margoc.html ) I found, it showed me how to remove it correctly.
However, Norton neglects to tell you how to remove the third file that is randomly generated. To get rid of it, look at the registry entry. The entry shows what file XP is running at startup. Take note of the file name in the entry and look for it in C:\windows\system32 (it maybe just C:\windows in some cases). Erase it and everything should be clean (after following the instructions in the link).
Argh, I have no idea how to do this point system. A couple of you guys did point me in the right direction. But in the end, I did provided the solution by providing the Norton link, showing the "accepted answer" from that link.
Um..what should I do? I'll probably split the points to the people who pointed me in the right direction, but what about the "Accepted answer"? Is it possible to make this message the accepted answer?
( http://securityresponse.symantec.com/avcenter/venc/data/adware.margoc.html ) I found, it showed me how to remove it correctly.
However, Norton neglects to tell you how to remove the third file that is randomly generated. To get rid of it, look at the registry entry. The entry shows what file XP is running at startup. Take note of the file name in the entry and look for it in C:\windows\system32 (it maybe just C:\windows in some cases). Erase it and everything should be clean (after following the instructions in the link).
Argh, I have no idea how to do this point system. A couple of you guys did point me in the right direction. But in the end, I did provided the solution by providing the Norton link, showing the "accepted answer" from that link.
Um..what should I do? I'll probably split the points to the people who pointed me in the right direction, but what about the "Accepted answer"? Is it possible to make this message the accepted answer?
You had support that you ended up using to fix this (norton website, location from firewall) from more than one person, split points.
It doesnot look like a genuine process atall.
Just check to see if it is running in the task manager.
Download this http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
and see if it would report anything about that file.
If there is no information , I would suggest you remove it.
if you cannot remove that file in normal mode, log into safe mode and delete it.
Also make sure to scan for virus and spywares in the system
SR..
SR..