0240.exe - unknown prog accessing the net

Hi Kunio7,

It doesnot look like a genuine process atall.
Just check to see if it is running in the task manager.
Download this http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
and see if it would report anything about that file.

If there is no information , I would suggest you remove it.
if you cannot remove that file in normal mode, log into safe mode and delete it.

Also make sure to scan for virus and spywares in the system

SR..

SR..

>> Anybody have any idea what 0240.exe is?

Its surealy a faked process...... so no need to keep it on ur system :)
Also dont forget to run ur Adaware, Spybot, and AV scan in safemode to make sure they dont pick anything !!
and run Disk Cleanup to delete all the temp files from ur hard drive also :)

To begin with where on your hard drive is it.
Your firewall should be able to tell you where it is please tell me what it says.

Which firewall do you have

It's a valid application, RECALC Computersystem PCA 5.5.
try Alt + C to see if anything happens.
For details see the link.
http://www.recalc.nl/pcablok.html

Anyway as most experts recommends, if not in use, just remove it.

Well, I figured out what 0240.exe is-

http://securityresponse.symantec.com/avcenter/venc/data/adware.margoc.html


Removal is gonna take a while, but at least I got an idea where to start.

Thx for the feedback guys, I'll post the results soon

hmmmmm means u have those other files also from this adware ?? :)
weird.... :-/

I did run norton and it did remove the virus.

However, the virus showed up again!

The site shows the registry entires for this virus. I dont think it removed it the entries so I'll have to remove the entries and rerun norton again...

Btw- I use zonealarm but doesnt say much about the prog.

have you tried to disable system restore if you have xp ?

navigate in all these locations and remove if you see the presence of that virus

http://windowsxp.mvps.org/Startup.htm

Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

>> so I'll have to remove the entries and rerun norton again...

this time plzz run it and delete the keys and files in Safemode :)

Ok! I finally cleaned it out! Using the Norton link
( http://securityresponse.symantec.com/avcenter/venc/data/adware.margoc.html ) I found, it showed me how to remove it correctly.

However, Norton neglects to tell you how to remove the third file that is randomly generated. To get rid of it, look at the registry entry. The entry shows what file XP is running at startup. Take note of the file name in the entry and look for it in C:\windows\system32 (it maybe just C:\windows in some cases). Erase it and everything should be clean (after following the instructions in the link).


Argh, I have no idea how to do this point system. A couple of you guys did point me in the right direction. But in the end, I did provided the solution by providing the Norton link, showing the "accepted answer" from that link.

Um..what should I do? I'll probably split the points to the people who pointed me in the right direction, but what about the "Accepted answer"? Is it possible to make this message the accepted answer?

You had support that you ended up using to fix this (norton website, location from firewall) from more than one person, split points.