Solved

0240.exe - unknown prog accessing the net

Posted on 2004-10-24
246 Views
Last Modified: 2013-11-16
Recently, I noticed an an prog access the internet called 0240.exe

My firewall picked it up and I denied it permission everytime to acess the internet. I've updated Spybot and Adaware, but they dont detect anything with 0240.exe

Anybody have any idea what 0240.exe is?
0
Question by:Kunio7
    13 Comments
     
    LVL 65

    Assisted Solution

    by:SheharyaarSaahil
    Hello Kunio7 =)

    goto Start>Run>msconfig>Startup
    and untick all other application except av and firewall software
    restart in safemode, search for this file, and delete it if found
    reboot bacn in normal mode to chck for the problem now ??
    0
     
    LVL 49

    Expert Comment

    by:sunray_2003
    Hi Kunio7,

    It doesnot look like a genuine process atall.
    Just check to see if it is running in the task manager.
    Download this http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
    and see if it would report anything about that file.

    If there is no information , I would suggest you remove it.
    if you cannot remove that file in normal mode, log into safe mode and delete it.

    Also make sure to scan for virus and spywares in the system

    SR..

    SR..
    0
     
    LVL 49

    Accepted Solution

    by:
    a) Update your virus definitions in your Anti-virus and run it.

    b) Download Stinger from here : http://vil.nai.com/vil/stinger/  and run it.

    c) Use this Online virus scanner also : http://housecall.trendmicro.com/
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    >> Anybody have any idea what 0240.exe is?

    Its surealy a faked process...... so no need to keep it on ur system :)
    Also dont forget to run ur Adaware, Spybot, and AV scan in safemode to make sure they dont pick anything !!
    and run Disk Cleanup to delete all the temp files from ur hard drive also :)
    0
     
    LVL 2

    Expert Comment

    by:adam1213
    To begin with where on your hard drive is it.
    Your firewall should be able to tell you where it is please tell me what it says.

    Which firewall do you have
    0
     
    LVL 7

    Expert Comment

    by:shahrial
    It's a valid application, RECALC Computersystem PCA 5.5.
    try Alt + C to see if anything happens.
    For details see the link.
    http://www.recalc.nl/pcablok.html

    Anyway as most experts recommends, if not in use, just remove it.
    0
     

    Author Comment

    by:Kunio7
    Well, I figured out what 0240.exe is-

    http://securityresponse.symantec.com/avcenter/venc/data/adware.margoc.html


    Removal is gonna take a while, but at least I got an idea where to start.

    Thx for the feedback guys, I'll post the results soon

    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    hmmmmm means u have those other files also from this adware ?? :)
    weird.... :-/
    0
     

    Author Comment

    by:Kunio7
    I did run norton and it did remove the virus.

    However, the virus showed up again!

    The site shows the registry entires for this virus. I dont think it removed it the entries so I'll have to remove the entries and rerun norton again...

    Btw- I use zonealarm but doesnt say much about the prog.
    0
     
    LVL 49

    Expert Comment

    by:sunray_2003
    have you tried to disable system restore if you have xp ?

    navigate in all these locations and remove if you see the presence of that virus

    http://windowsxp.mvps.org/Startup.htm

    Remove temporary internet files, folders and cookies
    Also remove windows Temp files going to

    1) Start --> run --> typein:  %systemroot%/temp
    2) Start  --> run --> typein: %temp%
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    >> so I'll have to remove the entries and rerun norton again...

    this time plzz run it and delete the keys and files in Safemode :)
    0
     

    Author Comment

    by:Kunio7
    Ok! I finally cleaned it out! Using the Norton link
    ( http://securityresponse.symantec.com/avcenter/venc/data/adware.margoc.html ) I found, it showed me how to remove it correctly.

    However, Norton neglects to tell you how to remove the third file that is randomly generated. To get rid of it, look at the registry entry. The entry shows what file XP is running at startup. Take note of the file name in the entry and look for it in C:\windows\system32 (it maybe just C:\windows in some cases). Erase it and everything should be clean (after following the instructions in the link).


    Argh, I have no idea how to do this point system. A couple of you guys did point me in the right direction. But in the end, I did provided the solution by providing the Norton link, showing the "accepted answer" from that link.

    Um..what should I do? I'll probably split the points to the people who pointed me in the right direction, but what about the "Accepted answer"? Is it possible to make this message the accepted answer?
    0
     
    LVL 2

    Expert Comment

    by:adam1213
    You had support that you ended up using to fix this (norton website, location from firewall) from more than one person, split points.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Course: MongoDB Object-Document Mapper for NodeJS

    NodeJS (JavaScript on the server) is awesome, but some developers get confused about NoSQL when it comes to working in Node with MongoDB (NoSQL database). Do you need a better explanation of how to use Node.js with MongoDB? The most popular choice is the Mongoose library.

    Email attacks are the most efficient and effective way for cyber criminals and hackers to compromise a computer or network. We often find our-self second guessing the authenticity of an email message, for such instances we can follow practical princ…
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now