0240.exe - unknown prog accessing the net

Recently, I noticed an an prog access the internet called 0240.exe

My firewall picked it up and I denied it permission everytime to acess the internet. I've updated Spybot and Adaware, but they dont detect anything with 0240.exe

Anybody have any idea what 0240.exe is?
Kunio7Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SheharyaarSaahilCommented:
Hello Kunio7 =)

goto Start>Run>msconfig>Startup
and untick all other application except av and firewall software
restart in safemode, search for this file, and delete it if found
reboot bacn in normal mode to chck for the problem now ??
0
sunray_2003Commented:
Hi Kunio7,

It doesnot look like a genuine process atall.
Just check to see if it is running in the task manager.
Download this http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
and see if it would report anything about that file.

If there is no information , I would suggest you remove it.
if you cannot remove that file in normal mode, log into safe mode and delete it.

Also make sure to scan for virus and spywares in the system

SR..

SR..
0
sunray_2003Commented:
a) Update your virus definitions in your Anti-virus and run it.

b) Download Stinger from here : http://vil.nai.com/vil/stinger/  and run it.

c) Use this Online virus scanner also : http://housecall.trendmicro.com/ 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

SheharyaarSaahilCommented:
>> Anybody have any idea what 0240.exe is?

Its surealy a faked process...... so no need to keep it on ur system :)
Also dont forget to run ur Adaware, Spybot, and AV scan in safemode to make sure they dont pick anything !!
and run Disk Cleanup to delete all the temp files from ur hard drive also :)
0
adam1213Commented:
To begin with where on your hard drive is it.
Your firewall should be able to tell you where it is please tell me what it says.

Which firewall do you have
0
shahrialCommented:
It's a valid application, RECALC Computersystem PCA 5.5.
try Alt + C to see if anything happens.
For details see the link.
http://www.recalc.nl/pcablok.html

Anyway as most experts recommends, if not in use, just remove it.
0
Kunio7Author Commented:
Well, I figured out what 0240.exe is-

http://securityresponse.symantec.com/avcenter/venc/data/adware.margoc.html


Removal is gonna take a while, but at least I got an idea where to start.

Thx for the feedback guys, I'll post the results soon

0
SheharyaarSaahilCommented:
hmmmmm means u have those other files also from this adware ?? :)
weird.... :-/
0
Kunio7Author Commented:
I did run norton and it did remove the virus.

However, the virus showed up again!

The site shows the registry entires for this virus. I dont think it removed it the entries so I'll have to remove the entries and rerun norton again...

Btw- I use zonealarm but doesnt say much about the prog.
0
sunray_2003Commented:
have you tried to disable system restore if you have xp ?

navigate in all these locations and remove if you see the presence of that virus

http://windowsxp.mvps.org/Startup.htm

Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%
0
SheharyaarSaahilCommented:
>> so I'll have to remove the entries and rerun norton again...

this time plzz run it and delete the keys and files in Safemode :)
0
Kunio7Author Commented:
Ok! I finally cleaned it out! Using the Norton link
( http://securityresponse.symantec.com/avcenter/venc/data/adware.margoc.html ) I found, it showed me how to remove it correctly.

However, Norton neglects to tell you how to remove the third file that is randomly generated. To get rid of it, look at the registry entry. The entry shows what file XP is running at startup. Take note of the file name in the entry and look for it in C:\windows\system32 (it maybe just C:\windows in some cases). Erase it and everything should be clean (after following the instructions in the link).


Argh, I have no idea how to do this point system. A couple of you guys did point me in the right direction. But in the end, I did provided the solution by providing the Norton link, showing the "accepted answer" from that link.

Um..what should I do? I'll probably split the points to the people who pointed me in the right direction, but what about the "Accepted answer"? Is it possible to make this message the accepted answer?
0
adam1213Commented:
You had support that you ended up using to fix this (norton website, location from firewall) from more than one person, split points.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.