Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

0240.exe - unknown prog accessing the net

Posted on 2004-10-24
13
Medium Priority
?
255 Views
Last Modified: 2013-11-16
Recently, I noticed an an prog access the internet called 0240.exe

My firewall picked it up and I denied it permission everytime to acess the internet. I've updated Spybot and Adaware, but they dont detect anything with 0240.exe

Anybody have any idea what 0240.exe is?
0
Comment
Question by:Kunio7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +2
13 Comments
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 375 total points
ID: 12396602
Hello Kunio7 =)

goto Start>Run>msconfig>Startup
and untick all other application except av and firewall software
restart in safemode, search for this file, and delete it if found
reboot bacn in normal mode to chck for the problem now ??
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12396606
Hi Kunio7,

It doesnot look like a genuine process atall.
Just check to see if it is running in the task manager.
Download this http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
and see if it would report anything about that file.

If there is no information , I would suggest you remove it.
if you cannot remove that file in normal mode, log into safe mode and delete it.

Also make sure to scan for virus and spywares in the system

SR..

SR..
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 375 total points
ID: 12396610
a) Update your virus definitions in your Anti-virus and run it.

b) Download Stinger from here : http://vil.nai.com/vil/stinger/  and run it.

c) Use this Online virus scanner also : http://housecall.trendmicro.com/ 
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12396612
>> Anybody have any idea what 0240.exe is?

Its surealy a faked process...... so no need to keep it on ur system :)
Also dont forget to run ur Adaware, Spybot, and AV scan in safemode to make sure they dont pick anything !!
and run Disk Cleanup to delete all the temp files from ur hard drive also :)
0
 
LVL 2

Expert Comment

by:adam1213
ID: 12398227
To begin with where on your hard drive is it.
Your firewall should be able to tell you where it is please tell me what it says.

Which firewall do you have
0
 
LVL 7

Expert Comment

by:shahrial
ID: 12400066
It's a valid application, RECALC Computersystem PCA 5.5.
try Alt + C to see if anything happens.
For details see the link.
http://www.recalc.nl/pcablok.html

Anyway as most experts recommends, if not in use, just remove it.
0
 

Author Comment

by:Kunio7
ID: 12405987
Well, I figured out what 0240.exe is-

http://securityresponse.symantec.com/avcenter/venc/data/adware.margoc.html


Removal is gonna take a while, but at least I got an idea where to start.

Thx for the feedback guys, I'll post the results soon

0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12406004
hmmmmm means u have those other files also from this adware ?? :)
weird.... :-/
0
 

Author Comment

by:Kunio7
ID: 12406096
I did run norton and it did remove the virus.

However, the virus showed up again!

The site shows the registry entires for this virus. I dont think it removed it the entries so I'll have to remove the entries and rerun norton again...

Btw- I use zonealarm but doesnt say much about the prog.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12406101
have you tried to disable system restore if you have xp ?

navigate in all these locations and remove if you see the presence of that virus

http://windowsxp.mvps.org/Startup.htm

Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12406129
>> so I'll have to remove the entries and rerun norton again...

this time plzz run it and delete the keys and files in Safemode :)
0
 

Author Comment

by:Kunio7
ID: 12407581
Ok! I finally cleaned it out! Using the Norton link
( http://securityresponse.symantec.com/avcenter/venc/data/adware.margoc.html ) I found, it showed me how to remove it correctly.

However, Norton neglects to tell you how to remove the third file that is randomly generated. To get rid of it, look at the registry entry. The entry shows what file XP is running at startup. Take note of the file name in the entry and look for it in C:\windows\system32 (it maybe just C:\windows in some cases). Erase it and everything should be clean (after following the instructions in the link).


Argh, I have no idea how to do this point system. A couple of you guys did point me in the right direction. But in the end, I did provided the solution by providing the Norton link, showing the "accepted answer" from that link.

Um..what should I do? I'll probably split the points to the people who pointed me in the right direction, but what about the "Accepted answer"? Is it possible to make this message the accepted answer?
0
 
LVL 2

Expert Comment

by:adam1213
ID: 12408194
You had support that you ended up using to fix this (norton website, location from firewall) from more than one person, split points.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware, the malware that locks down its victim’s files until they pay up, has always been a frustrating issue to deal with. However, a recent mobile ransomware will make the issue a little more personal… by sharing the victim’s mobile browsing h…
What we learned in Webroot's webinar on multi-vector protection.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question