?
Solved

Malware Removal - tsupdate.ini

Posted on 2008-02-08
13
Medium Priority
?
303 Views
Last Modified: 2013-12-08
I have  Temproary Internet FIles which has been identified as Malware, but wont delete "TSUPDATE.ini"  it also had a reference location of targetsaver.com.I could not find any instructions on removal, just links to purchase something that would get rid of it.

I tried using both Ad-Aware, and Spy Bot Seek and Destroy.  Neither was able to get rid of the issue.

Can anyone help me out with this one? Thanks
Tommy
0
Comment
Question by:tburick
  • 8
  • 5
13 Comments
 
LVL 20

Expert Comment

by:IndiGenus
ID: 20857092
Definitely sounds like some Adware/Spyware...

It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
0
 

Author Comment

by:tburick
ID: 20857820
IndiGenus,

I will post this on monday (computer is at work) but thanks for the tip... I will be sure to attach and not post the log.
0
 

Author Comment

by:tburick
ID: 20866667
Here is the HiJackthis Log, thanks again for any assistance!!
Tom
hijackthis.log
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 20

Accepted Solution

by:
IndiGenus earned 2000 total points
ID: 20867551
Run HijackThis. Click on None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

---------------------------------

O4 - HKCU\..\Run: [irkq] C:\PROGRA~1\COMMON~1\irkq\irkqm.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

---------------------------------

Then close all windows except this one and press Fix checked.

Then delete the following folders:

C:\PROGRAM FILES\COMMON FILES\irkq
C:\PROGRAM FILES\Web Offer

Reboot and upload a new HijackThis log. Let me know how it's running too.
0
 

Author Comment

by:tburick
ID: 20868271
I was able to delete the above, however the ini file tsupdate.ini located at C:\Documents and Settings\jsharmon\Local Settings\Temporary Internet Files\
Still cannot be deleted.  It has a internet address of http://dl.targetsaver.com/2k/tsupdate.ini in the description.  Delete is an option if I right click, but it does not go away.
Here is the latest HiJackfile.
hijackthis.log
0
 

Author Comment

by:tburick
ID: 20868370
I had the user test IE, and he is NOT getting redirected to the Targetsaver web sites.... So...... is there any harm in having that INI file sitting in his Temporary Internet files folder???  Or will it re-install the program?
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 20869123
I don't think it will "re-install" anything but not sure...

What happens when you try to delete the file? Does it give you an access error of some kind? What happens? You could also try one of the cleaner programs to clean up your temp files. Either ATFCleaner or CCleaner. Both are good. We could also try Killbox on the file.

0
 

Author Comment

by:tburick
ID: 20869210
I have not tried CCleaner, and it is usually the FIRST thing I go for.  I did use File Unlocker which allowed me to get rid of one of the directories, but so far so good, no re-infestation.  I will go ahead and try those utilites and see if we can get rid of that file.
0
 

Author Comment

by:tburick
ID: 20869227
Oh.... I forgot to answer the first part of your question... Nothing happens when I try to delete.  I right click, it shows the delete option, but the file never goes away.. Same thing if I go in via safe mode or another user..  But I am going to try one of the utilities you mentioned now.
0
 

Author Comment

by:tburick
ID: 20869782
Well, none of those would delete the file, Killbox went as far as to say "The file you want to delete does not seem to exist".  So, his computer is fine, and thats all that matters to me.  Thanks for your help
0
 

Author Closing Comment

by:tburick
ID: 31429303
Thanks again for helping me out... How do you gain the knowledge to read the HiJack logs??  I would love to be able to undertand those.  Any books you recommend?
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 20870337
OK sounds good! Don't think that file is what was causing problem any way. Think it was entries we fixed with HJT.

You're welcome,
Dave
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 20870354
Thank you for the grade and points.

No, no good books but there are outstanding online resources for learning this. Check out my blog for forums that teach this. Hope this helps.

http://www.anti-malwareoutlook.com/
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best. In Part 2 we'll look at which ones co-exist together and why it'…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question