Virus - Not too sure...HELP Plz...

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
My PC has started to throw up virus messages that has me a little on the
worried side.

I get a message saying..............

C\Documents and settings \Dave\Local Setings\Temp\WIN50.tmp.exe

Anit virus was unable to disinfect the file.Run the virus scan to verify
that other files on your system are not infected. The only option I have is
to select OK.......when I do..........the message changes to.....

C\Documents and settings \Dave\Local Setings\Temp\WIN58.tmp.exe

then

C\Documents and settings \Dave\Local Setings\Temp\WIN5a.tmp.exe
then
C\Documents and settings \Dave\Local Setings\Temp\WIN5e.tmp.exe
and finally
C\Documents and settings \Dave\Local Setings\Temp\SRVMIB(1).tmp.exe



When I reboot and scan........it finds nothing........then 20 mins
later.......up pops the message again............

Can anyone help me sort this mess out......

Thanks in advance

Dave :)



Re: Virus - Not too sure...HELP Plz...

Could you zip all the files it says are viruses and email them to me?
DB wrote:
Quoted text here. Click to load it


Re: Virus - Not too sure...HELP Plz...


| My PC has started to throw up virus messages that has me a little on the
| worried side.
|
| I get a message saying..............
|
| C\Documents and settings \Dave\Local Setings\Temp\WIN50.tmp.exe
|
| Anit virus was unable to disinfect the file.Run the virus scan to verify
| that other files on your system are not infected. The only option I have is
| to select OK.......when I do..........the message changes to.....
|
| C\Documents and settings \Dave\Local Setings\Temp\WIN58.tmp.exe
|
| then
|
| C\Documents and settings \Dave\Local Setings\Temp\WIN5a.tmp.exe
| then
| C\Documents and settings \Dave\Local Setings\Temp\WIN5e.tmp.exe
| and finally
| C\Documents and settings \Dave\Local Setings\Temp\SRVMIB(1).tmp.exe
|
| When I reboot and scan........it finds nothing........then 20 mins
| later.......up pops the message again............
|
| Can anyone help me sort this mess out......
|
| Thanks in advance
|
| Dave :)
|


What anti virus software is this ?

What was the EXE indentified as ?

It looks like whatever it is it has a another process running that will recreate
the file
used at reboot and alternativly load them.

Perhaps this process is running as a DLL in Winlogon Notify.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Virus - Not too sure...HELP Plz...

Im using AVG and also have Blueyonders PC guard on the system...

I cant even find the files nevermind send them..

Dave :)


Quoted text here. Click to load it



Re: Virus - Not too sure...HELP Plz...


| Im using AVG and also have Blueyonders PC guard on the system...
|
| I cant even find the files nevermind send them..
|
| Dave :)


Malware will often hide using the System-Hidden file attributes.  Additionally,
malware may
hook into EXPLORER.EXE and their files will be hidden from view from a Windows
GUI browse of
a folder.

Those files CAN be found in a Command Prompt after issuing the commmand...

attrib -A -R -S -H .\path\file_spec

where .\path\file_spec  is the fully qualified name and path to the file(s) or
fully
qualified path and by using wildcards for the filename.

Example...
attrib -A -R -S -H "C\Documents and settings\Dave\Local Setings\Temp\*.*"

You indentified AVG as that anti virus application BUT have not identified what
AVG has
declared the files to be infected with.

BTW:  Do NOT send malware to people who request them unless you can fully verify
them as
being trustworthy and capable in properly dealing with malware and not spreading
malware.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Virus - Not too sure...HELP Plz...

David....thanks for the advice.....i'll do all you suggest on sunday
afternoon....and get back...cheers

Dave :)


Quoted text here. Click to load it



Site Timeline