Help
One of my spyware programs has identified this as a trojan - I have located it and tried to delete it but after I do it reappears within a few seconds. I don't know how to get rid of it! Is there a secret? Can someone tell me?
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Page 1 of 1
w32tm.exe Help me get rid of this little £$%*
Back to top
#2
- Distinguished Member
-
- Group: Members
- Posts: 641
- Joined: 25-November 04
Posted 15 July 2005 - 02:50 AM
If you think you are infected submit a hijackthis log here.
How to submit a hijackthis log
Download Hijackthis
Try running Sysclean you'll also need the virus template file from here lpt***.zip
or
DrWeb CureIT
If your good with the command line also try Sophos Command Line scanner
Also try running A2 Free and Ewido
I'd also run Spybot and Adaware if you've not already done so.
If your using Win2K/XP run adaware/spybot from "safe mode with command prompt"
At the C:\ prompt type the following:-
cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe
How to submit a hijackthis log
Download Hijackthis
Try running Sysclean you'll also need the virus template file from here lpt***.zip
or
DrWeb CureIT
If your good with the command line also try Sophos Command Line scanner
Also try running A2 Free and Ewido
I'd also run Spybot and Adaware if you've not already done so.
If your using Win2K/XP run adaware/spybot from "safe mode with command prompt"
At the C:\ prompt type the following:-
cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe
#3
- Member
-
- Group: Members
- Posts: 35
- Joined: 03-June 05
Posted 15 July 2005 - 10:49 AM
Go to www.sysinternals.com and download Processexplorer and Autoruns. Save them both to a new folder in C:\. Run processexplorer and look for this w32tm.exe find it and kill the process and its tree. If it generates itself boot into safe mode. Use autoruns in safe mode to delete any nasties you see from starting on bootup.
Roy Mel - YourTechOnline technician
roy@no_spam_yourtechonline.com (remove no_spam_)
roy@no_spam_yourtechonline.com (remove no_spam_)
#4
- Bleeping Diva
-
- Group: Members
- Posts: 7,479
- Joined: 25-April 04
- Gender:Female
- Location:As always I'm beside myself ;)
Posted 19 July 2005 - 02:39 PM
This is listed in Bleeping Computer's Startup Database
Download, update and run a-squared (a²) Free in safe mode.
Quote
Name: Secboot
File Name: w32tm.exe
X : X - This status flags means the item should definitely not start up automatically. Items that have this flag are generally malware such as viruses, trojans,
Added by the Backdoor.Haxdoor.D backdoor. Found in the Windows system directory.
File Name: w32tm.exe
X : X - This status flags means the item should definitely not start up automatically. Items that have this flag are generally malware such as viruses, trojans,
Added by the Backdoor.Haxdoor.D backdoor. Found in the Windows system directory.
Download, update and run a-squared (a²) Free in safe mode.
Quote
a-squared (a²) is a complementary product to antivirus software and desktop firewalls on MS Windows computers. Antivirus software specializes in detecting classic viruses. Many available products have weaknesses in detecting other malicious software (Malware) like Trojans, Dialers, Worms and Spyware (Adware). a² fills the gap that malware writers exploit.
This post has been edited by Scarlett: 19 July 2005 - 02:40 PM
Share this topic:
Page 1 of 1