Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Temp0.exe


  • Please log in to reply
2 replies to this topic

#1 researchvet

researchvet

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 06 July 2008 - 11:10 PM

I am fairly certain that I am infected with something. I have run Adaware, McAfee Virus, SDFix, CCleaner, Malwarebytes, and others... to no avail. McAfee Access Protection is alerting me to its existence. It posts a log note like this:

7/6/2008 10:30:27 PM Would be blocked by Access Protection rule (rule is currently not enforced) **\TEMP0.EXE C:\Documents and Settings\xxx\Local Settings\TEMP\TEMP0.EXE Anti-spyware Maximum Protection:Prevent all programs from running files from the Temp folder Action blocked : Execute

I have googled this and some say that it is associated with Real Player-- which I haven't used-- and others say it is a virus. However, I haven't been able to determine how to get rid of it.


I should note that before scanning for viruses with various programs I also received notes like this:

6/29/2008 2:46:39 AM Blocked by port blocking rule C:\Program Files\DNA\btdna.exe Anti-virus Standard Protection:Prevent IRC communication 83.52.204.164:6666


Any thoughts?


Also, after dling all of those spyware removal tools--from legit sites-- the same access protection log has been sending me other warnings such as:

7/6/2008 11:13:05 PM Blocked by Access Protection rule C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mcafeeframework Common Standard Protection:Prevent modification of McAfee Common Management Agent files and settings Action blocked : Write

-or- (per suggestion from this site)

7/6/2008 10:18:45 PM Would be blocked by Access Protection rule (rule is currently not enforced) C:\SDFix\catchme.exe C:\Documents and Settings\xxxx\Local Settings\Temp\catchme.dll Anti-spyware Maximum Protection:Prevent all programs from running files from the Temp folder Action blocked : Execute


Help with Temp0.exe and help with these new alerts after downloading these programs that were supposed to help?

Thank you!

Edited by researchvet, 07 July 2008 - 04:32 PM.


BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 07 July 2008 - 09:40 AM

Hi,

Go to www.virustotal.com
Upload the files you get warnings from.

post the results in your next reply. :thumbsup:

#3 researchvet

researchvet
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 07 July 2008 - 03:44 PM

Hi,

Go to www.virustotal.com
Upload the files you get warnings from.

post the results in your next reply. :thumbsup:


Unfortunatley, I cannot find the Temp0.exe file. When I follow C:\Documents and Settings\xxx\Local Settings\TEMP\TEMP0.EXE it is not there. A search also neglects to find it but McAfee keeps finding it. Others seem to be reporting that they are also unable to find the file on their computer. Strangely, I do not seem to have a "local settings" folder. In my temp folder (in program files), however I do not see the file.


Here are a few other suspicious files I put through that online program:
File DNAcpl.cpl received on 05.22.2008 18:31:44 (CET)
Current status: finished
Result: 0/32 (0.00%)

Antivirus Version Last Update Result
AhnLab-V3 2008.5.22.1 2008.05.22 -
AntiVir 7.8.0.19 2008.05.22 -
Authentium 5.1.0.4 2008.05.22 -
Avast 4.8.1195.0 2008.05.22 -
AVG 7.5.0.516 2008.05.22 -
BitDefender 7.2 2008.05.22 -
CAT-QuickHeal 9.50 2008.05.22 -
ClamAV 0.92.1 2008.05.22 -
DrWeb 4.44.0.09170 2008.05.22 -
eSafe 7.0.15.0 2008.05.22 -
eTrust-Vet 31.4.5812 2008.05.22 -
Ewido 4.0 2008.05.22 -
F-Prot 4.4.2.54 2008.05.16 -
F-Secure 6.70.13260.0 2008.05.22 -
Fortinet 3.14.0.0 2008.05.22 -
GData 2.0.7306.1023 2008.05.22 -
Ikarus T3.1.1.26.0 2008.05.22 -
Kaspersky 7.0.0.125 2008.05.22 -
McAfee 5300 2008.05.21 -
Microsoft 1.3520 2008.05.22 -
NOD32v2 3122 2008.05.22 -
Norman 5.80.02 2008.05.22 -
Panda 9.0.0.4 2008.05.22 -
Prevx1 V2 2008.05.22 -
Rising 20.45.32.00 2008.05.22 -
Sophos 4.29.0 2008.05.22 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.22 -
TheHacker 6.2.92.317 2008.05.22 -
VBA32 3.12.6.6 2008.05.22 -
VirusBuster 4.3.26:9 2008.05.22 -
Webwasher-Gateway 6.6.2 2008.05.22 -
Additional information
File size: 32866 bytes
MD5...: ba463d49f44aa8ef719eff75c91f42e2
SHA1..: f0876b1cd0681b926c5102b33ccd78e2c16908e4
SHA256: a11d6ef2938de16f31c9963b338fa11d2e232a58cc1a12ec07cc0d66a52242b4
SHA512: 954d00a0bd4ebbb8e33a13480bb2a43e26a0689a84cef19d96e60eb40ede8d32
07ba95c9baf26a3fec460711e80ba239d8943d497862a1f72bca1695c2b9fd32
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100015ff
timedatestamp.....: 0x4816098e (Mon Apr 28 17:29:50 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x718 0x1000 3.18 787471c874b7bb75aa8c6c28450bb7df
.rdata 0x2000 0x407 0x1000 1.53 fed78b4551a459e7bdd39a7b0cf93b24
.data 0x3000 0x270 0x1000 1.19 bdb94a7005f6242e5e47331826bb1c2f
.rsrc 0x4000 0x2b10 0x3000 4.48 01600bf0c131cf063928489c7d1b6815
.reloc 0x7000 0x12e 0x1000 0.66 e8f274e7a49ece098d99124cc3d2ff02

( 6 imports )
> COMCTL32.dll: -
> KERNEL32.dll: lstrcatA, WinExec, GetModuleHandleA, GetVersion, DisableThreadLibraryCalls
> USER32.dll: SendMessageA, MessageBoxA, DialogBoxParamA, wsprintfA, LoadIconA, EndDialog, SetTimer, DestroyWindow, SendMessageTimeoutA, PostMessageA, FindWindowA, GetDlgItem, SetWindowTextA
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> SHELL32.dll: ShellExecuteA
> MSVCRT.dll: __dllonexit, _adjust_fdiv, malloc, _initterm, free, _onexit

( 1 exports )
CPlApplet


This is one about SDFix that this site recommended I dl.

File catchme.exe received on 06.29.2008 02:01:32 (CET)
Current status: finished
Result: 6/33 (18.18%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - W32/Heuristic-KPP!Eldorado
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - (Suspicious) - DNAScan
ClamAV - - -
DrWeb - - -
eSafe - - Virus in password protected archive
eTrust-Vet - - -
Ewido - - -
F-Prot - - W32/Heuristic-KPP!Eldorado
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - VIPRE.Suspicious
Symantec - - -
TheHacker - - -
TrendMicro - - PAK_Generic.001
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: 20bb6e71b06c072260c51e6325b33b3c
SHA1: 1e3d2b252a8449c1acb3cedd155db73ef4ae38d7
SHA256: 8c3b1e5f95f40fe859f45b21c383c295c43e0acd127512d9bb374b905e6850ed
SHA512: 995a805aad03042d0fd32e2aeebbb8cda813fb0a57165f8c6ba33629ce51cf9d04dda041a548b8a1f2a9c75c24c479d063587a37bb541cd4a5fde38dc147556c


Can you explain what to do about the DNA file?

Also, why is SDFix being picked up as potentially malicious?

Finally, what about the mysterious Temp0.exe?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users