Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SD6A91549.tmp file in my windows folder, can't get rid of it


  • Please log in to reply
3 replies to this topic

#1 trevorh

trevorh

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 07 January 2009 - 02:22 PM

Hi people!

Recently ran into a bit of trouble with some malware - virtumonde and a couple others. I did a cleanup using spybot, malwarebytes, HJT, and finally, SDFix.

The only thing that seems to be left is a stubborn file in my C:\windows folder named SD6A91549.tmp - that I can only delete in safe mode, but it returns as soon as I boot into normal mode...? Trying to delete in normal mode gives me a "file is in use..." message.

Has anyone else seen this or have some advice for me here please??

Thanks a lot!
trev

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:50 PM

Posted 07 January 2009 - 02:59 PM

MBAM has a built-in FileAssassin feature for removing stubborn malware files.
  • Go to the "More Tools" tab and click on the "Run Tool" button
  • Browse to the location of the file(s) to remove using the drop down box next to "Look in:" at the top.
  • When you find the file(s), click "Open".
  • You will be prompted with a message warning: This file will be permanently deleted. Are you sure you want to continue?. Click Yes.
  • If removal did not require a reboot, you will receive a message indicating the file was deleted successfully, however, I recommend you reboot anyway.

Caution: Be careful what you delete. FileAssassin is a powerful program, designed to move highly persistent files. Using it incorrectly could lead to serious problems with your operating system.


If the file returns, then you probably still have malware on your system which is regenerating it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 trevorh

trevorh
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 07 January 2009 - 04:05 PM

Hi, thanks for that info...

yes the file returns, whether I delete it in safe mode, or with MBAM's file tool.

the file is 0 bytes, is in use by process "SYSTEM" (PID=4) - so it's not like I can kill the process :thumbsup:

I've scanned with spybot, MBAM, SuperAntiSpyware, SDFix, and HJT - all come up clean...

Am I just paranoid perhaps??

btw, XP sp3, 4gb

thanks again if you can consider any other advice,
trev

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:50 PM

Posted 08 January 2009 - 08:00 AM

Please post the results of the MBAM log which found/removed any items, not the last one which did not find anything.

To retrieve the MBAM scan log information, launch MBAB.
Click the Logs Tab at the top.
mbam-log-2008-10-12(13-35-16).txt should show in the list. <- your dates will be different from this exampe
Click on the log name to highlight it.
Go to the bottom and click on Open.
The log should automatically open in notepad as a text file.
Go to Edit and choose Select all.
Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
Come back to this thread, click Add Reply, then right-click and choose Paste.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users