Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected - Perflib_Perfdata file in Temp folder cannot be deleted


  • Please log in to reply
7 replies to this topic

#1 eprmjs

eprmjs

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 28 March 2009 - 08:26 AM

I have following files in the C:\WINDOWS\Temp file: Perflib_Perfdata_100 and Perflib_Perfdata_538. I have tried deleting them but to no avail (they are "in use"). I have scanned computer with NOD32, Spybot, Ad-aware, SUPERAntiSpyware, Malwarebytes' Anti-Malware but they do not seem to find anything. Have also tried a HiJackThis "Delete on Reboot" but no dice. I need help!

BC AdBot (Login to Remove)

 


#2 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 28 March 2009 - 08:37 AM

Welcom to this forum :thumbsup:

Have also tried a HiJackThis "Delete on Reboot" but no dice.


This method of approach is not really a good idea as, unless you know what this diagnosic tool is telling you ,you COULD delete more than you realise and remove a vital line and render the computer unbootable :trumpet:

May I suggest you post the reports from the Malwarebytes and Superantispyware programs for someone to review for you ? :flowers:

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:55 PM

Posted 28 March 2009 - 09:26 AM

To retrieve the MBAM scan log information, launch MBAB.
  • Click the Logs Tab at the top.
    • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
      -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 eprmjs

eprmjs
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 28 March 2009 - 10:42 AM

Thanks for the super fast reply!

MBAM Log:

Malwarebytes' Anti-Malware 1.34
Database version: 1853
Windows 5.1.2600 Service Pack 3

3/28/2009 2:38:05 PM
mbam-log-2009-03-28 (14-38-05).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------


Not sure Superantisptware has a log. Could get you a HiJackThis log.

#5 eprmjs

eprmjs
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 28 March 2009 - 10:44 AM

Disregard, sent wrong log. Will do a scan and resend. Apologies!

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:55 PM

Posted 28 March 2009 - 01:17 PM

HijackThis logs are not permitted in this forum.

Your MBAM log indicates you are using an older version of MBAM with an outdated database. Please download and install the most current version (1.35) from here.
You may have to reboot after updating in order to overwrite any "in use" protection module files.

Update the database through the program's interface (preferable way) or manually download the definition updates and just double-click on mbam-rules.exe to install.Then perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Edited by quietman7, 28 March 2009 - 01:24 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 eprmjs

eprmjs
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 29 March 2009 - 01:52 AM

Thanks for your patience! Latest MBAM scan with updated MBAM version:

Malwarebytes' Anti-Malware 1.35
Database version: 1911
Windows 5.1.2600 Service Pack 3

3/29/2009 4:41:13 AM
mbam-log-2009-03-29 (04-41-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 233896
Time elapsed: 1 hour(s), 11 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:55 PM

Posted 29 March 2009 - 07:25 AM

To retrieve the SAS scan log information, launch SAS.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
Please download OTMoveIt3 by OldTimer and save to your Desktop.
  • Double-click on OTMoveIt3.exe to launch the program. (If using Windows Vista, be sure to Run As Administrator)
  • Copy the file(s)/folder(s) paths listed below - highlight everything in the code box and press CTRL+C or right-click and choose Copy.
:Processes
explorer.exe

:Commands
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTMoveIt3, right-click in the open text box labeled "Paste Instructions for Items to be Moved" (under the yellow bar) and choose Paste.
  • Click the red MoveIt! button.
  • The list will be processed and the results will be displayed in the right-hand pane.
  • Highlight everything in the Results window (under the green bar), press CTRL+C or right-click, choose Copy, right-click again and Paste it in your next reply.
  • Click Exit when done.
  • A log of the results is automatically created and saved to C:\_OTMoveIt\MovedFiles \mmddyyyy_hhmmss.log <- the date/time the tool was run.
-- Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

Caution: Be careful of what you copy and paste with this tool. OTMoveIt is a powerful program, designed to move highly persistent files and folders.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users