Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus causing redirects, pop-ups and audio ads & tmp + dat + exe files in Temp Internet folder


  • Please log in to reply
1 reply to this topic

#1 Martin M

Martin M

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 25 July 2009 - 08:37 PM

Hi,

this is my first post here and I hope you guys can help me figure out what virus/malware I have and how to get rid of it.

Yesterday I wanted to download a keygen for a friend and I think that was most likely the source of this problem - "Microsoft Office 2007 Keygen ed500"

After downloading the file and starting it I'm consistantly getting redirected to advertisment pages, popups show up on every website, pc gets very slow as most of the performance is used for the malware processes and sometimes I even get audio ads out of nowhere!

The task manager shows a .tmp process the last was called D468.tmp but whenever I restart the pc it's another name. It is possible to end the process and when you go to show the location of the process it's shown to be in the Temporary internet files folder - once the process ist stopped I can delete the files (.tmp & .dat & .exe files) in a folder named "low". The redirects and popups still continue even after deleting the files.

After restarting the system and internet explorer the files in the Temp folder are created again and the Process exists again just with another name.

I took a look at the startup menu in msconfig and found a process called "monopod" from an unknown manufacturer and located in the same folder - User/AppData/Local/Temp/Low/b.exe ... I disabled it, deleted the folder & files, restarted and the files were again created (the monopod process was still disabled).

The notebook runs on Windows Vista, has AVG Free Antivirus installed and updated (scans don't find anything) and Internet Explorer is used to go online.

I don't really know what virus this could be, where to find it and how to get rid of it - I would be very thankful for your advice!!

Thx in advance!

Martin

BC AdBot (Login to Remove)

 


m

#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:04 AM

Posted 26 July 2009 - 07:58 PM

Run a scan with AVG in safe mode and let us know what it finds.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users