Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

w32tm.exe


  • Please log in to reply
3 replies to this topic

#1 melispike

melispike

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 15 July 2005 - 02:27 AM

One of my spyware programs has identified this as a trojan - I have located it and tried to delete it but after I do it reappears within a few seconds. I don't know how to get rid of it! Is there a secret? Can someone tell me?

BC AdBot (Login to Remove)

 


#2 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 15 July 2005 - 02:50 AM

If you think you are infected submit a hijackthis log here.

How to submit a hijackthis log

Download Hijackthis

Try running Sysclean you'll also need the virus template file from here lpt***.zip

or

DrWeb CureIT

If your good with the command line also try Sophos Command Line scanner

Also try running A2 Free and Ewido

I'd also run Spybot and Adaware if you've not already done so.

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt"

At the C:\ prompt type the following:-

cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

#3 rmm55

rmm55

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 15 July 2005 - 10:49 AM

Go to www.sysinternals.com and download Processexplorer and Autoruns. Save them both to a new folder in C:\. Run processexplorer and look for this w32tm.exe find it and kill the process and its tree. If it generates itself boot into safe mode. Use autoruns in safe mode to delete any nasties you see from starting on bootup.
Roy Mel - YourTechOnline technician
roy@no_spam_yourtechonline.com (remove no_spam_)

#4 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:07:38 AM

Posted 19 July 2005 - 02:39 PM

This is listed in Bleeping Computer's Startup Database

Name: Secboot
File Name: w32tm.exe 
X :  X - This status flags means the item should definitely not start up automatically. Items that have this flag are generally malware such as viruses, trojans,

Added by the Backdoor.Haxdoor.D backdoor. Found in the Windows system directory.



Download, update and run a-squared (aČ) Free in safe mode.

a-squared (aČ) is a complementary product to antivirus software and desktop firewalls on MS Windows computers. Antivirus software specializes in detecting classic viruses. Many available products have weaknesses in detecting other malicious software (Malware) like Trojans, Dialers, Worms and Spyware (Adware). aČ fills the gap that malware writers exploit.


Edited by Scarlett, 19 July 2005 - 02:40 PM.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users