Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

File keeps trying to download at start up


  • Please log in to reply
30 replies to this topic

#1 Ann M

Ann M

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 04 August 2011 - 09:20 PM

My computer is infected with a virus. When I start up the computer an internet explorer window opens up and a file download warning window pops up. the file is a .tmp file with a bunch of random numbers. I hit cancel to stop the download. My McAfee Anti Virus software says 'at risk'. I tried scanning but real time scanning shuts off and won't turn back on. I tried running a full scan but it won't scan (it says error occured,go to home screen and try again).I'm running Windows 7 on a dell laptop.
Thanks for your help and assistance.

Edited by Orange Blossom, 04 August 2011 - 10:08 PM.
Moved to AII for initial assistance. ~ OB


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:11 AM

Posted 04 August 2011 - 10:22 PM

Welcome aboard Posted Image

Download following two tools and then restart computer in Safe Mode and run them from there.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe


* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

======================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Ann M

Ann M
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 05 August 2011 - 11:31 PM

Thanks for your help. Before I start doing anything I was wondering if it would be wise to back up my computer now incase I have issues removing the malware/ virus. My computer did not come with recovery discs- I have to use a program to create them myself. I have dell data safe local backup program. I don't know if its too late to use it now.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:11 AM

Posted 05 August 2011 - 11:36 PM

It's always a wise idea to have a backup of your data.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Ann M

Ann M
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 07 August 2011 - 12:01 PM

Hi I'm trying to use rkill-I used the first link.The download window opened and I clicked 'run'. Then a UAC window opened and I clicked ok to make changes on my computer. A semi transparent screen flashed a couple times but I don't see the program downloaded to my desktop. I don't know where the file went. How do I delete and start again?

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:11 AM

Posted 07 August 2011 - 12:05 PM

Are you in Safe Mode?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Ann M

Ann M
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 07 August 2011 - 12:08 PM

I'm not in safe mode. I was not sure If I was supposed to download in normal mode or safe mode. Was I supposed to 'save' RKill as opposed to 'run' RKill from the link you provided? Also I remember when it was downloading it said it was downloading to a temp folder if that helps.

Edited by Ann M, 07 August 2011 - 12:10 PM.


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:11 AM

Posted 07 August 2011 - 12:10 PM

Was I supposed to 'save' RKill as opposed to 'run' RKill from the link you provided?

Yes. Same for Malwarebytes.
Then restart in Safe Mode and run rKill+MBAM from there.

Download following two tools and then restart computer in Safe Mode and run them from there.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Ann M

Ann M
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 07 August 2011 - 12:20 PM

I clicked on the mbam link u gave me and clicked 'download now' for the free version. It sent me to a link http://download.cnet.com with a mbam download and reviews on it. Is the the right page for me? When I restart in safe mode do I need to be in safe mode with networking?

Edited by Ann M, 07 August 2011 - 12:20 PM.


#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:11 AM

Posted 07 August 2011 - 12:22 PM

Is the the right page for me?

Yes.

When I restart in safe mode do I need to be in safe mode with networking?


You may as well. This way you should be able to update MBAM.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Ann M

Ann M
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 07 August 2011 - 01:00 PM

I ran RKILL and it said no processes were terminated. Here is the MBAM Log:
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\-428667349 (Trojan.Agent) -> Value: -428667349 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Studio15\AppData\Local\Temp\tmph5019807282999958187.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:11 AM

Posted 07 August 2011 - 01:11 PM

MBAM log is incomplete.
Please re-run it.
Post new log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Ann M

Ann M
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 07 August 2011 - 01:24 PM

I reran MBAM and got the following log. This and the previous log were done with quick scan. Should I be running a full scan instead?
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7402

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

8/7/2011 2:21:14 PM
mbam-log-2011-08-07 (14-21-14).txt

Scan type: Quick scan
Objects scanned: 175303
Time elapsed: 1 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:11 AM

Posted 07 August 2011 - 01:38 PM

Good.

Now, restart in normal mode and see if you can update and run MBAM's "Quick scan" from there.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Ann M

Ann M
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 07 August 2011 - 01:51 PM

MBAM ran in normal mode. There are 2 items in quarantine from the very first scan. Here's the latest log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7402

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/7/2011 2:48:42 PM
mbam-log-2011-08-07 (14-48-42).txt

Scan type: Quick scan
Objects scanned: 176434
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users