Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

*******.tmp process keeps popping up


  • Please log in to reply
1 reply to this topic

#1 hanzue

hanzue

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 19 April 2015 - 11:41 AM

Hello! Let me preface this by saying that I am on Windows 8.1 and prior to these problems I had no active AV whatsoever, not even the Windows Defender.

 

All this started(?) when I somehow got infected with a search redirector(luckysearches.com), Wajam, some bogus security software and something called Xtab(?). This prompted me to install MalwareBytes and i felt like it removed most of the problems and these might be leftover symptoms from that infection.

 

So there's something that keeps creating these processes on my computer. The name of the process is just a bunch of random letters and numbers with a .tmp extension and a bogus description like "Plug and Play Square Bracket". I thought I had gotten rid of it but it still keeps popping up. I've tried to google similar symptoms but I can't find a case close enough to mine.

 

On a possibly related note, I've had this console window popup named bitsadmin.exe. So I've found it's what Microsoft uses to push updates but I caught a window once (that I cancelled) and the description in the event viewer is: "BITS started the amijob transfer job that is associated with the hxxp://d2atxjfenx9iqu.cloudfront.net/Updater.exe URL". There's one other mention of this on google and the current situation of that posters computer seems ambiguous. So I just wanted to know if that means anything and if it's related to the .tmp processes.

 

Those are all the questions I have. Thank you!

 

EDIT: The IP 46.108.230.209 keeps getting detected by MalwareBytes as a malicious website inbound to my PC through svchost.exe. Should I be concerned? Yes I have a torrent program running but shouldn't it say that it's through that process instead?


Edited by hanzue, 19 April 2015 - 12:29 PM.


BC AdBot (Login to Remove)

 


m

#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 19 April 2015 - 04:19 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users