Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Unrelenting Virus!

  • Please log in to reply
1 reply to this topic

#1 JWUequine08


  • Members
  • 23 posts
  • Gender:Female
  • Location:Rhode Island
  • Local time:12:24 PM

Posted 15 September 2006 - 10:25 PM

Hello all,
I am having a huge problem!!...well, at least I think I am...

I will try to keep it short and sweet...

My internet security is a program from my service provider, Cox Communications. About a week ago, it began alerting me to files that have been detected by the on-access scanning engine saying that they "could be infected with an unknown virus" in file C:\WINDOWS\Temp\win29.tmp.exe This, however, is not the only file name that has been listed, just an example of one...most seem to be all from the same place.

Naturally, an "unknown virus" would lead me to believe that I should update my virus definitions...which I have done. The strange thing is, though, that all the while, this program tells me I should do a complete virus scan after evey alert...but when I do, my computer gets a clean bill of health!...with all those alerts, I beg to differ!

I did a little investigating myself and went into the folder of origin...and noticed that all the files that have been reported somehow changed into applications...I am guessing the virus infects the files, and then tries to launch them as applications?

Anyway, I did a scan on House Call, which found quite a few infected files...I chose to delete them all (hope that was the right thing to do)...anyway, I am still getting the alerts...does ANYONE know what I should do?!

thanks in advance for all your input, and tell me if I have left anything out!

Mod Edit: Moved topic to more appropriate forum. ~ Animal

Edited by Animal, 16 September 2006 - 01:20 AM.

BC AdBot (Login to Remove)


#2 Enthusiast


  • Members
  • 5,898 posts
  • Location:Florida, USA
  • Local time:12:24 PM

Posted 15 September 2006 - 10:36 PM

If all the files are "temp" files, delete all your temp files.

In Internet Explorer click on "tools", then delete temp files and cookies.

Click on "My Computer"
Highlite your C drive
right click and click the "disk cleanup" button.

It will scan and then populate a message box which will give you a number of ways to reclaim disk space.
Uncheck everything except temp files - in other words, allow it to delete all temp files.
Temp files are temporary files and you do not need them.

After you accomplish the above you may want to post a HJT log in our HJT FORUM (not here) so it can be analyzed by our experts for malware.

Run both Adaware and Spybot Search and Destroy from safe mode, updating each program’s malware definitions before you scan and allowing both to fix what they find.

If you do not already have these freeware aps installed on your computer, you can get them at the following sites:

*AdAware SE: http://www.majorgeeks.com/download506.html

*Spybot S&D: http://www.safer-networking.org/en/index.html

Following that that I suggest you post a “HijackThis” log for expert assistance with your malware infection.

Read the pinned post in our “HijackThis” forum,
Carefully read and follow all directions explicitly.

Following instructions create a HJT log, and POST THE HJT LOG YOU CREATED IN OUR HJT FORUM – not in this forum,
at this link.
Include the specs for your computer (ie, processor, amount of RAM, brand or motherboard, etc, and briefly describe the problem you are experiencing.)

Unless you are expert at editing the registry, Do not use the Hijack This program to try to fix anything by yourself as even what may seem to be a small mistake can render your operating system inoperable.
Some files when in the correct folder for them may be fine while in another may be malware hiding.

A member of our expert HJT Team will analyze your log, make recommendations and offer assistance, walking you through the complete repair process.

It may take a period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Please be patient as this team is manned by volunteers. They will help you in order received as soon as possible.

Once you have posted your HJT log, please DO NOT make any additional posts in the HJT forum thread you created until you get a response from a member of our HJT expert team, and do not make any changes to your system (changes, including any attempted repairs, will make your computer to be different than displayed in the log you posted and therefore make your log inaccurate).

The first criteria the HJT Team has when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having had 1 reply.
A team member, looking for a new log that requires help might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, post your HJT Log in our HJT Forum (not here in this forum) and wait for a response from a HJT team member.

After you post your log, please do not make any changes to your computer. Discontinue trying to delete anything with any program as changes will make your HJT log obsolete and waste valuable time spent by our HJT experts analyzing the log made innacurate by changes and therefore their plan formulated to address the problems will also be obsolete.

If after 5 days you still have gotten no response, then post a re-request and a link to your HJT log HERE.

Make sure you post your HJT log in the HJT forum, not here, because if you post it here in this forum the response from our HJT Team will be delayed because the post will have to be moved before they see it and it will fall in line behind many others posted that same day.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users