General discussion

Suspected Malware Infestation

Am using WinXP Pro SP1 along with AVG7 Free Edition, Spybot Search & Destroy, AdAware, SpySweeper, SpywareBlaster, Microsoft AntiSpyware Beta.
Have scanned for virus with online Panda Activescan, RAV Antivirus, Symantec and Housecall. Everything clear.
I suspect my system is somehow infected with some malware because :

a) Can delete all but one or two TMP file like ~DF1572, ~DFF186 in C:\Documents and Settings\username\Local Settings\Temp
On trying to delete get message "...is in use by another application and cannot be accessed." .
Even after using GiPo@MoveOnBoot at the next boot new files crop up
Even after deleting in Safe Mode on rebooting new files crop up.


Need expert help to solve my problem.

Nariman

Discussion is locked

Follow
Reply to: Suspected Malware Infestation
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Suspected Malware Infestation
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Re: Suspected Malware Infestation

One of the startup items creates the two temporary files and locks them. That's why you can't delete in normal mode. However, it could be a legit application/service that uses them.

Your first troubleshooting tool it's either msconfig or task manager whichever way you're comfortable with. In task manager, you kill some third party processes and try deleting the two temp files until you'll find the responsible. In msconfig, you disable some and isolate the cause.

There are other methods too, but you've got the idea.

Good Luck,

Cetin

Trying to unweave, unwind, unravel
And piece together the past and the future,


T. S. Eliot

- Collapse -
Couple of things

First, always disable system restore when doing spyware scans. Otherwise there's a chance you'll be reinfested upon your next bootup.

Second, install SP2 immediately. IE6 is insecure enough without you leaving a number of huge gaping holes that were fixed in SP2. Even if you don't use IE, it doesn't mean it can't be exploited thanks to the wonderously dumb idea on Microsoft's part to integrate the browser into the OS. Those huge gaping holes are often one of the primary ways spyware authors get their stuff onto your system in the first place.

- Collapse -
Perhaps.

When you start Windows, dozens of programs are already running - many of them invisible and running in the background. "AutoStart Viewer" allows you to see every autostart on your system, all on the one screen. In addition, it gives you complete control over the autostart references, and allows you to modify or delete them at will. Key features are:

? Over 50 different autostart locations monitored!

? Right-click menu allows you to take complete control over each autostart

? Add New Autostart feature allows you to add new programs to automatically start

? Save/Print functions allow you to take snapshots

? Resizable, easy-to-use interface that shows every autostart on the one display

? All sizes, positions and settings are remembered

CNET Forums

Forum Info