Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

add or virus not recognized by anything

Status
Not open for further replies.
bookouri

bookouri

IS-IT--Management
Feb 23, 2000
1,464
US
Ive got a machine that has some kind of add ware or virus. But, Ive gone so far as to take the drive (ntfs) out of the machine and put it in another machine. Adaware and Spybot search and destroy cant find it. Norton Anti-Virus cant find it. Housecall cant find it. But there's something there. There is a folder in c:\temp called temp.arABCA and inside this folder are two folders.. cursor and temp.. If you try to go into either of these folders you get an access denied. If you look at their properties they are read only, but you get an access denied if you try to make them writeable. If you boot the machine, it creates a half dozen files starting with me_ and with a bunch of random characters...

all my antivirus, windows XP updates, adaware, and spybot are latest updates.

Does anybody have any suggestions how i can get rid of this monster.. there's nothing i can find in any of the files that points me toward what this thing is..

 
Sort by date Sort by votes
Have you tried hijack this? Have you looked in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN to see if there's an entry for this program in the startup?

Sounds like some sort of spyware. A google search turns up nothing.

 
Upvote 0 Downvote
Do you have a winmon.exe process running? If so, there's a new version of W32/gaobot.worm.gen out there. Users in China recognized something wasn't right and notified me. I got a sample to McAfee and they came back with an extra.dat file. Hopefully the signature will be included in tomorrow's regular dat file release.

Look in the registry for a run as service entry then also check and see if there's a windowsMonitor service.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
300
Oorde
Oorde
Olumighty
  • Locked
  • Question
BIOS PASSWORD WIPE OR CLEAR ON COMPUTER LAPTOP 1
Replies
1
Views
186
SamBones
SamBones
Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
503
ChrisHirst
ChrisHirst
andyv2011
  • Locked
  • Question
Looking at Virus Actions
Replies
0
Views
126
andyv2011
andyv2011
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
191
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top