Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Keep Getting Hit w/ Popups & MSPTMF32.COM File 4

Status
Not open for further replies.
LouV

LouV

MIS
Mar 18, 2002
20
0
0
US
Recently, many of our servers have been plagued with popup windows that start other popups when you attempt to close them. The CPU is also pinned at 100%. The common denominator seems to be a file called MSPTMF32.com. We will have sometimes up to eight of these showing in the task manager on our Server 2000 boxes. I looks like a variation of the Spybot or Lioten virus. After cleaning the file name out of the registry and some other suggested removal changes, we had to reboot the production servers (which is no way to win any popularity contests here), then we were able to delete the file, which was previously “access denied”. Problem is, after a day or two, the MSPT file shows up again and so do the pop ups. We have a firewall between our router and the internet, constantly updated (dats) anti virus software (Mcafee Netshield), and have run three different spyware/adware removers.
Has anyone out there gotten hit with something like this, and solved the problem of it showing up again. Any help would be greatly appreciated.

Thanks,
Lou Visciano
 
Sort by date Sort by votes
Have you patched your the OSes on the servers? Many of this latest generation of worm exploit buffer overflows in services, which allows them to jump on a system from another infected machine on your network.


Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Yes, all the latest service packs and MS security updates are on every server.

Lou V.
 
Upvote 0 Downvote
Not that particular one, but the .COM extension is a dead give-away that this is not a native file.

Some thoughts in faq608-4650, but removal of an "in-use" file is going to require a reboot.

Since the USA Thanksgiving until the worldwide Christmas Holiday is going to be a scary mess of malware. It is unprecidented the amount of malware attacks being launched at the moment.
 
Upvote 0 Downvote
Hi

I have recently (2 weeks ago) suffered serious virus problems on my servers. In the end I installed NAV2005, it IS VERY effective at clearing viruses that others don't pickup. The only downside in my case was that the CPU usage went up to 100% for 80% of the time (slow prcoessor). Yesterday I upgraded to a 1.6Gh processor, it now runs great.

The NAV 2005 is blocking 5-10 worms and viruses per day, these would have definately slipped through the NAV2003 which I was running previously.

Good luck
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
79
2ffat
2ffat
Olumighty
  • Locked
  • Question
BIOS PASSWORD WIPE OR CLEAR ON COMPUTER LAPTOP 1
Replies
1
Views
57
SamBones
SamBones
Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
173
ChrisHirst
ChrisHirst
DrB0b
  • Locked
  • Question
True Crypt / Crypto-ware / Firewalls 1
Replies
14
Views
109
goombawaho
goombawaho
johncp
  • Locked
  • Question
A Warning: DON'T LET EMOTION SUSPEND CREDIBILITY.
Replies
1
Views
59
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top