What is newd9.tmp.exe 1

[moveit]

I have just started getting the following request: Setup Launcher - NEWD9.TMP.EXE

I have searched both Microsoft's site and done a Google search but no mention of this file.I am using Zonealarm Internet Security Suite and it is this that asks for permission to download it. I have looked at the details but they do not say who or where this comes from. Is this file safe to download?

 

[mscallisto]

I would start looking for an answer at Zonealarm not Microsoft

This link has some info on the 9.tmp.exe malware (and it's various name combinations), hope it helps.

http://www.exterminate-it.com/malpedia/file/9.tmp

sam

 

[2ffat]

My thought is that any file with two extensions is unsafe. [red]Don't do it![/red]


James P. Cottingham
^{I'm number 1,229!
I'm number 1,229!}

 

[goombawaho]

Sounds very suspicious to me. Don't allow it. Why don't you do two things just to be safe.

Install CCleaner and let it clean out all the temp files.
Install Malwarebyte's Anti-Malware, let it update, then run a full scan to see if you've gotten a little bug.

 

[moveit]

Tried the various cleaners but still get the message. The actual message is: Setup Launcher may be trying to prevent 'IISSETUP' from running each time your computer is started by modifying the registry key HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

It was when I looked at the details I got the info that it was the file name NEWD9.TMP.EXE

 

[2ffat]

Sounds to me like that file is trying to set up your PC as a zombie. Possibly turning your PC into a bot for sending spam or DDOS.


James P. Cottingham
^{I'm number 1,229!
I'm number 1,229!}

 

[moveit]

Since cleaning the computer I now get the registry key HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN error message but the first message is: Suspicious Behaver - Applications:\Documents and settings\user\Local Settings\Temp\ NEW??.TMP.EXE

When I look at which file it is there are now different ones named. NEW??.TMP.EXE - ?? represent the various numbers and letters

 

[DrB0b]

Download Microsoft Security Essentials, install and update and run a scan.

MSE:

http://www.microsoft.com/security/pc-security/mse.aspx

"You don't know what you got, till its gone..
80's hair band Cinderella or ode to data backups???

 

[goombawaho]

Please use autoruns or msconfig to remove that item from startup. Boot to safe mode or a bootable cd (bartpe or linux cd) and delete the target file.

Then reboot a few times and see if the message and/or file comes back. If it does, you've got some bad juju.

If MBAM and MSE says nothing is infected and you don't get a return of the message, I think you're ok.

P.S. I would move it and get on this - don't just look at the pretty message popping up.

 

[moveit]

I have done what DrBob suggested and so far the message has not come back. I know it is too early to say the problem has gone so will come back in the next few days if it has gone to let you all know.

 

[moveit]

Sorry to say the problem is still there. I looked in the startup but the file does not show, so cannot remove it. If I do a file search there is no record of any of the files mentioned.

 

[BionicJohn]

It doesn't look good. Back up data now, making sure you don't include the suspect file.

Here's a search that might help:

http://bit.ly/yZB9pt

Liverpool: Capital of Culture 2008
Anfield: Capital of Football since 1892
Iechyd da! John
Glannau Mersi, Lloegr.

 

[moveit]

I was searching the various files and found a list of NEW??.tmp.exe. When I looked at the owner of the software it said it was ASK.COM. I then found that somehow ASK.COM had loaded onto my computer so I un-installed it and deleated the files and so far the permission message has gone.

Thanks for all your help