Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

HELP!! files in temp folder won't delete!!! think i might have a trojan?

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » The DU Lounge Donate to DU
 
LeftPeopleFinishFirst Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Feb-21-04 06:36 PM
Original message
HELP!! files in temp folder won't delete!!! think i might have a trojan?
A week I opened my mail (didn't open any attachments) and it said I had gotten a trojan. So I assumed antivirus took care of everything since it popped up. Now everytime I reboot my computer, my homepage changes to some advertisement site. I changed the homepage and rebooted again, but it still came up and changed my homepage. I went to my "Temporary Internet Folder" with the Content.IE5 folder, and deleted alllll my temp files. There were three in three seperate folders that would not delete. All contained the name "memberembedded" somewhere in their name. I would just delete them, or drag them to the recycle bin... but they won't delete. It also won't let me access the properties of them or anything like that. They seem to have no file extension. I think these are the root of my problem but I have no idea how to get rid of them. I ran norton on them, and i ran a trojan/spyware/worm detecter, as well as ad-aware and nothing picks them up. I don't know what to do. These people could have all my passwords right now and I wouldn't even know! heeeellllp.
Printer Friendly | Permalink |  | Top
MidwestMomma Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Feb-21-04 06:40 PM
Response to Original message
1. Go to download.com and download adaware
Sounds like you are infested with spyware. adaware will clean things up for you.
Printer Friendly | Permalink |  | Top
 
LeftPeopleFinishFirst Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Feb-21-04 06:46 PM
Response to Reply #1
4. i did that
i already have adaware and it detected some stuff, but those files are still there.
Printer Friendly | Permalink |  | Top
 
twistedliberal Donating Member (299 posts) Send PM | Profile | Ignore Sat Feb-21-04 06:42 PM
Response to Original message
2. Did you try Spybot Search & Destroy? n/t
Printer Friendly | Permalink |  | Top
 
Liberal Veteran Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Feb-21-04 06:46 PM
Response to Original message
3. Search for a file called "HOSTS"
and rename it.
Printer Friendly | Permalink |  | Top
 
LeftPeopleFinishFirst Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Feb-21-04 06:47 PM
Response to Reply #3
5. what does that do
will that hurt my computer in any way?
Printer Friendly | Permalink |  | Top
 
VOX Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Feb-21-04 06:53 PM
Response to Original message
6. Maggie, you seem to be doing everything right. Try the following steps...
1. Run Ad-Aware. Before running it, get the latest definition file from http://www.lavasoftusa.com/. Make sure you have a check mark next to SCAN MEMORY, DEEP REGISTRY SCAN and all fixed drives (usually C: and D:). You may need to run it twice before it shows all clear.

2. Next, run MSCONFIG. To do this, go to Start > Run, then type MSCONFIG, then click OK. When it appears, click on the Startup tab. Look for anything suspicious. If you don't know what to look for, write down the list of programs shown, and google them -- you'll quickly see what doesn't belong.

3. You can get more tips from http://spywaresucks.org

Let us know how it goes!

Printer Friendly | Permalink |  | Top
 
VOX Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Feb-21-04 07:05 PM
Response to Original message
7. Also, Maggie, see if this describes your problem --
http://www.spywareguide.com/spydet_606_searchex.html

Full Name: Searchex Websearch
Type: Browser Hijacker
Also Known as: Hotlink Troj/AdwareDropper.A
Danger Level: 3
Official Description: Searchex is a homepage- and search-hijacker pointing at searchex.com.

Instead of directly changing the Start Page setting directly, it uses an Internet Explorer Browser Helper Object to redirect newly-opened windows. This results in the original Start Page being briefly visible then being replaced.

An IE Search Hook is used to redirect address bar searches and invalid domain name pages to cantfind.com. At times in the past this server redirected to MSN or 7Search.

Comment: Searchex/HomePage was bundled with 'NetSpeed' software from winstream.com (the authors of Searchex).

Searchex/Hotlink was distributed with an 'e-card' from valentines-ecard.com, which was heavily promoted by misleading junk e-mail.

Information URL: http://vil.nai.com/vil/content/v_100052.htm

Properties: Stealth Tactics
Stays Resident
Changes browser

Removal tools: List of products that detect/remove/protect against Searchex:

X-Cleaner
RegBlock

Printer Friendly | Permalink |  | Top
 
LeftPeopleFinishFirst Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Feb-21-04 07:17 PM
Response to Reply #7
8. that's not it
check your PM! :(
Printer Friendly | Permalink |  | Top
 
LeftPeopleFinishFirst Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Feb-21-04 07:28 PM
Response to Original message
9. i'm going to cry now
whyyyy is my program files folder increasing in size VERY rapidly now?
Printer Friendly | Permalink |  | Top
 
woo me with science Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Feb-21-04 07:55 PM
Response to Reply #9
10. Don't panic.....Try this:
First, run both Ad-aware *and* Spybot Search and Destroy. These two programs will get rid of the general junk you may have. Then to find the especially devious culprits, download a program called "Hijack This!" at this link:

http://mjc1.com/mirror/hjt/

Run the program, and it will generate a log of your registry, including any suspicious or bad files. If you're like me, you won't know which is which on your own, though.

Then go to the link below this paragraph. It's a free tech support forum...The general addy is techguy.org, but the link below will take you directly to the Security forum. Post the results of your "Hijack This" log on the forum (you will have to register to post), and people there will evaluate it and tell you what to delete. They are constantly updating as they learn of new bad trojans and spyware that escape ad-aware and spybot.

http://forums.techguy.org/forumdisplay.php?s=3b3c7616c1b8131582a862deac9aad0c&forumid=54

Read through the Security board first if you have questions about what they do... (You can also post a general question, but they will probably tell you to do just what I said above)....You will see other people asking questions and receiving help. The help is free and usually very fast. If you can, give a small donation after they help you. They are a tremendous resource and have saved my computer (quickly!) several times already.

Good luck.
Printer Friendly | Permalink |  | Top
 
crimson333 Donating Member (760 posts) Send PM | Profile | Ignore Sat Feb-21-04 07:57 PM
Response to Reply #9
11. I don't know if this will help
http://www.spywareinfo.com/~merijn/files/cwshredder.zip

cwsshedder got rid of somthing similar for me
Printer Friendly | Permalink |  | Top
 
RC Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Feb-21-04 08:18 PM
Response to Original message
12. Now that the barn door is open...
Are you using a Firewall and anti-virus software?
These won't cure your immediate problem, but will help insure it doesn't happen again.
Printer Friendly | Permalink |  | Top
 
LeftPeopleFinishFirst Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Feb-21-04 08:37 PM
Response to Reply #12
13. I have both
I have Tiny Personal Firewall, plus my ISP has a built-in firewall. I also have Norton Antivirus running at all times. :(
Printer Friendly | Permalink |  | Top
 
Clark4Prez Donating Member (507 posts) Send PM | Profile | Ignore Sat Feb-21-04 08:48 PM
Response to Reply #13
14. Try this site
A lot of good links and info

http://gmpservicesinc.com/Articles/hijack.asp

you also might try Hijack This

http://mjc1.com/mirror/hjt/

Good luck.
Printer Friendly | Permalink |  | Top
 
LuLu550 Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Feb-21-04 08:53 PM
Response to Original message
15. I was on a yahoo groups message board the other day
and picked up a worm. It infected 121 files in no time. Someone on that board suggested we all go to www.housecall.antivirus.com and run a free scan. That picked it up and took care of it. It was called "worm klez"
Hope you can fix it!
Printer Friendly | Permalink |  | Top
 
camero Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Feb-21-04 09:00 PM
Response to Original message
16. I have WinPatrol
You can set it to catch the cookies plus it detects new start programs that are added to your startpage. Works great.

Here: http://www.winpatrol.com

Also have AVG anti-virus. It seems to work better than Norton and it's free.

Here: http://www.grisoft.com

Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Sat May 18th 2024, 02:54 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » The DU Lounge Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC