Can anyone identify the cause of this??

I seem to have aquired some sort of nasty which avast has not been able to detect or clear. I temporarilly disabled the firewall (zone alarm) on my home PC to do some network stuff. I now find that I have something which is routinely generating new .exe files and is attempting to access the internet.

ZoneAlarm is keeping it at bay but I now have a list of events in the ZA log as long as your arm! All of the .exe files have a numerical name (22634.exe, 19262.exe etc). ZA identifies all of these programs by the same name… “1” load for you. The number 1 sits in a little green box logo. All of the programs are shown to reside in C:\Documents and Settings\Administrator\Local Settings\Temp. When I look in this location, there is nothing to be seen!

Does anyone know what it is that I am dealing with here? More to the point, does anyone have a solution as to how it can be sorted?

Thanks

Jimso

The location is very strange, being in the Administrator Temp area. Do you regularly log on and browse, etc. as the Administrator? An aside I suggest you read the info on DropMyRights in my signature below.

You could also try an on-line scan - On-line Virus Scanners and other useful Links Security-Ops.eu.tt

If you haven’t already got this software (freeware), download, install, update and run it.

  1. Ad-Aware
  2. Spybot Search and Destroy
  3. Spywareblaster Don’t install this until you are clean.
  4. Ewido Security Suite If using winXP. or a-Squared free if using win98/ME.

Run scans with the following programs (both free & remove malware):

Ewido http://www.ewido.net/en/

a-Squared http://www.emsisoft.com/en/

Try an online scan from Trend Micro Housecall, F-Secure, Panda etc.

(Disable avast first or you may get false positives.)

The Kaspersky online scanner probably has the quickest updates, but won’t delete malware- at least it will tell you what it is.

http://www.geocities.com/dontsurfinthenude/antivir2.htm

Fantastic!! Thanks for your help guys. Whatever it was, Ewido did the trick. Im clear!

Glad we could be of help, welcome to the forums.