Suspected virus in C:\Windows\Temp area

P

Paul King

Dear all,

I have a Windows 2003 server OS, and Im sure I have a virus which is not
detected by my AV Solution - Trend OfficeScan product.

It first appears as a process in TaskMgr for example LA5819.exe - this file
is also apparent in the C:\Windows\temp directory. Thus I can only remove
the file when I kill the process.

However, within the next 5-10mins a new file with a completely different
name appears....

Has anyone heard about this?

Cheers
Paul.
 
D

David H. Lipman

From: "Paul King" <paul@servlan.co.uk>

| Dear all,
|
| I have a Windows 2003 server OS, and Im sure I have a virus which is not
| detected by my AV Solution - Trend OfficeScan product.
|
| It first appears as a process in TaskMgr for example LA5819.exe - this file
| is also apparent in the C:\Windows\temp directory. Thus I can only remove
| the file when I kill the process.
|
| However, within the next 5-10mins a new file with a completely different
| name appears....
|
| Has anyone heard about this?
|
| Cheers
| Paul.
|

So what makes you think this is malicious ?
Nothing in your post indicates malicious activity and thus a problem.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
P

Paul King

Hi David,

Sorry to be so vague - but my machine is running really slow and I know its
something malicious which has recently been installed or resident within the
OS.

I also cannot start the MSSearch service as it cannot find the file
specified - yet the file is in the correct place.

Regards
Paul.

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:uxqvSLxUIHA.1208@TK2MSFTNGP05.phx.gbl...
> From: "Paul King" <paul@servlan.co.uk>
>
> | Dear all,
> |
> | I have a Windows 2003 server OS, and Im sure I have a virus which is not
> | detected by my AV Solution - Trend OfficeScan product.
> |
> | It first appears as a process in TaskMgr for example LA5819.exe - this
> file
> | is also apparent in the C:\Windows\temp directory. Thus I can only
> remove
> | the file when I kill the process.
> |
> | However, within the next 5-10mins a new file with a completely different
> | name appears....
> |
> | Has anyone heard about this?
> |
> | Cheers
> | Paul.
> |
>
> So what makes you think this is malicious ?
> Nothing in your post indicates malicious activity and thus a problem.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
 
D

David H. Lipman

From: "Paul King" <paul@servlan.co.uk>

| Hi David,
|
| Sorry to be so vague - but my machine is running really slow and I know its
| something malicious which has recently been installed or resident within the
| OS.
|
| I also cannot start the MSSearch service as it cannot find the file
| specified - yet the file is in the correct place.
|
| Regards
| Paul.
|


That's a sign of OS corruption, not malware.

However I saw your OTHER post (reply ?) and it indicated multiple Trojans (Renos and Vundo)
and the Virut virus.

This is NOT good !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
V

Volodymyr Shcherbyna

Try to execute Windows File Protection. óhange your antivirus.

--
Volodymyr
NG tips:
http://msmvps.com/blogs/v_scherbina/pages/microsoft-newsgroups-tips.aspx

"Paul King" <paul@servlan.co.uk> wrote in message
news:%237VHPSxUIHA.5360@TK2MSFTNGP03.phx.gbl...
> Hi David,
>
> Sorry to be so vague - but my machine is running really slow and I know
> its something malicious which has recently been installed or resident
> within the OS.
>
> I also cannot start the MSSearch service as it cannot find the file
> specified - yet the file is in the correct place.
>
> Regards
> Paul.
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:uxqvSLxUIHA.1208@TK2MSFTNGP05.phx.gbl...
>> From: "Paul King" <paul@servlan.co.uk>
>>
>> | Dear all,
>> |
>> | I have a Windows 2003 server OS, and Im sure I have a virus which is
>> not
>> | detected by my AV Solution - Trend OfficeScan product.
>> |
>> | It first appears as a process in TaskMgr for example LA5819.exe - this
>> file
>> | is also apparent in the C:\Windows\temp directory. Thus I can only
>> remove
>> | the file when I kill the process.
>> |
>> | However, within the next 5-10mins a new file with a completely
>> different
>> | name appears....
>> |
>> | Has anyone heard about this?
>> |
>> | Cheers
>> | Paul.
>> |
>>
>> So what makes you think this is malicious ?
>> Nothing in your post indicates malicious activity and thus a problem.
>>
>>
>> --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>>
>>
>
>
 
D

David H. Lipman

From: "Volodymyr Shcherbyna" <v_scherbina@online.mvps.org>

| Try to execute Windows File Protection. óhange your antivirus.
|

Changing AV will NOT really help. We are talking about a miscreant administrator. A good
administrator of a NT Server knows its role and would not browse the net willy-nilly and
install crap/malware from the POV of that server. That's one good reason why dedicated
servers are *best*.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
You must log in or register to reply here.

Similar threads

J
Is C:\Program Files (x86)\AW Manager\Windows Manager Folder a virus?
Replies
0
Views
77
JudeDevXD
J
R
Where do I find the boot log file? It's not in c:\windows
Replies
0
Views
216
richard888eight
R
B
Curious if it is safe to delete .tmp files with in C:\Windows\System32\DriverStore\Temp directory?
Replies
0
Views
269
BetaKast
B
T
Cant delete a mysterious folder in C:\Windows\Temp
Replies
0
Views
228
TifaStrife
T
I
Help. Stuck in repeating loop of temp profiles with no escape
Replies
0
Views
181
I'man00b
I
Back
Top Bottom