MalWare in Temp Folder - Removal

  trisonic 18:27 26 Oct 05
Locked

Hi,

In my C:\Docs and Settings\fj\Local Settings\Temp
are several files that will not go away.
One is in a subfolder of Temp\40000010c00069dd890027\hs.exe
I am unable to remove this programme and dont know what it does. Have tried booting into MS-DOS and deleting it, which it does, but then it reappears when i start Windows.
Other files now appearing
Folders :- VGA1, VGA2
Files: ~DF3EF2.TMP
~DF4C87.TMP
~DF11B2.TMP
~DF21B2.TMP
VGA1.TMP
VGA2.TMP
VGA3.TMP

Running WIN XP Home. Have NOD32 Anti virus, Zone Alarm, Adaware, Spybot all are updated regularly sometimes daily.
Have tried the Clean Sweep programme also Hijack This, Microsoft Antispyware and Ewido Security Suite. None of these programmes find anything wrong. hs.exe is 5kb long.
A search at Google has produced one other person with hs.exe resident at the same location but the method recommended to get rid of it did not work with me. I can delete some of the other files and the VGA folders, but they come back when I reboot.
Any help appreciated
Cheers

Trisonic

  stalion 19:27 26 Oct 05

try a scan with a2 and a cleanup with cc cleaner
click here
click here

  trisonic 08:45 27 Oct 05

Neither worked, files still there. CC recognised them but after pressing Clean it did not delete them. My gut feeling is that they are something to do with Microsoft SP2 as they appeared after I installed that. Looks like a reformat job, what a pain. Thanks for the help

Trisonic

  Taff36 09:03 27 Oct 05

I think you may have something nasty on the computer and I suggest you run HijackThis click here and post a log here click here

Do Not attempt to remove anything without expert advice. Give the Malware Forum a brief description of your problem as you have here.

Incidentally Killbox is a useful facility for removing those stubborn files click here but I recommend you seek advice from the specialists first. You may recognise one or two familiar names on that forum by the way.

  PaulB2005 09:04 27 Oct 05

If it's just a handful of files then why re-format?

What problem are they causing exactly?

Submit the hs.exe to

click here

click here

click here

and see if they are malicious.

  Confab 09:32 27 Oct 05

Try the CC in safe mode.

Confab

  trisonic 15:51 27 Oct 05

I have managed to solve the problem, though it took a little time ;)

The problem was a programme called History Sweep which creates the Temp folder mentioned in my first posting, then adds dozens of files on a daily basis without deleting them.

The ONLY software that got rid of it IN SAFE MODE was SmitRem from click here its free and only works in Safe Mode.

However when I rebooted into Normal Windows after using it, the programme reappeared along with a few more files.

What followed was a long process of using MSCONFIG and disabling all the programmes in the StartUp menu, then one by one enabling them to find the culprit, needless to say it was one of the last ones.

Having deleted it I still had to clear it out of the Registry which was straightforward :))

Thanks for your responses and suggestions

Trisonic

  trisonic 16:03 27 Oct 05

This is the correct file and path for smitRem, I recommend it for getting rid of difficult files.

Programme: smitRem.exe

From: noahdfear.geekstogo.com

Trisonic

This thread is now locked and can not be replied to.

LG G6 review: Hands-on with LG’s bold, big-screen shot at perfection

1995-2015: How technology has changed the world in 20 years

How the 2017 Oscar-winning VFX of The Jungle Book were created

The 22 best Safari extensions | Best Safari plugins: Improve Apple's Safari web browser with these…