Malware/Explorer Problem?

  dogbreath1 11:01 14 Apr 06
Locked

Yesterday, Avast detected Win32:Dialler-520[Trj] and Win32:Trojan-gen. It could neither remove them or quarantint them. However it did state that the files would not execute. Scans with Avast, Ad-aware, a-squared, Ewido, Spybot S&D etc. are all clean (although a-squared flagged up 369 Incredimail files!...which after some thought, I uninstalled and set OE as my default email client). However, I am getting randomly named temp files formed constantly, such as:- C:\WINDOWS\TEMP\win347.tmp 0 bytes and C:\WINDOWS\TEMP\win807.tmp 0 bytes. Tbh, I have posted a HJT log elsewhere.

However, I then decided to have a good clean out of my PC. I uninstalled loads of progs that I don't use any more, ran Registry Mechanic and defragged, then found that Windows Explorer (not IE) was playing up. For example, I cannot now use the Move File function and on exiting the attempt, Explorer hangs for a while. I ran sfc /scannow which replaced dozens of essential system files but the Explorer problem persists. Any ideas please? Can Explorer be repaired?

  johnnyrocker 11:10 14 Apr 06

generally sfc repairs explorer afaik.


johnny.

  dogbreath1 11:23 14 Apr 06

Thanks. I'd have thought so too, but it hasn't worked in this case. I'll run it again, nothing lost. Cheers. db.

  dogbreath1 11:33 14 Apr 06

Judging by the very large amount of dll's that XP is installing from my System Disc, I suspect that either scannow was not successful first time round or that malware still on my PC is possibly effecting the undesirable changes.

  dogbreath1 13:17 14 Apr 06

I've re-run sfc /scannow but first I copied (per VoG™) the folder I386 (contains 'clean' copies of Protected Files) from my XP SP2 disc to my root directory (C:\) and using Regedit, changed the SourcePath from D:\ to C:\. click here This is HIGHLY recommended for anyone using sfc /scannow, in that you are not repeaetedly asked to insert your XP disc every time a 'clean' copy of a Protected File is required. All seemed to go well.

Having then tried to test Explorer by Moving a file and having failed again, I checked out Task Manager. On each occasion I attempt a Move, an instance of hpgs2wnf.exe launches. This process relates to the Hewlett Packard Share To The Web facility and is now apparently defunct and is not necessary on your PC. On each occasion Move stalled, simply ending the hpgs2wnf.exe process permitted Explorer to complete it's task.

So, how to remove or disable the offending process. Advice on one site states removal in Add/Remove Programs...but it's not there. Further advice suggests disabling the process in msconfig...and guess what...it doesn't show up there either!

The offending exe file is found in the Hewlett Packard Folder in Program Files and since it doesn't seem to be necessary to my system, I will (after a little more careful checking) delete the exe file there.

Some other research has suggested that hpgs2wnf.exe slows down Explorer, so for those of you who have installed Hewlett Packard software, it may well be worth considering dumping this blighter!

  dogbreath1 19:19 14 Apr 06

I wanted to stop hpgs2wnf.exe from launching when using Explorer to Move files. But HP's Share-To-Web facility didn't appear to be running in the background nor did it appear in Add/Remove progs. Concluding that an incomplete uninstal had been effected at an earlier date, I chose a 'safe' option of renaming the exe file and associated dll file. On my next attempt to Move a file in Explorer, MSIexec.exe was launched and on choosing to end that process, hpgs2wnf.exe was no more. So far so good.

Just the problem of the random TEMP files to attend to now. One update, occasionally one of the random [0 kb] temp files displays itself as an exe file [6 kb] and attempts to communicate with Firefox (as flagged up by ZoneAlarm). It seems that a nasty might still be lurking.

  dogbreath1 13:19 15 Apr 06

Spyware Doctor picked up one or two nasties. Their removal has also stopped the production of the large amount of randomly named .tmp files during browsing. So, for the moment, seems like a good result.

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Alex Chinneck’s giant ice cube Christmas tree at Kings Cross

Apple rumours & predictions 2017: The iPhone 8, new iPads, and everything else you should expect fr7…