Virus problem and web browser recommendations

[edde]

I've got two problems
1) Zone alarm keeps saying to me its found this Trojan house ever time it starts up but theres a load of idential lloking files but with different numbers and letters at the end ie tmp1.tmp/ tmp2.tmp/ tmp1a.tmp files that keep coming back when I start again how do I get rid of them. The info zone alarms gives is

Win32:Small-gen2 [Trj]
C:\There address LOCALS~1\Temp\tmp2.tmp
Trojan Horse

2) Not sure if this is related but IE usless keep failing on me firefox crashes now and again as well and I'm worried trying to update firefox I'll still be left with a useless web brouser.

So any recomendations?

Running any IE windows and the PC crawls to a stop but task manager doesn't think the PC is it says there load of free memory and processor speed.

 

[ViolentJ]

Well you can delete the Temp folder. Temp = temporary. If the trojan is sat in there then deleting it will solve that problem.

Your IE problem could be anything.
Firefox - uninstall it then download it again from the Mozilla site :
http://www.mozilla.com/products/download.html?product=firefox-2.0.0.1&os=win&lang=en-GB

 

[edde]

Well you can delete the Temp folder. Temp = temporary. If the trojan is sat in there then deleting it will solve that problem.

Your IE problem could be anything.
Firefox - uninstall it then download it again from the Mozilla site :
http://www.mozilla.com/products/download.html?product=firefox-2.0.0.1&os=win&lang=en-GB

I cannot delete it one of the tmp files or some other file is always in use.

 

[ViolentJ]

You could delete it from the command prompt.

Reboot your machine, press F8 as it starts, choose the command prompt option.

Do:

CD C:\There address LOCALS~1\
<PRESS RETURN>
DELTREE Temp
<PRESS RETURN>

BEFORE YOU DO THAT: Make sure there is nothing in that folder that want to keep. There shouldn't be but check anyway.

 

[G_F]

Run Adaware,spybot and do an online virus check also for good measure.

If you still have problems, download Hijackthis and post the log file.

 

[Ian_182]

What about a system restore.
Its worked for me in the past

ian

 

[edde]

What about a system restore.
Its worked for me in the past

ian

Its been happening for ages I've no idea when it started realy.

 

[welsh172]

get a mac instead lol

 

[Macester]

Hey, please don't use IE ever! Its a disgrace, Firefox is much better.

You would have got the trojans from IE, check your task manager (ctrl+alt+delete) and see if there are any processes in there which you aren't familiar with. When you find an iffy looking one, end the process then try to delete your temp folder, it should work.

 

[edde]

Hey, please don't use IE ever! Its a disgrace, Firefox is much better.

You would have got the trojans from IE, check your task manager (ctrl+alt+delete) and see if there are any processes in there which you aren't familiar with. When you find an iffy looking one, end the process then try to delete your temp folder, it should work.

Thats a very very long list of programs in my task manager and shutting down them shuts my PC down.

 

[Munson]

get a mac instead lol

Good idea, the more people buy a Mac, the more virus will be written for it. Eventually smug Mac owners will be able to enjoy virus like us PC users, unfortunately it'll take a miracle to happen before you'll actually be able to play any games on it :rasp:

 

[edde]

get a mac instead lol

Good idea, the more people buy a Mac, the more virus will be written for it. Eventually smug Mac owners will be able to enjoy virus like us PC users, unfortunately it'll take a miracle to happen before you'll actually be able to play any games on it :rasp:

I think my next PC (laptop) will be a MAc I need it for some other programs to fun on it as there no PC version of them.

 

[Macester]

Thats a very very long list of programs in my task manager and shutting down them shuts my PC down.

Yeah sorry buddy but you are going to have to narrow them down.

The system processes that you don't want to be ending are:

System
System Idle Processes
winlogon.exe
lsass.exe
svchost.exe
services.exe
explorer.exe
vsmon.exe
csrss.exe
smss.exe

If you could maybe print screen your task manager and I could help you out.

 

[edde]

Thats a very very long list of programs in my task manager and shutting down them shuts my PC down.

Yeah sorry buddy but you are going to have to narrow them down.

The system processes that you don't want to be ending are:

System
System Idle Processes
winlogon.exe
lsass.exe
svchost.exe
services.exe
explorer.exe
vsmon.exe
csrss.exe
smss.exe

If you could maybe print screen your task manager and I could help you out.

taskmgr.exe
vsmon.exe
ashMaiSv.exe
mqtgsvc.exe
wdfmgr.exe
snmp.exe
tcpsvcs.exe
inetinfo.exe
crypserv.exe
ashserv.exe
ashServ.exe
aswUpdSv.exe
msdtc.exe
explorer.exe
spoolsv.exe
bcmwltry.exe
svchost.exe (local service running this)
svchost.exe (network service running this)
svchost.exe (system running this)
svchost.exe (system running this) (this one using 4,744k memory whereas the one above uses 18,480k memory
lsass.exe
services.exe
winlogon.exe
crss.exe
smss.exe
gcasDtServ.exe
MS_update_0609_7723.exe
msnmsgr.exe (MSN was turned off)
ctfmon.exe
zlclient.exe
PWRISOVM.exe
Qtask.exe
jusched.exe
ashDisp.exe
DSLAGENT.exe
DSLSTAT.exe
System


Theras alos IE running but I know about that and google tolbar.


I've got Zone alarm and avast installed which I belive load of the above are linked to.

 

[Macester]

Right, I have had a look through and it seems like your running some kind of server with all those services running??

Anyway the MS_update_0609_7723.exe looks too fishy to me, I know it says MS Update, but thats a load of bull I reckon, end that one and try deleting the temp.

 

[edde]

Right, I have had a look through and it seems like your running some kind of server with all those services running??

Anyway the MS_update_0609_7723.exe looks too fishy to me, I know it says MS Update, but thats a load of bull I reckon, end that one and try deleting the temp.

I think I am the avast or/and the firewall have some sort of integrated server in them checking emails in and out for viruses.

I'm running a Ad-ware and Skybot check now and ther running up some problems

Adwares saying 21 registry keys 35 values and 291 file identified and skybot well I've stopped counting at 80 entries.

Plus avast if throwing up load of virus files at the same time which its never done before now.

 

[G_F]

I think my next PC (laptop) will be a MAc I need it for some other programs to fun on it as there no PC version of them.

Which programs do you need to run, that your PC cant now?

 

[furry_cup]

once u get it sorted mate, get shot of zonealarm and get avg, its free and you cannot fault it. (i havent yet)

we use it on over 30 comps at work too, never any problems.

http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10342876.html

 

[edde]

Which programs do you need to run, that your PC cant now?

Renault dialoges run better on Macs

once u get it sorted mate, get shot of zonealarm and get avg, its free and you cannot fault it. (i havent yet)

we use it on over 30 comps at work too, never any problems.

http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10342876.html

I've already got both of them installed since new.

The virsu file in tnemp flder is still popping up I'll download Hijackthis as Gav said earlier.

 

[Macester]

You can't delete a virus while it is running, you have to end it and its got to be one of the processes you mention earlier. Your computer won't shut down if you end all the extra processes you have. End all of them except those I mentioned in my post earlier.

 

[edde]

Hum after shutting down all bar the ones on that list there still one called inetinfo.exe which won't shut down well it will but the pc takes a bit to do and stars another called iisrsstas.exe twice and then starts inetinfo.exe up agian.

 

[Macester]

Hmmm yeah this inetinfo looks fishy too. It is used by an application that you have installed but it could be infected. Search for where it is located:

Start - Search

Then tell me the location of it and scan it with your anti virus.

 

[edde]

inetinfo.exe is in c:\windows\system32\inetsrv

Details according to programs are
Company Microsoft Corporation
File Version 5.1.2600.0 (xpclient.010817-1148)


The other file i mentioned earlier which stars up when inetinfo.exe is shut down is alos in there details below
According to properties
Compnay IIS Admin Program
file version 6.0.2600.0 (xpclient.010817-1148)

 

[Macester]

Ive just checked that folder on my computer and inetinfo.exe isnt there. Lets try stopping it from starting up, go to:

Start - Run and type: msconfig

Click on the startup tab and untick the processes you dont want.

 

[edde]

inet info isn't on the list there one called winspoof running from winspoof.exe

 

[Macester]

yeah end all the ones that aren't important, as you can always just start your programs manually anyway.