TechSpot

Severely Infected with spyware machine - possibly ~tmpd.exe

By nappymonster
Oct 25, 2008
  1. Hi all,
    Currently trying to fix a mate's machine that got infected from one miss-click of a pop-up. From what I can gather It may have been the "PC Virus remover 2008" one, and the symptoms are a red sheild with an X in the middle that has a balloon pop-up saying "You have a security Problem!" every 10-15 secs. It also ghosts the current window, meaning you need re-click it to become the active window.

    There are also many pop-ups and a few (though not sure if caused by this) I.E Page redirects (occasionally takes you to uk.findstuff.com). I ran ad-aware, and unfortunately it froze (but it had found 1232 infections when it had after 7 mins), but spybot found lots of stuff and removed moar except ones it said it couldn't without a reboot. After a reboot it found it couldn't do it. The spyware has essentially made the machine unusable for the timebeing, so help would be good!

    Also, a 500gb external HD (previously was not infected) was attached for the whole thing (from before it got infected to now). Will it be infected? How can I fix the errors? Thanks.

    I have attached it as a text file because of size limit, and the fact it finds links.

    Thanks alot,
    Nappymonster
     
  2. King Ping

    King Ping TS Rookie

    Hello, i know the serveneous of this. It is caused by a trojan which starts a executeable everytime the computer starts. To lower the threat of the spyware disconnect from the net. Then to disable it from carrying on open task manager.Next go in to processes,now look on the list. when you see "a.exe" , right-click on it and chose "End Process" Now go back to the list and look for "~tmpd.exe" do the same. Now to make sure it is disabled go to the task bar at the bottom of the screen and hover your mouse over the icon of th sheild with a x on it. If it dissapears it is disabled...for now any way. Once it is disabled you'll have to reconnect to the internet and search for its definitions and ways to erase it if you want but (only for a alternet way but carry on reading to get the executables destroyed faster. If you wish to find the .exe file got to ""Hard Disk":\Documents and Settings\"Name Of Pc\Local Settings\Temp" In side that folder you should find "~tmpd.exe" with the symbol. If you try to delete it it comes up with a text box saying "make sure you have enough disk space" etc. However if you already diabled it through task manager it will be deleted. You will also find that the are other suspicous files like "~tmpa" and "~tmpc", i am not sure what these are but "~tmpd.exe" created them. I have reson to belive that that is the trojan that causes the chain of event after booting your pc.To completely disable the spyware/trojan delete any other files that begin with "~tmp"
    Hopefully my post will help you restore the pc and rid it of the spyware. Following is the cause of the spyware being insalled. My freinds pc had the same problem. After a while i started to manually hunt down the executable. I found that it was hiding away in the temp folder because of my Nortan Anti-virus gave me the tip. But Nortan could not delete it so i had to do it myself. When i right-clicked on the executable and chose to delete it it deneid my acsess. So i knew it was running like a ghost and it was a trojan because it started the .exe by it self. So i turned to task manager and to the computer processes. There i found the executable with "a.exe". "a.exe" was the program that installed the spyware which is that we know of "~tmpd.exe". Once i disabled the executabels i was able to freely delete any file that had "~tmp" at the beginning. After I rebooted the pc the sheild on the task bar did not appear. After that i could confirm the spyware had gone. It gave me a sign of releif. Thank-you for reading this and if you have any problems or questions please pm me.
    Please note this is to be used to 'only' get rid of "~tmpd.exe"
    Thanks.:)
    King Ping
     
  3. momok

    momok TS Rookie Posts: 2,265

    Please follow the malware removal instructions sticky too and post your logs thereafter for checking. Malware usually hide very well and infections tend to come in bunches.
     
  4. floyd6048

    floyd6048 TS Rookie

    The Easiest Way

    I also inadvertently infected my computer with the ~tmpd crap. But, I found the easiest way was to go into the processes and delete the "a.exe" and then go to my most recent restore point that did not abrogate any other recently installed programs I wanted to keep.
     
  5. br13drummer

    br13drummer TS Rookie

    Mr. King Ping, I used your advice and removed all of those files, terminated those processes, and actually ran three virus/spyware scanners. However, upon restarting my computer, I received the same message about a security problem. Do you have any other words of wisdom?

    Cheers,
    mpjm
     
  6. evo4290

    evo4290 TS Rookie

    floyd6048, What did you mean be restore point. I'm a little confused...I think I know what it is...I just don't know how to do it.
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  8. floyd6048

    floyd6048 TS Rookie

    to evo4290

    just go to your desktop and hit F1, then when the help and support box comes up type in system restore and follow the directions on returning your computer to the latest restore point time frame.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...