TechSpot

Tmpd, Removal and symptoms

By bear102
Jan 6, 2009
  1. Hello guys, I found your resource online after realizing I had contracted a bug over the holidays. I came back to my machine to find a message in my task bar reading "your computer is infected" with a red shield. going to processes in the task manager I found that "~tmpd.exe" seemed to be the culprit. Mcafee and Comcast's spybot found no problems in there scans. I then received a call from a Comcast IT person notifying me that one of my email accounts was being used for spam purposes by a IP address originating in South Africa. This is bothersome as a password is required to accomplish this.

    I have decided to execute the 8 step process described here and welcome any help or words of wisdom anyone is willing to supply.

    I would classify my level of competence with virus removal at beginner. So I will keep my fingers crossed.

    Thank you in advance........Here we go.....
     
  2. bear102

    bear102 TS Rookie Topic Starter

    Logs and Comments

    I had very little trouble following all of your direction and everything has gone smoothly. My pesky little friend has disappeared and the machine seems to be functioning properly. I am very curious as to what you guys might be able to tell me off of the three logs supplied.?

    In addition I was hoping you may be able to direct me in how to take some of the unnecessary processes that are launching out of commission. Currently I have 51 processes running eating up 80% of commit charge. I am not sure how to show you what processes are running. But let me know and I will take any help I can get regarding this.
     
  3. rf6647

    rf6647 TS Maniac Posts: 829

    Code:
    C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.
    
    MBAB did not handle all that it found until the computer restart.


    Code:
    Trojan....C:\DOCUMENTS AND SETTINGS\J MONTOYA\LOCAL SETTINGS\TEMP\MSXML71.DLL
    SAS saved the day! It appears that the infection was handled. The sequence of scans show that each tool has blind spots.


    Rescan with MBAB followed by SAS. Repeat until clean or something that cannot be cleaned.

    HJT scan informs what has not been handled (computer restart before HJT scan)

    Caught by HJT.
    Code:
    Nothing.  Normal appearances.
    
    If symptoms remain, post new logs and describe conditions.


    Following clean scans , establish a new clean restore point and Clear your existing System Restore points:
    • New
      • Go to Start > All Programs > Accessories > System Tools > System Restore>
      • Select Create a restore point> OK.
    • Clear Old
      • go to Start > Run > cleanmgr > Select the More options tab >
      • Choose the option to clean up System Restore > OK

        • This will remove all restore points except the new one you just created.
     
  4. bear102

    bear102 TS Rookie Topic Starter

    Thanks for the reply! I will update with events that occurred after the initial scrub in the AM. I appreciate your help!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...