Tmpd, Removal and symptoms

Status
Not open for further replies.
B

bear102

Hello guys, I found your resource online after realizing I had contracted a bug over the holidays. I came back to my machine to find a message in my task bar reading "your computer is infected" with a red shield. going to processes in the task manager I found that "~tmpd.exe" seemed to be the culprit. Mcafee and Comcast's spybot found no problems in there scans. I then received a call from a Comcast IT person notifying me that one of my email accounts was being used for spam purposes by a IP address originating in South Africa. This is bothersome as a password is required to accomplish this.

I have decided to execute the 8 step process described here and welcome any help or words of wisdom anyone is willing to supply.

I would classify my level of competence with virus removal at beginner. So I will keep my fingers crossed.

Thank you in advance........Here we go.....
 
Logs and Comments

I had very little trouble following all of your direction and everything has gone smoothly. My pesky little friend has disappeared and the machine seems to be functioning properly. I am very curious as to what you guys might be able to tell me off of the three logs supplied.?

In addition I was hoping you may be able to direct me in how to take some of the unnecessary processes that are launching out of commission. Currently I have 51 processes running eating up 80% of commit charge. I am not sure how to show you what processes are running. But let me know and I will take any help I can get regarding this.
 
Code: 
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.
MBAB did not handle all that it found until the computer restart.


Code: 
Trojan....C:\DOCUMENTS AND SETTINGS\J MONTOYA\LOCAL SETTINGS\TEMP\MSXML71.DLL
SAS saved the day! It appears that the infection was handled. The sequence of scans show that each tool has blind spots.


Rescan with MBAB followed by SAS. Repeat until clean or something that cannot be cleaned.

HJT scan informs what has not been handled (computer restart before HJT scan)

Caught by HJT.
Code: 
Nothing.  Normal appearances.
If symptoms remain, post new logs and describe conditions.


Following clean scans , establish a new clean restore point and Clear your existing System Restore points:
  • New
    • Go to Start > All Programs > Accessories > System Tools > System Restore>
    • Select Create a restore point> OK.
  • Clear Old
    • go to Start > Run > cleanmgr > Select the More options tab >
    • Choose the option to clean up System Restore > OK

      • This will remove all restore points except the new one you just created.
 
Thanks for the reply! I will update with events that occurred after the initial scrub in the AM. I appreciate your help!
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
ChatGPT achieves the pinnacle of human intelligence, laziness, and developers are baffled
2
Replies
26
Views
639
godrilla
godrilla
Cal Jeffrey
Comcast becomes the latest ISP caught providing false coverage data to the FCC
Replies
11
Views
634
rsmith222
R
Shawn Knight
German railway seeks IT admin to manage MS-DOS and Windows 3.11 systems
2
Replies
25
Views
426
Ben Myers
Ben Myers

Latest posts

Back