Win7.tmp AVG
- Thread starter IBN
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Click start/run and type regsvr32 /u E:\WINDOWS\SYSTEM32\winetn32.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
O20 - Winlogon Notify: winetn32 - E:\WINDOWS\SYSTEM32\winetn32.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
E:\WINDOWS\SYSTEM32\winetn32.dll
Reboot into normal mode and turn system restore back on.
Regards Howard
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Click start/run and type regsvr32 /u E:\WINDOWS\SYSTEM32\winetn32.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
O20 - Winlogon Notify: winetn32 - E:\WINDOWS\SYSTEM32\winetn32.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
E:\WINDOWS\SYSTEM32\winetn32.dll
Reboot into normal mode and turn system restore back on.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
Run HJT and click on the config button, then the misc tools button. Click the delete file on reboot button and browse to E:\WINDOWS\SYSTEM32\winetn32.dll. Click winetn32.dll and click open. You will be prompted to reboot your computer, click yes.
Do exactly the same for this this file as well. E:\windows\temp\win7.temp
The file should be deleted when your computer restarts.
Please post a fresh HJT log after doing the above.
Regards Howard
Do exactly the same for this this file as well. E:\windows\temp\win7.temp
The file should be deleted when your computer restarts.
Please post a fresh HJT log after doing the above.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
I have merged your new thread into this one and have given you instructions on how to deal with the win7.temp file(see above).
Please carry on posting in this thread, rather than opening new threads for what is the same problem. Thanks.
Regards Howard
Please carry on posting in this thread, rather than opening new threads for what is the same problem. Thanks.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
First, your HJT log is clean.
I can`t find any info on ZLT07e76.TMP.
You will probably need to do the following. In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Download the Pocket Killbox programme from HERE. See if that can delete the file.
Regards Howard
I can`t find any info on ZLT07e76.TMP.
You will probably need to do the following. In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Download the Pocket Killbox programme from HERE. See if that can delete the file.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
What makes you think the ZLT07e76.TMP is nasty?
What application is telling you about the presence of that file? Maybe it`s a false positive.
When you say you`ve seen the file before, can you tell us what you mean exactly?
Regards Howard
What application is telling you about the presence of that file? Maybe it`s a false positive.
When you say you`ve seen the file before, can you tell us what you mean exactly?
Regards Howard
My apologies. No application has said that file is present. The fact that i cant delete it, had led me to believe that it was something nasty. I have seen it in the past when i would manually delete tmps. Since my HJT is clear and you think it aint a virus then I'll leave it at that.
Thanks alot for your ongoing help and smilies.
Thanks alot for your ongoing help and smilies.
howard_hopkinso
Posts: 21,238 +17
It probably belongs to some application you`re running and in all likelyhood is nothing to worry about.
Regards Howard
Regards Howard
luvhuffer
Posts: 431 +2
Conficker drops the following copies of itself shown at the bottom. Though that may not be what it is, I'd suggest going to one of the major security company web site that has Conficker remover tools and run one anyway.
The ZLT file is a log file from Zone Alarm. If you go offline and disable zone alarm you should be able to delete it from the Temp file. There is probably an option somewhere in the interface to stop it from creating logs, or even for clearing the log file cache. Not sure about that though.
%System%\[Random].tmp
%Temp%\[Random].tmp
The ZLT file is a log file from Zone Alarm. If you go offline and disable zone alarm you should be able to delete it from the Temp file. There is probably an option somewhere in the interface to stop it from creating logs, or even for clearing the log file cache. Not sure about that though.
%System%\[Random].tmp
%Temp%\[Random].tmp
- Status
Similar threads
Latest posts
-
Amazon denies claims it started a business just to spy on rivals- midian182 replied
