-
May 18th, 2002, 05:18 AM
#1
Junior Member
suspected trojan horse
I have a file in Windows/Temp named SFX193.TMP that generates
a request to access the internet every time I start up. It says the
file is locked. How do I get rid of this thing? Also when I look up the address that my firewall (Zone Alarm) lists I get a page that
says 'bleh'.
-
May 18th, 2002, 05:31 AM
#2
ummm ok I'm a lil sleep so sorry if I'm a "lil" misleading...ok anyway ummm the *.tmp things might just be a backed up trojan I think wjat ever windows u have may do that but i'm not sure if it can still run but i think it can. ok so first disable the back up featuer in windows i'm guess u have windows ME if not just ignor this part. then once u diable it just delet it. ok so if that worked ur all good if it didn't I'm I will have to get back to u later, also as long as u have firewall up u should have no worrues ....keyword should.
wow there is alot of typo's but me so tiered can;t go back..sorry
aislinn, Aria, BTBAM, chevelle, codeseven, Cky, dredg, evergreen terrace, from autumn to ashes,hopesfall, hxc, luti-kriss, nirvana, norma jean, shai hulud, this hero dies, tool, underoath, zao,
-
May 18th, 2002, 05:39 AM
#3
Google has nothing about that file, if it was a major trojan you'd probably find it listed somewhere. However, that site that says "Bleh" does sound like something bad. As far as the locked file goes, just use a boot disk to go into dos and delete it that way.
Elen alcarin ar gwath halla ná engwar.
-
May 18th, 2002, 05:49 AM
#4
You can usually get away with deleting thinks with a .tmp extension. So throw it on a disk in case you need it then just delete it.
Its not software piracy. I’m just making multiple off site backups.
-
May 18th, 2002, 05:54 AM
#5
na i think what he is saying is win is using *.tmp file so he can't delet it so it has to be a auto back up thingy so u have to disable that then delete it
aislinn, Aria, BTBAM, chevelle, codeseven, Cky, dredg, evergreen terrace, from autumn to ashes,hopesfall, hxc, luti-kriss, nirvana, norma jean, shai hulud, this hero dies, tool, underoath, zao,
-
May 18th, 2002, 06:52 AM
#6
Ok I was just looking at my firewall and I have 5 SFX193.TMP type files blocked. So I updated my virus scanner and did a scan on my system. It didn’t turn up anything so I did a scan with ad-aware to see if it was spy were. Ad-aware also turned up nothing so I’m assuming that its just an unimportant pat of some application I installed and not a trojan.
Its not software piracy. I’m just making multiple off site backups.
-
May 18th, 2002, 06:58 AM
#7
wha? what are u talking about cwk9? lol i thought mister bubble had the problem or are u saying u had to same prob? oh I'm tired good night all
aislinn, Aria, BTBAM, chevelle, codeseven, Cky, dredg, evergreen terrace, from autumn to ashes,hopesfall, hxc, luti-kriss, nirvana, norma jean, shai hulud, this hero dies, tool, underoath, zao,
-
May 18th, 2002, 10:11 PM
#8
Senior Member
mister bubble, try this to remove your *posible* trojan.
Start>Run>msconfig>startup Look for your Bleh program in here. When you find it, uncheck it and reboot your computer. Now it shouldn't load, and you can delete the .tmp file because nothing is accessing it!
Just My Two cents,
XPaCiScOoL
[glowpurple]\"Your Smallest Flaw is my greatest Strength.\" - Me[/glowpurple]
-
May 19th, 2002, 03:36 AM
#9
You could run a trojan scanner and see if it is really a trojan or not. http://www.agnitum.com/products/tauscan/ Tauscan is a trojan scanning program. Free download. I found this out from reading forums here, it seems to be an effective scanner.
-
May 19th, 2002, 05:49 AM
#10
what, exactly, does ZA say. like what remote address is it trying to reach? is it port 80 at the remote location its trying to reach?
it you get a page that says bleh, id say your checking out the address with your browser. not a real wise thing to do. if it is a trojan it might be trying to load a page with malicious code, which might download something even worse than you already have or steal sensitive information on you.
If you don't know how to find out who owns the site, someone here can.
my guess is that this TMP file is probobly owns by a program you installed and it trying to report home. not spyware really just kinda tells them the program was installed by making a log entry on their server. probably nothing to worry about but, better safe than sorry.
If you'd like to learn how to find these things out, like who a URL is registered too, download sam spade from
www.samspade.org its freeware designed to track down spammers.
it has a feature that will allow you to 'crawl' a web site...view the page in ascii format so you down open yourself up to malicious scripts. it also does whois, dig, smtp relay check and quite a few other nice options. if you learn to use it you'll have learned a lot.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|