suspected trojan horse

[mister bubble]

I have a file in Windows/Temp named SFX193.TMP that generates
a request to access the internet every time I start up. It says the
file is locked. How do I get rid of this thing? Also when I look up the address that my firewall (Zone Alarm) lists I get a page that
says 'bleh'.

[Mucolaca]

ummm ok I'm a lil sleep so sorry if I'm a "lil" misleading...ok anyway ummm the *.tmp things might just be a backed up trojan I think wjat ever windows u have may do that but i'm not sure if it can still run but i think it can. ok so first disable the back up featuer in windows i'm guess u have windows ME if not just ignor this part. then once u diable it just delet it. ok so if that worked ur all good if it didn't I'm I will have to get back to u later, also as long as u have firewall up u should have no worrues ....keyword should.

wow there is alot of typo's but me so tiered can;t go back..sorry

[thesecretfire]

Google has nothing about that file, if it was a major trojan you'd probably find it listed somewhere. However, that site that says "Bleh" does sound like something bad. As far as the locked file goes, just use a boot disk to go into dos and delete it that way.

[cwk9]

You can usually get away with deleting thinks with a .tmp extension. So throw it on a disk in case you need it then just delete it.

[Mucolaca]

na i think what he is saying is win is using *.tmp file so he can't delet it so it has to be a auto back up thingy so u have to disable that then delete it

[cwk9]

Ok I was just looking at my firewall and I have 5 SFX193.TMP type files blocked. So I updated my virus scanner and did a scan on my system. It didn’t turn up anything so I did a scan with ad-aware to see if it was spy were. Ad-aware also turned up nothing so I’m assuming that its just an unimportant pat of some application I installed and not a trojan.

[Mucolaca]

wha? what are u talking about cwk9? lol i thought mister bubble had the problem or are u saying u had to same prob? oh I'm tired good night all

[xpaciscool]

mister bubble, try this to remove your *posible* trojan.
Start>Run>msconfig>startup Look for your Bleh program in here. When you find it, uncheck it and reboot your computer. Now it shouldn't load, and you can delete the .tmp file because nothing is accessing it!
Just My Two cents,

[zaggy]

You could run a trojan scanner and see if it is really a trojan or not. http://www.agnitum.com/products/tauscan/ Tauscan is a trojan scanning program. Free download. I found this out from reading forums here, it seems to be an effective scanner.

[Tedob1]

what, exactly, does ZA say. like what remote address is it trying to reach? is it port 80 at the remote location its trying to reach?
it you get a page that says bleh, id say your checking out the address with your browser. not a real wise thing to do. if it is a trojan it might be trying to load a page with malicious code, which might download something even worse than you already have or steal sensitive information on you.
If you don't know how to find out who owns the site, someone here can.
my guess is that this TMP file is probobly owns by a program you installed and it trying to report home. not spyware really just kinda tells them the program was installed by making a log entry on their server. probably nothing to worry about but, better safe than sorry.
If you'd like to learn how to find these things out, like who a URL is registered too, download sam spade from
www.samspade.org its freeware designed to track down spammers.
it has a feature that will allow you to 'crawl' a web site...view the page in ascii format so you down open yourself up to malicious scripts. it also does whois, dig, smtp relay check and quite a few other nice options. if you learn to use it you'll have learned a lot.