Error message in XP Home

[wolfgy]

For the last couple of days a pop up black window appears on my screen
every twenty minutes with the following message:
C:\WINDOWS\TEMP\WIN*.*~1.EXE

I have uninstalled Norton Antivirus 2005, and have replaced it with
Panda Internet Security 2007, but none of them detects any viruses on
my PC.

Could you please tell me how to solve this problem?

 

[Wesley Vogel]

Clean out the C:\WINDOWS\TEMP folder. There should be no .exe files in
there.

UPDATE your antivirus software and run a complete scan.

UPDATE whatever anti-spyware applications that you have and run a full
system scan with each one.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[wolfgy]

Thanks Wesley!
I'll follow your advice. However, there is no .EXE file on my TEMP
folder.



Wesley Vogel ha escrito:

 

[Wesley Vogel]

Then what is C:\WINDOWS\TEMP\WIN*.*~1.EXE ?? WIN*.*~1.EXE looks like an
..exe file to me. It also looks like some sort of malware.

Try doing a Search for WIN*.*~1.EXE

See this...
HOW TO: Search For Hidden Or System Files In Windows XP
http://support.microsoft.com/kb/302347

You may have to Search using WIN*.EXE

The asterisk (*) is a wildcard when searching.

Searching for WIN*.EXE will find all .exe files that start with WIN. Like
winchat.exe, windiff.exe, winhelp.exe, etc.

<quote>
A wildcard character is a keyboard character such as an asterisk (*) or a
question mark (?) that is used to represent one or more characters when you
are searching for files, folders, printers, computers, or people. Wildcard
characters are often used in place of one or more characters when you do not
know what the real character is or you do not want to type the entire name.

Use the asterisk as a substitute for zero or more characters. If you are
looking for a file that you know starts with "gloss" but you cannot remember
the rest of the file name, type the following:

gloss*

This locates all files of any file type that begin with "gloss" including
Glossary.txt, Glossary.doc, and Glossy.doc. To narrow the search to a
specific type of file, type:

gloss*.doc

This locates all files that begin with "gloss" but have the file name
extension .doc, such as Glossary.doc and Glossy.doc.

Use the question mark as a substitute for a single character in a name. For
example, if you type gloss?.doc, you will locate the file Glossy.doc or
Gloss1.doc but not Glossary.doc.
<quote>
from...
http://www.microsoft.com/resources/...cs/en-us/find_c_search_wildcard.mspx?mfr=true

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[wolfgy]

I have searched using WIN*.EXE, as you have indicated, and I have found
sevaral files. Six of them were named win*.*.tmp, but they were
applications.

I have deleted them, but I'm afraid that new ones are been created by
the system.


Wesley Vogel ha escrito:

 

[Wesley Vogel]

The file extension is the part of a file name that comes after the final
period. For example:

readme.txt
Animal.Mammal.Rodent.Mouse.Data
Performance Analysis for January 1.report
datafile

The first three examples have the file extensions .txt, .Data, and .report.
The last file has no extension.

File extensions typically hint at the type of data a file contains.

Six of them were named win*.*.tmp, but they were
applications.

Normally files with the .tmp file extension are temporary files. These are
not applications nor should they be executable files. However, some malware
can create executable files with a .tmp extension. They do this to try to
be sneaky. Executable files like cmd.exe or command.com are programs.

Do you have file extensions enabled? Malware also tries to hide bad files
by giving them a name such as somename.txt.exe or somename.tmp.exe, so that
if you do not have file extensions enabled all you see is somename.txt or
somename.tmp.

Start | Settings | Control Panel | Folder Options | View tab |
UNCheck: Hide extensions for known file types

Now you should be able to see the file extensions.

win*.*.tmp sure looks suspicious to me.

I have deleted them, but I'm afraid that new ones are been created by
the system.

Probably not the system, probably by malware. Software is good, malware is
BAD.

UPDATE your antivirus software and run a complete scan.

UPDATE whatever anti-spyware applications that you have and run a full
system scan with each one.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[wolfgy]

The problem persists, and my updated Panda Internet Security 2007
doesn't detect any malware.

I have enabled the file extensions as you have instructed me, and now
the files are named win498.tmp.exe, win249.tmp.exe, etc... and are
created every 20 minutes. Should I delete all the files and folders
(cookies, history, internet temporary files,...)included on my temp
folder?



Wesley Vogel ha escrito:

 

[Wesley Vogel]

You have a trojan or some other scumware.

Try this first. Follow the instructions!
THE PARASITE FIGHT QUICK FIX PROTOCOL
http://aumha.org/a/quickfix.php

I would then recommend registering at AumHa Forums and posting your details
there. They have a lot of volunteer spyware experts there that can help you
remove whatever crap you have on your machine. The problem is that if you
do not remove all the right files, other crap just keeps getting recreated.

Register AumHa Forums
http://forum.aumha.org/profile.php?mode=register&sid=a930b2fda089ba83cac62b1a4fde513a

Parasites - Adware, Spyware & Other Scumware
http://forum.aumha.org/viewforum.php?f=28

win???.tmp.exe removal
http://www.spyware-removal-guideline.com/win-tmp-exe-popups-removal

67 threads with similar problem here
http://www.google.com/search?q=+"win???.tmp.exe"&hl=en&lr=lang_en&as_qdr=all&start=0&sa=N

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[wolfgy]

Thanks Wes!

I'll register and I'll let you know if I can get rid of this problem.


Wesley Vogel ha escrito:

 

[Wesley Vogel]

Good luck and have fun!

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[wolfgy]

Spy Sweeper detected a couple of Troyans and it seems that I got rid of
the pop-up black windows. However, the system doesn't work as fast as
it used to do. Any clue to improve it?





Wesley Vogel ha escrito:

 

[Wesley Vogel]

These pop-up black windows, were they command prompts?

Try this...
Start | Run | Type: cmd | Click OK

Click the [X] in the upper right hand corner to close it.

Did they look like that?

See this.

Slow Computer
Why is my computer running so slow, it used to be much faster?
http://www3.telus.net/dandemar/slowcom.htm

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[wolfgy]

Yes, those pop-up black windows were command prompts that showed up
every 20 minutes, but I got rid of them, thanks to your advice, using
Spy Sweeper.

I cannot understand why the latest versions of Norton and Panda
antivirus didn't detect those troyans. What is the best software to
keep my PC clean of virus, malware and adware?


Wesley Vogel ha escrito:

These pop-up black windows, were they command prompts?

Try this...
Start | Run | Type: cmd | Click OK

Click the [X] in the upper right hand corner to close it.

Did they look like that?

See this.

Slow Computer
Why is my computer running so slow, it used to be much faster?
http://www3.telus.net/dandemar/slowcom.htm

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

Spy Sweeper detected a couple of Troyans and it seems that I got rid of
the pop-up black windows. However, the system doesn't work as fast as
it used to do. Any clue to improve it?





Wesley Vogel ha escrito:

 

[Elmo]

Yes, those pop-up black windows were command prompts that showed up
every 20 minutes, but I got rid of them, thanks to your advice, using
Spy Sweeper.

I cannot understand why the latest versions of Norton and Panda
antivirus didn't detect those troyans. What is the best software to
keep my PC clean of virus, malware and adware?

Practice safe hex. New malware isn't blocked till it's discovered,
reported, analyzed, added to a/v definitions, and finally downloaded to
your system. That can take a week before you're protected. By then,
there's ten more new ones.

To prevent malware in emails:

Stop SPAM and other malware! Create two mail rules if you use OE.

_First rule:_

A. In "Select the conditions for your rule" click "Where the from line
contains people", click "contains people", click Address Book, click
the first name, shift-click the last, click "From" button, click OK.

B. In "Select the actions for your rule", click "Stop processing more
rules". This will let everyone in your address book fall through to
your Inbox.

C. Name the rule "Pass".

_Second rule:_

A. In "Select the conditions for your rule" click "For all messages"

B. In "Select the actions for your rule", click "Delete it".

C. Name the rule "Delete".

This deletes the unwanted emails to the Deleted Items folder; it doesn't
permanently delete anything. You might want to set OE to delete the
Deleted Items folder every time you close OE. One disadvantage: You
could have to close OE in a hurry sometimes before you have a chance to
check for missed messages.

Advantages:

1. No SPAM or other malware! No amount of filtering by sender or
subject matter will prevent spammers; they use a different subject and
address every few days. But this setup prevents ALL SPAM from
fictitious addresses.

2. Few Viruses! Only viruses from those who have your email address in
their address book.

Disadvantages:

1. You'll have to look in the Deleted Items folder for blocked email. If
you find a mail you actually want, just drag it into the Inbox till you
add that address to the Pass filter.

2. To add addresses to the filter, you'll have to edit it, click
"contains people", click "Address Book" again, and add any new
addresses. That can be an occasional nuisance, but otherwise you'll be
creating many mail rules for SPAM.

You can create a SPAM folder and send the blocked emails there, rather
than select the "Delete it" option. Occasionally look in the folder for
missed mails, then delete the remainder to the "Deleted Items" folder.
(Press Shift/Delete to bypass the Deleted Items folder.)

 

[wolfgy]

Thanks!

Elmo ha escrito:

Practice safe hex. New malware isn't blocked till it's discovered,
reported, analyzed, added to a/v definitions, and finally downloaded to
your system. That can take a week before you're protected. By then,
there's ten more new ones.

To prevent malware in emails:

Stop SPAM and other malware! Create two mail rules if you use OE.

_First rule:_

A. In "Select the conditions for your rule" click "Where the from line
contains people", click "contains people", click Address Book, click
the first name, shift-click the last, click "From" button, click OK.

B. In "Select the actions for your rule", click "Stop processing more
rules". This will let everyone in your address book fall through to
your Inbox.

C. Name the rule "Pass".

_Second rule:_

A. In "Select the conditions for your rule" click "For all messages"

B. In "Select the actions for your rule", click "Delete it".

C. Name the rule "Delete".

This deletes the unwanted emails to the Deleted Items folder; it doesn't
permanently delete anything. You might want to set OE to delete the
Deleted Items folder every time you close OE. One disadvantage: You
could have to close OE in a hurry sometimes before you have a chance to
check for missed messages.

Advantages:

1. No SPAM or other malware! No amount of filtering by sender or
subject matter will prevent spammers; they use a different subject and
address every few days. But this setup prevents ALL SPAM from
fictitious addresses.

2. Few Viruses! Only viruses from those who have your email address in
their address book.

Disadvantages:

1. You'll have to look in the Deleted Items folder for blocked email. If
you find a mail you actually want, just drag it into the Inbox till you
add that address to the Pass filter.

2. To add addresses to the filter, you'll have to edit it, click
"contains people", click "Address Book" again, and add any new
addresses. That can be an occasional nuisance, but otherwise you'll be
creating many mail rules for SPAM.

You can create a SPAM folder and send the blocked emails there, rather
than select the "Delete it" option. Occasionally look in the folder for
missed mails, then delete the remainder to the "Deleted Items" folder.
(Press Shift/Delete to bypass the Deleted Items folder.)