Hey all,

Since yesterday every minute or so my computer displays an error message along the lines of '8F.tmp has encountered a problem and needs to close. We are sorry for the inconvenience', then '814.tmp', then '815.tmp' and keeps going on and on! I've downloaded some registry cleanup software to try and rid of this problem but to no avail! Also tried a system restore which didn't work either. Also done a virus/malware scan and found nothing.

Any idea? It's really annoying :ugh::ugh:

Lewis

edit: (Windows XP Machine)

Check the event log to see if there are any pointers there to where the problem might lie. Boot into safe mode to see if the problem is there also.

However, I think that it is a trojan.

I recommend that you seek help here: Geeks to Go! Tech experts answer your questions (http://www.geekstogo.com/forum/forums.html) - there are some very, very helpful people who truly understand AV / AMW stuff.

Whether a virus / malware or other fault, backup your data (not any executables, screensavers, etc.) and be prepared to re-install Windows.

Assume that your PC is compromised, do not log in to websites where authentication is required, and change your important passwords locally and on websites, from an un-infected PC.

SD

Try following this: Security Tango - Keep Your Computer Clean (http://securitytango.com/windows.php)

It may save you having to do a re-install

The Security Tango procedure will get rid only of the rather innocent (but nonetheless bloody irritating) stuff.

More serious malware uses so-called rootkit techniques, this boils down to the malware hooking into system files to render itself invisible to the system and by extension to anything that runs on the system, including malware scanners.

Getting rid of this category of buggers is quite hard.

Rootkit Revealer (http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx) can help, although the only thing it does is give you a clue you're dealing with a rootkit, it doesn't remove them.
I came across a piece of malware once that would kill rootkit revealer as soon as it detected its process running... :eek: Which of course can be interpreted as a pretty strong clue that there's some monkey business ongoing :p

Another useful tool is an Ubuntu (http://www.ubuntu.com) CD. You can run Ubuntu (for those who have refused to look beyond Windoze during the past few years, Ubuntu is a variant of the Linux OS) from the CD without installing anything, and since Ubuntu can read (and write!) Windows filesystems, you can inspect the Windows installation in detail. Windows won't be running, so the rootkit won't be either, and everything will be in plain view. Of course, this is any use only if you know where to look and what to look for. :E

Once you found and killed the file(s) that make the rootkit work, the rest of the malware can be vacuumed up by your preferred antivirus. It might be a good idea to use a freshly installed copy just in case the extant copy was compromised by the rootkit (happens).

That said, undertaking a rootkit removal pretty much guarantees an all-nighter, even if you know what you're doing. A re-install might be a lot quicker. However for this to be successful, you must backup your data and wipe the system partition. Re-installing over a compromised system is of no benefit whatsoever.
And: first thing to do after the first boot of the newly installed system, is install an antivirus and scan the data you backed up, before any further access will take place.