strange processes showing up in the task list some random numbers.TMP

pts.
Tags:
Access control
backdoors
Browsers
Current threats
filtering
Hacking
human factors
Interoperability
Servers
Software
Spyware
SSL/TLS
Tech support
Trojans
Viruses
Web security
worms
I suspect I have some trojan downloader? I keep finding strange processes showing up in the task list. These are some random numbers and letters with a .TMP extension? They cause my internet connection to either run very slow or in most cases it stops the connection to the internet. When I kill the .TMP running process my internet connection comes back? I've run lots of adaware scans and malwhere won't handle the removal. Have no clue how to get rid of this unwanted pest. H E L P ! ! !

Answer Wiki

Thanks. We'll let you know when a new response is added.

Have you tried Spybot SnD? Seems to be quite good at keeping my desktop at home clean.

http://www.safer-networking.org/en/download/index.html

It’s free to download, but donations certainly help his cause.

Also, what AV are you running? Some of them (Trend Micro is a big culprit) look a bit suspicious when checking out your system. Randomly named executables and suchlike.

Good luck.

Discuss This Question: 6  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Netware13
    Not knowing your platform or OS, and your statement that you think it is a trojan, I am going to assume you are talking about a workstation OS. Here is a link to a discussion that sounds a lot like what you are talking about: http://forums.spybot.info/archive/index.php/t-3208.html I saw some information on somethings that are similar, but they are in regards to an IBM server running a version of symantec AV, and also windows 2003 IIS6 using ,NET V2. Hope this helps, and good luck.
    0 pointsBadges:
    report
  • Dwiebesick
    If you have the technical experience, here are some suggestions to try: Down load autoruns from www.systernals.com Run the program and uncheck any item from the list that looks suspecious. This is like a toggle switch, you can uncheck to turn it off and put the check back to reenable the item. Boot in safe mode with networking and go to http://www.bitdefender.com/scan8/ie.html and run their online scan. Reboot into safe mode with networking and go to http://housecall.trendmicro.com/ and run their online scan. http://www.merijn.org/ is a site that contains more information that may assist you. report back and let us know your results. Best of luck dmw
    2,235 pointsBadges:
    report
  • Bladish
    To help you better identify the process and get more information you might conisder getting a program called Process Explorer from Sysinternals - www.sysinternals.com. They have another handy tool that I like to use called TCPView that will show you processes and what connections they are making via udp and tcp protocols.
    0 pointsBadges:
    report
  • Dusty1
    If you're not running a workstation (I'm assuming this is a workstation) firewall, install one! Download ZoneAlarm, at least, and set it up so that only the programs you designate can get to the network. While that might not remove your bot, if you have one, at least it will stop it from transmitting it's info out to the 'net. I've seen some music sharing programs or other streaming media programs use so much thruput that they can also shut down an Internet connection. Just my 2 cents.
    0 pointsBadges:
    report
  • ELPUEBLO
    PER CA (Makers of PestPatrol and etrust products) it may be 1 of 2 trojan/viruses 1) Win32.Betalire Family aka AdClicker-BA.dll (McAfee), Win32/Betalire, Win32.Betalire, Win32.Betalire.B, Win32/Betalire.B!DLL!Trojan, Win32/Betalire.C, Win32.Betalire.C, Win32/Betalire.D, Win32.Betalire.D, Win32/Betalire.D!Trojan, Win32/Betalire.E, Win32.Betalire.E, Win32/Betalire.E!Trojan, Win32.Betalire.F, Win32.Betalire.G, Win32.Betalire.H, Win32.Betalire.I, Win32.Betalire.J, Win32.Betalire.K, Win32.Betalire.L, Win32.Betalire.M, Win32.Betalire.N, Win32.Betalire.O, Adware-EliteBar (McAfee) "http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43340" or 2)Win32.Spabot.A aka Downloader-LZ (McAfee), Trojan.Spabot (Symantec), Win32/SpaBot.A.Trojan, Trojan.Win32.Spabot.c (Kaspersky) "http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39923" I too am interested to know what AV you have running. are you running the adaware in safe mode? Get a copy of clamwin @ "clamwin.com" (using another computer if possible), burn it to cd (Instructions on Clamwin site) and run a scan from the CD
    0 pointsBadges:
    report
  • Bobkberg
    In general, anything executable with a .TMP extension is suspicious. Furthermore, if it/they are running out of the "Temp" directory or any of the "Temporary Internet Files" directories/folders, they're suspect. All of the previous posters are correct, so no need to restate what they've already said. One simple thing to try though is to delete all temporary Internet files, and clear out the temp directory. Then see what happens after a reboot. Bob p.s. I also donate money to Patrick Kolla (safer-networking), author of Spybot Search & Destroy and other fun products. If you value his work, reward him.
    1,070 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following