1212magicman

Member
  • Content count

    5
  • Joined

  • Last visited

Community Reputation

0 Neutral

About 1212magicman

Profile Information

  • OS
    XP Pro x86
  1. I DID IT!!! I CAME UP WITH AN AWESOME PLAN!! Here's what I did to remove the virus. Step 1: Safe Mode Step 2: Went to local settings Step 3: Copied "Application Data" Step 4: Pasted it on desktop. Step 5: Delete "Local Settings" Folder. Step 6: Make a new Local Settings Folder Step 7: Inside make a new Temp folder Step 8: Paste back your Application Data Folder. Step 9: enjoy Hope I helped anyone with the same problem
  2. OH CRAP!!! OH MY GOD I JUST FOUND SOMETHING!!! I tried creating a folder called "Temp" guess what.... it said that a folder called Temp already existed there..... but I can't see it....... What do I do?
  3. Wow thanks for trying so much It was not in the registry. I do not have a folder named temp in local settings. And to finally say the truth. This is a school laptop which I get all year. Who knows what in the f*** they did to it, somethings I can't even comprehend, they destroyed the location of "My Documents" and made it so it was only accessible while on their server. Who knows what else they did. But I have administrative access on it because I used Rainbow Tables to acquire the password. Still no luck in deleting the virus. Ran Malwarebytes full scan, it found nothing. However I ran a full scan with Exterminate it and found 13 registry viruses. 12 were linked to something called "Tarma Installer" the other was an anomaly my school put in to stop system restore. Also, Symantec found over 50 attempts to take a file out of its quarantine. All the file extensions start with unp(numbers).tmp Weird thing is that they hide in my Avast Antivirus folder. Even Avast itself thinks itself is a virus with messages "Avastsvc.exe threat detected" Anyways 2 of these files are in quarantine and cannot be deleted. I haven't tried Safe mode because I don't see a point to doing that. I can't find the folder "Temp"...
  4. Hoping its not "hiding" elsewhere under an assumed name and "cloning" itself.If that doesn't work, come back and some other folks may be able to help further. edit - URP! allen2 beat me to it. P.S. DO NOT delete your TEMP folder indiscriminately. First, DELETE it, then "Empty Recycle Bin" (make it GO AWAY) , then go BACK and make a "new folder" called "TEMP" where the old one was deleted. No both of you don't understand. There is no folder called Temp. THE FILE IS CALLED TEMP:WINUPD.EXE. It is located under D:\\Documents and Settings\User\Local Settings. That is where the file "Temp:Winupd.exe" should be. It is not there. The only thing in that folder is a folder called Application Data. I'M SCREWED. "
  5. The virus is called Temp:winupd.exe some know it as the popupper. It started Dec. 15, 2011. It is located in User\Local Settings\Temp:winupd.exe This file is hidden in the users local settings. It's invisible, regardless if you have hidden files and folders turned on, you can't find it. CMD can't find it or delete it. Malwarebytes and Avast found it, but can't delete it. It starts on boot, and it uses a massive amount of ram, the ram it uses goes up exponentially always growing. What it does is hijack the browser and sends you tons of popups in the corner of the screen so that you can't X out of them. I have found no way of deleting this file. However once you end the process via task manager it stays dead until you reboot. Please help me. I'm attaching a log from malwarebytes, notice all the IP's it blocks and how it fails to quarantine the virus. protection-log-2011-12-30.txt