Tech Support Guy banner
Status
Not open for further replies.
1 - 8 of 8 Posts

·
Registered
Joined
·
26 Posts
Discussion Starter · #1 ·
Just reading through various posts on Start Up exe.( also refer : ME Locking Up Post )

I have LOTS of checked EXE's in my Start Up and it's a real slow start up process.
The exe's concerned are generally a weird series of numbers and letters in the NAME section and they're always
loaded from the REGISTRY ( Machine Run ) and COMMAND C:\PAITBA3M4W.EXE

Can I delete these types of files? and leave myself with the basics?
 

·
Registered
Joined
·
26 Posts
Discussion Starter · #3 ·
To cut a long story short..

Yes, we have 2 Downloader.Trojan files with .CPY ( A0131912.CPY and A0131921.CPY ) extensions despite Norton and Zone Alarm Firewall being installed.

We fixed it...we hope..by going into SAFE MODE and sending the offending 2 files to Recycle. The Virus was embedded in the C:\RESTORE\TEMP\..file.

It would not delete in Normal Mode. Norton couldn't fix it..thought we were at a dead end for a while. ( PS. The other HiJackThis programme wouldn't Download fully because Norton blocked it !!..why? ..not sure ?)

The only residual issues are :
1. Have we REALLY fixed the problem..time will tell I guess ?

2.Hundreds of C:\PAITBA3M4W.EXE files are still showing in C:\RESTORE\TEMP. ( File Size 629 Mb !!! )
CAN THESE BE SENT TO RECYCLE without affecting the system ??
2 of these many files were the affected ones but are now GONE !
 

·
Gone but never forgotten
Joined
·
9,283 Posts
The Restore files belong to System Restore. I'm surprised you were able to delete them in safe mode, because this is really not allowed.

Regardless, these are NOT the ones to worry about. They would only come into play if you actually DID a System Restore.

You need to get HiJackThis downloaded and run. Disable Norton is you have to. Then, post back it's log.
As well, disabling System Restore, rebooting and re-enabling it should get rid of any viruses in the Restore files.
 

·
Trusted Advisor
Joined
·
86,024 Posts
I agree. Turn off System Restore, reboot, then turn it back on. That should get rid of the files in the _RESTORE folder.

Run a scan with HijackThis 1.99.0, save the log in text format with Notepad, then copy-and-paste the entire contents of it here. Do not start another post.

---------------------------------------------------------------

Do you delete temp files on a regular basis by doing a "search" under

*.TMP

C:\TEMP\*.*

C:\WINDOWS\TEMP\*.*


and sending them all to the Recycle Bin? If not, do so.

----------------------------------------------------------------
 

·
Registered
Joined
·
26 Posts
Discussion Starter · #6 ·
Well. here's the up-shot of what we've been doing.

Ran Norton again and NO viruses detected.
Before proceeding to the HiJackThis procedure we did a TMP file search.

The TMP file situation is unbelievable.
We searched and found over 50,000 files and about 600 + Mb.
A typical file would read WK_E165 and in Properties is linked to MGI Photosuite.
File sizes are 0 bytes and Size on Disk 0 bytes which doesn't make sense. however..in trying to 'select all' and delete to recycle, the computer freezes. I can't select more than 8 - 10 files at a time otherwise the Search programme freezes.

Any suggestions how I can delete these from c:\WINDOWS\TEMP in bigger groups without freezing the system ??
I've started doing it the LONG way and already lots of Disk Space is being freed up.
 

·
Trusted Advisor
Joined
·
86,024 Posts
With that many temp files to get rid of, I can see why your computer might freeze up during the process. You may have to delete a small number at one time. Let's try something else though.

Download and install EasyCleaner 2.0.6.380 from here. Once it's installed, click the "Unnecessary" button and place a checkmark in the 1st(Normal types) and 3rd(Temp directories) squares from the top. Run a scan with it. Once the scan is finished, click "Select All" and then "Delete all". Hopefully, it'll delete them all without freezing up like the Windows search option.

Version 2.0.6.380 was just recently released. I've used this utility for over a year in my 98SE and XP SP2 computers, and it works great. :up:
 
1 - 8 of 8 Posts
Status
Not open for further replies.
Top