If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Poser- C:Windows\tmpdelis.bat
Hello,
Pc-cillin identified the above referenced file on my puter, assoociated to Spyware. I clicked on more info and went to trendmicro.com. This spyware is said to be low risk.... Spyware is named/identified as.... SpyW_INVkey12A at trendmicro.com These are the Files & Registry Keys associated Files datview.exe iks.dat license.txt order.txt README.TXT Uninst.isu %Windows%\Desktop\Log Viewer for IKS.lnk %Windows%\tmpdelis.bat (Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.) Registry Keys HKEY_LOCAL_MACHINE\Software\Amecisco HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Uninstall\IKS 1.2 Demo I *didn't* have the reg. keys! I *had* one file associated to this spyware....... C:\Windows\tmpdelis.bat or batch file!! The bat file can be executed... I *deleted* it!! Before, I deleted it I ran Spybot and Ad-Aware and came up clean. I ran PC-cillin after deleting and came up clean, nothing more found. Has anyone else found tmpdelis.bat without any other evidence of malware on the puter ??? Thank you, Star |
#2
|
|||
|
|||
Help with Hijackware
http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/Darnit.htm http://www.mvps.org/sramesh2k/Malware_Defence.htm -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE) Star wrote: Hello, Pc-cillin identified the above referenced file on my puter, assoociated to Spyware. I clicked on more info and went to trendmicro.com. This spyware is said to be low risk.... Spyware is named/identified as.... SpyW_INVkey12A at trendmicro.com These are the Files & Registry Keys associated Files datview.exe iks.dat license.txt order.txt README.TXT Uninst.isu %Windows%\Desktop\Log Viewer for IKS.lnk %Windows%\tmpdelis.bat (Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.) Registry Keys HKEY_LOCAL_MACHINE\Software\Amecisco HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Uninstall\IKS 1.2 Demo I *didn't* have the reg. keys! I *had* one file associated to this spyware....... C:\Windows\tmpdelis.bat or batch file!! The bat file can be executed... I *deleted* it!! Before, I deleted it I ran Spybot and Ad-Aware and came up clean. I ran PC-cillin after deleting and came up clean, nothing more found. Has anyone else found tmpdelis.bat without any other evidence of malware on the puter ??? Thank you, Star |
#3
|
|||
|
|||
Thanks, Pa Bear... been reading the links, good link!!
tmpdelis.bat..... in C:\Windows. I've been doing searches, am I getting bad information. Some forums say, *this is a legitimate* Windows file created by the Windows installer. Tell me, "what do you say" , Pa Bear ??? Star "PA Bear" wrote in message ... Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/Darnit.htm http://www.mvps.org/sramesh2k/Malware_Defence.htm -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE) Star wrote: Hello, Pc-cillin identified the above referenced file on my puter, assoociated to Spyware. I clicked on more info and went to trendmicro.com. This spyware is said to be low risk.... Spyware is named/identified as.... SpyW_INVkey12A at trendmicro.com These are the Files & Registry Keys associated Files datview.exe iks.dat license.txt order.txt README.TXT Uninst.isu %Windows%\Desktop\Log Viewer for IKS.lnk %Windows%\tmpdelis.bat (Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.) Registry Keys HKEY_LOCAL_MACHINE\Software\Amecisco HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Uninstall\IKS 1.2 Demo I *didn't* have the reg. keys! I *had* one file associated to this spyware....... C:\Windows\tmpdelis.bat or batch file!! The bat file can be executed... I *deleted* it!! Before, I deleted it I ran Spybot and Ad-Aware and came up clean. I ran PC-cillin after deleting and came up clean, nothing more found. Has anyone else found tmpdelis.bat without any other evidence of malware on the puter ??? Thank you, Star |
#4
|
|||
|
|||
Thanks Lee, Glee and Pa Bear....
I made another tmpdelis.bat file w/legit entries and placed in Windows. The one I deleted was bad.... it didn't have the bat/batch icon.... it was different. Does the legit file have a unique icon unlike other bat files ???? However, I had none of the registry entries, nor any other files listed. Trend, said, "it was spyware" ..... Maybe the other files were blocked/stopped from corrupting my system. I do have 7.1 pattern, which PC-cillin says, "protects". Thanks for helping me figure it out. Star "Lee" wrote in message ups.com... @if exist C:\WINDOWS\tmpcpyis.bat del C:\WINDOWS\tmpcpyis.bat @if exist C:\WINDOWS\winstart.bat C:\WINDOWS\winstart.bat Contents of legit tmpdelis.bat here. |
#5
|
|||
|
|||
@if exist C:\WINDOWS\tmpcpyis.bat del C:\WINDOWS\tmpcpyis.bat
@if exist C:\WINDOWS\winstart.bat C:\WINDOWS\winstart.bat Contents of legit tmpdelis.bat here. |
#6
|
|||
|
|||
Same here....been there since Win95 days.
-- Glen Ventura, MS MVP W95/98 Systems http://dts-l.org/goodpost.htm "Lee" wrote in message ups.com... @if exist C:\WINDOWS\tmpcpyis.bat del C:\WINDOWS\tmpcpyis.bat @if exist C:\WINDOWS\winstart.bat C:\WINDOWS\winstart.bat Contents of legit tmpdelis.bat here. |
#7
|
|||
|
|||
I'd wanna check out...
"The worm creates the following files: snip C:\Windows\Tmpdelis.bat. This is a simple batch file that copies the file C:\Program Files\Curlysoft\Viewer.dll to C:\Program Files\Curlysoft\Run.com. It also enters the data in C:\V.reg into the registry. Finally it executes the file C:\File1980.com." Symantec Security Response - W32.Alcarys.B@mm: 'Big Guns' version: Dealing with Trojans & Hijackware (Do A and B.) A. Removing Trojans and Trojanware with Sysclean Create a new folder named Sysclean (e.g., C:\Program files\Sysclean or just a desktop folder). Download 'Sysclean.com' from http://www.trendmicro.com/download/dcs.asp to this folder. Download the latest 'Trend Pattern File' zip (e.g., lpt123.zip) from http://www.trendmicro.com/download/pattern.asp and extract its contents to the same folder; see the Readme text file for instructions. Delete Temporary Internet Files (IE ToolsInternet OptionsGeneral) accepting the option to delete all offline content. Reboot and delete contents of TEMP folders and Recycle Bin. Close all running programs including your anti-virus application, go offline, and run Sysclean. For best results, do nothing with the machine until the scan completes. If the scan shows any infections in System Restore files: (1) create a new Restore Point (StartProgramsAccessoriesSystem ToolsSystem Restore), then (2) delete all but the most recent Restore Point (StartProgramsAccessoriesSystem ToolsDisk CleanupMore options [tab]). Afterwards, update your own anti-virus application and perform another full system scan. B. Hijackware Help with Hijackware (all are MS MVP sites) http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/Darnit.htm http://www.mvps.org/sramesh2k/Malware_Defence.htm Run the following tools in this order with nothing else running in background: 1. CWShredder v2.0 (no updates available currently; choose Fix, not Scan) 2. Ad-Aware SE (Reconfigure per http://aumha.org/forum/viewtopic.php?t=5877; Fix all found) 3. Spybot (RTFM; Immunize first and then scan; Generally, fix everything in red) Important: You must seek updates for Ad-Aware, Spybot, etc., before each and every use, even "right out of the box". But even they can't catch everything, 24/7. When all else fails, HijackThis (http://forum.aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware. **Post your files to http://forums.spywareinfo.com/, http://castlecops.com/forum67.html or http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.** [Alternate download pages for many of the above tools may be found at http://aumha.org/a/parasite.htm.] So How Did I Get Infected Anyway? http://boards.cexx.org/viewtopic.php?t=957 -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE) Star wrote: Thanks, Pa Bear... been reading the links, good link!! tmpdelis.bat..... in C:\Windows. I've been doing searches, am I getting bad information. Some forums say, *this is a legitimate* Windows file created by the Windows installer. Tell me, "what do you say" , Pa Bear ??? Star "PA Bear" wrote in message ... Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/Darnit.htm http://www.mvps.org/sramesh2k/Malware_Defence.htm -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE) Star wrote: Hello, Pc-cillin identified the above referenced file on my puter, assoociated to Spyware. I clicked on more info and went to trendmicro.com. This spyware is said to be low risk.... Spyware is named/identified as.... SpyW_INVkey12A at trendmicro.com These are the Files & Registry Keys associated Files datview.exe iks.dat license.txt order.txt README.TXT Uninst.isu %Windows%\Desktop\Log Viewer for IKS.lnk %Windows%\tmpdelis.bat (Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.) Registry Keys HKEY_LOCAL_MACHINE\Software\Amecisco HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Uninstall\IKS 1.2 Demo I *didn't* have the reg. keys! I *had* one file associated to this spyware....... C:\Windows\tmpdelis.bat or batch file!! The bat file can be executed... I *deleted* it!! Before, I deleted it I ran Spybot and Ad-Aware and came up clean. I ran PC-cillin after deleting and came up clean, nothing more found. Has anyone else found tmpdelis.bat without any other evidence of malware on the puter ??? Thank you, Star |
#8
|
|||
|
|||
Error Message: Invalid Path, Not Directory, or Directory Not Empty
(245560) - When you start your Windows 98-based computer, you may receive the following error message: Invalid path, not directory, or directory not empty. This behavior can occur if the Winstart.bat file calls the Tmpcpyis.bat file and the Tmpcpyis.bat file... http://support.microsoft.com/default...b;en-us;245560 Tmpdelis.bat is legitimate as Lee posted it. Mine looks the same... @if exist C:\WINDOWS\tmpcpyis.bat del C:\WINDOWS\tmpcpyis.bat @if exist C:\WINDOWS\winstart.bat C:\WINDOWS\winstart.bat I suppose it is the mechanism to execute Winstart.bat, if that one exists. But I can see how a virus would want to get it's hands on it. -- Thanks or Good Luck, There may be humor in this post, and, Naturally, you will not sue, should things get worse after this, PCR "PA Bear" wrote in message ... | I'd wanna check out... | | "The worm creates the following files: | snip | C:\Windows\Tmpdelis.bat. This is a simple batch file that copies the file | C:\Program Files\Curlysoft\Viewer.dll to C:\Program Files\Curlysoft\Run.com. | It also enters the data in C:\V.reg into the registry. Finally it executes | the file C:\File1980.com." | | Symantec Security Response - W32.Alcarys.B@mm: | | | 'Big Guns' version: | | Dealing with Trojans & Hijackware (Do A and B.) | | A. Removing Trojans and Trojanware with Sysclean | | Create a new folder named Sysclean (e.g., C:\Program files\Sysclean or just | a desktop folder). Download 'Sysclean.com' from | http://www.trendmicro.com/download/dcs.asp to this folder. Download the | latest 'Trend Pattern File' zip (e.g., lpt123.zip) from | http://www.trendmicro.com/download/pattern.asp and extract its contents to | the same folder; see the Readme text file for instructions. | | Delete Temporary Internet Files (IE ToolsInternet OptionsGeneral) | accepting the option to delete all offline content. Reboot and delete | contents of TEMP folders and Recycle Bin. | | Close all running programs including your anti-virus application, go | offline, and run Sysclean. For best results, do nothing with the machine | until the scan completes. | | If the scan shows any infections in System Restore files: | | (1) create a new Restore Point (StartProgramsAccessoriesSystem | ToolsSystem Restore), then | | (2) delete all but the most recent Restore Point | (StartProgramsAccessoriesSystem ToolsDisk CleanupMore options [tab]). | | Afterwards, update your own anti-virus application and perform another full | system scan. | | B. Hijackware | | Help with Hijackware (all are MS MVP sites) | http://aumha.org/a/parasite.htm | http://aumha.org/a/quickfix.htm | http://mvps.org/winhelp2002/unwanted.htm | http://inetexplorer.mvps.org/Darnit.htm | http://www.mvps.org/sramesh2k/Malware_Defence.htm | | Run the following tools in this order with nothing else running in | background: | | 1. CWShredder v2.0 (no updates available currently; choose Fix, not Scan) | | 2. Ad-Aware SE (Reconfigure per http://aumha.org/forum/viewtopic.php?t=5877; | Fix all found) | | 3. Spybot (RTFM; Immunize first and then scan; Generally, fix everything in | red) | | Important: You must seek updates for Ad-Aware, Spybot, etc., before each and | every use, even "right out of the box". But even they can't catch | everything, 24/7. | | When all else fails, HijackThis | (http://forum.aumha.org/downloads/hijackthis.zip) is the preferred tool to | use. It will help you to both identify and remove any hijackware/spyware. | **Post your files to http://forums.spywareinfo.com/, | http://castlecops.com/forum67.html or | http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.** | | [Alternate download pages for many of the above tools may be found at | http://aumha.org/a/parasite.htm.] | | So How Did I Get Infected Anyway? | http://boards.cexx.org/viewtopic.php?t=957 | | -- | ~Robear Dyer (PA Bear) | MS MVP-Windows (IE/OE) | | Star wrote: | Thanks, Pa Bear... been reading the links, good link!! | | tmpdelis.bat..... in C:\Windows. | | I've been doing searches, am I getting bad information. Some forums say, | *this is a legitimate* Windows file created by the Windows installer. | | Tell me, "what do you say" , Pa Bear ??? | | Star | | "PA Bear" wrote in message | ... | Help with Hijackware | http://aumha.org/a/parasite.htm | http://aumha.org/a/quickfix.htm | http://mvps.org/winhelp2002/unwanted.htm | http://inetexplorer.mvps.org/Darnit.htm | http://www.mvps.org/sramesh2k/Malware_Defence.htm | | -- | ~Robear Dyer (PA Bear) | MS MVP-Windows (IE/OE) | | Star wrote: | Hello, | Pc-cillin identified the above referenced file on my puter, | assoociated to Spyware. I clicked on more info and went to | trendmicro.com. This spyware is said to be low risk.... | | Spyware is named/identified as.... SpyW_INVkey12A at trendmicro.com | | These are the Files & Registry Keys associated | Files | datview.exe | iks.dat | license.txt | order.txt | README.TXT | Uninst.isu | %Windows%\Desktop\Log Viewer for IKS.lnk | %Windows%\tmpdelis.bat | (Note: %Windows% is the Windows folder, which is usually C:\Windows or | C:\WINNT.) | | Registry Keys | HKEY_LOCAL_MACHINE\Software\Amecisco | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ | CurrentVersion\Uninstall\IKS 1.2 Demo | | I *didn't* have the reg. keys! | | I *had* one file associated to this spyware....... | C:\Windows\tmpdelis.bat or batch file!! | | The bat file can be executed... I *deleted* it!! Before, I deleted | it I ran Spybot and Ad-Aware and came up clean. | I ran PC-cillin after deleting and came up clean, nothing more found. | | Has anyone else found tmpdelis.bat without any other evidence of | malware on the puter ??? | | Thank you, Star | |
Thread Tools | |
Display Modes | |
|
|