Trojan Horse tmprbf07a.exe

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

It appears my HPcompaq nx9005 notebook is infected with a trojan horse virus
(tmprbf07a.exe). I am running WindowsXP home SP2 with Norton Anti-virus
software and an up to date subscription. This virus is not detected by the
virus protection software until I open a browser on the internet. It normally
takes a couple of minutes for the warning to appear, however the message
states "repair failed - access denied". I have followed the recommended
symantec procedure for disposing of this virus but without success. Does
anyone have any suggestions?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Please consult the experts in the virus removal newsgroup:
news://msnews.microsoft.com/microsoft.public.security.virus

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

"wizardofeden" wrote:

| It appears my HPcompaq nx9005 notebook is infected with a trojan horse virus
| (tmprbf07a.exe). I am running WindowsXP home SP2 with Norton Anti-virus
| software and an up to date subscription. This virus is not detected by the
| virus protection software until I open a browser on the internet. It normally
| takes a couple of minutes for the warning to appear, however the message
| states "repair failed - access denied". I have followed the recommended
| symantec procedure for disposing of this virus but without success. Does
| anyone have any suggestions?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "wizardofeden" <wizardofeden@discussions.microsoft.com>

| It appears my HPcompaq nx9005 notebook is infected with a trojan horse virus
| (tmprbf07a.exe). I am running WindowsXP home SP2 with Norton Anti-virus
| software and an up to date subscription. This virus is not detected by the
| virus protection software until I open a browser on the internet. It normally
| takes a couple of minutes for the warning to appear, however the message
| states "repair failed - access denied". I have followed the recommended
| symantec procedure for disposing of this virus but without success. Does
| anyone have any suggestions?

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt520.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Ad-aware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible
5) Using both the Trend Sysclean utility and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point

* Please report your results ! *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"wizardofeden" wrote:
> It appears my HPcompaq nx9005 notebook is infected with a
> trojan horse virus
> (tmprbf07a.exe). I am running WindowsXP home SP2 with Norton
> Anti-virus
> software and an up to date subscription. This virus is not
> detected by the
> virus protection software until I open a browser on the
> internet. It normally
> takes a couple of minutes for the warning to appear, however
> the message
> states "repair failed - access denied". I have followed the
> recommended
> symantec procedure for disposing of this virus but without
> success. Does
> anyone have any suggestions?

i have checked numerous virus sites and tmprbf07a.exe doesn’t
appear anywhere. Have you any more info i can work on.

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Security-Admin-Trojan-Horse-tmprbf07a.exe-ftopict350458.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1104928

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "marko1" <UseLinkToEmail@WindowsForumz.com>


|
| i have checked numerous virus sites and tmprbf07a.exe doesn’t
| appear anywhere. Have you any more info i can work on.
|
| --
| Posted using the http://www.windowsforumz.com interface, at author's request
| Articles individually checked for conformance to usenet standards
| Topic URL:
http://www.windowsforumz.com/Security-Admin-Trojan-Horse-tmprbf07a.exe-ftopict350458.html
| Visit Topic URL to contact author (reg. req'd). Report abuse:
http://www.windowsforumz.com/eform.php?p=1104928

That's because *any* infector can be named *anything* !

To really get an idea what the infector is, it should be submitted to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against 16 different AV vendor's scanners.

Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Excellent this worked.
Followed your advice to the letter and the Trend sysclean package found the
virus and reported the following;
First Scan
C:\windows\gcasServ.exe found virus [Troj_Dloader.bn]
1st action move failed
2nd action delete deleted
Second Scan
Again found the infected file but this time cured the file.

No problems since.

Thank-you for your help.

Regards
Gordon Brett

"David H. Lipman" wrote:

> From: "wizardofeden" <wizardofeden@discussions.microsoft.com>
>
> | It appears my HPcompaq nx9005 notebook is infected with a trojan horse virus
> | (tmprbf07a.exe). I am running WindowsXP home SP2 with Norton Anti-virus
> | software and an up to date subscription. This virus is not detected by the
> | virus protection software until I open a browser on the internet. It normally
> | takes a couple of minutes for the warning to appear, however the message
> | states "repair failed - access denied". I have followed the recommended
> | symantec procedure for disposing of this virus but without success. Does
> | anyone have any suggestions?
>
> There are anti virus News Groups specifically for this type of discussion.
>
> microsoft.public.scripting.virus.discussion
> microsoft.public.security.virus
> alt.comp.virus
> alt.comp.anti-virus
>
> Dump the contents of the IE Temporary Internet Folder cache (TIF)
>
> start --> settings --> control panel --> internet options --> delete files
>
> 1) Download the following three items...
>
> Trend Sysclean Package
> http://www.trendmicro.com/download/dcs.asp
>
> Latest Trend Pattern File.
> http://www.trendmicro.com/download/pattern.asp
>
> Ad-aware SE (free personal version v1.05)
> http://www.lavasoftusa.com/
>
> Create a directory.
> On drive "C:\"
> (e.g., "c:\New Folder")
> or the desktop
> (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
>
> Download Sysclean.com and place it in that directory.
> Download the Trend Pattern File by obtaining the ZIP file.
> For example; lpt520.zip
>
> Extract the contents of the ZIP file and place the contents in the same directory as
> sysclean.com.
>
> 2) Update Ad-aware with the latest definitions.
> 3) Disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
> 5) Using both the Trend Sysclean utility and Ad-aware, perform a Full Scan of your
> platform and clean/delete any infectors/parasites found.
> (a few cycles may be needed)
> 6) Restart your PC and perform a "final" Full Scan of your platform using both the
> Trend Sysclean utility and Adaware
> 7) Re-enable System Restore and re-apply any System Restore preferences,
> (e.g. HD space to use suggested 400 ~ 600MB),
> 8) Reboot your PC.
> 9) Create a new Restore point
>
> * Please report your results ! *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "wizardofeden" <wizardofeden@discussions.microsoft.com>

| Excellent this worked.
| Followed your advice to the letter and the Trend sysclean package found the
| virus and reported the following;
| First Scan
| C:\windows\gcasServ.exe found virus [Troj_Dloader.bn]
| 1st action move failed
| 2nd action delete deleted
| Second Scan
| Again found the infected file but this time cured the file.
|
| No problems since.
|
| Thank-you for your help.
|
| Regards
| Gordon Brett

You're welcome !

Thanx for updating the thread.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm