sushantvirdi
Journeyman
I receive the following message when i start XP. It appears eveytime i log on to my computer. What should i do?
*img209.imageshack.us/img209/6629/error7bu.jpg
*img209.imageshack.us/img209/6629/error7bu.jpg
Error Message on Windows Startup in XP
- Thread starter sushantvirdi
- Start date
- Status
wizrulz
GUNNING DOWN TEAMS
Finding a program called temp2.exe running on your computer means that your computer might be infected with a worm known as 'irc.momma'.
temp2.exe is considered to be a security risk, not only because antivirus programs flag irc.momma worm as a virus, but also because a number of users have complained about its performance.
CHECK UR COMPUTER
Go here and check ur comp for viruses and worms..or check ur comp with spybot s/w, antivirus...updated one's if uhave any
temp2.exe is considered to be a security risk, not only because antivirus programs flag irc.momma worm as a virus, but also because a number of users have complained about its performance.
CHECK UR COMPUTER
Go here and check ur comp for viruses and worms..or check ur comp with spybot s/w, antivirus...updated one's if uhave any
vijay_7287
Cyborg Agent
thx for the info wiz!
OP
sushantvirdi
Journeyman
thx..
anandk
Distinguished Member
yep, temp2.exe is malware as refered to as Backdoor.Win32.small.lo
though it appears that the malware has been removed i suggest u nevertheless scan in SAFE MODE ur pc with ur av AND avg anti-spyware or a-squared anti-malware.
then clean ur ur residual pc junk with ccleaner.
if problem stl persists pls post ur hjt logfile here; v may have to remove some startup entries.
though it appears that the malware has been removed i suggest u nevertheless scan in SAFE MODE ur pc with ur av AND avg anti-spyware or a-squared anti-malware.
then clean ur ur residual pc junk with ccleaner.
if problem stl persists pls post ur hjt logfile here; v may have to remove some startup entries.
Last edited:
OP
sushantvirdi
Journeyman
I scanned my system using SpyBot and removed all adware but the problem persists...
g_goyal2000
Youngling
Find out the path of "temp2.exe" file. The restart the PC in "safe mode with command prompt". Goto the file's path & erase it using command "erase temp2.exe".
Else,
Then use this cleaner:
*www.trendmicro.com/ftp/products/tsc/sysclean.com (executable)
And it's definition file from here:
*www.trendmicro.com/ftp/products/pattern/lpt211.zip
Extract the zip file, make sure both the def & exe file are in same folder.
Restart in safe mode.
Run the sysclean.com file.
Else,
Then use this cleaner:
*www.trendmicro.com/ftp/products/tsc/sysclean.com (executable)
And it's definition file from here:
*www.trendmicro.com/ftp/products/pattern/lpt211.zip
Extract the zip file, make sure both the def & exe file are in same folder.
Restart in safe mode.
Run the sysclean.com file.
OP
sushantvirdi
Journeyman
Ok mates, the above error message has vanished as i deleted it using Kaspersky AV. But now a new problem has come up. Whenever i try to Click any of my hard drives to acces it i get error listed below. Also an Autoplay menu has also up on all drives when i right click on the drives.... So in order to acces my drives i have to use Windows Explorer...
*img267.imageshack.us/img267/8653/untitled4dl.jpg
*img267.imageshack.us/img267/8653/untitled4dl.jpg
wizrulz
GUNNING DOWN TEAMS
Finding a program by the name of copy.exe running on your computer is usually a sign that your pc might be infected with a worm that goes by the name of salga.a.
Salga.a Worm is likely a virus and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of copy.exe may cause serious harm to your system and will likely cause a number of problems, such as slow performance, loss of data.
Update ur KASPERSKY AV and run it agian in safe mode....
AND/OR
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
windows
%SYSTEM%\system copy.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
system xp
%WINDOWS%\acdsee demo.exe
and delete them if they exist.
Close the registry editor.
Salga.a Worm is likely a virus and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of copy.exe may cause serious harm to your system and will likely cause a number of problems, such as slow performance, loss of data.
Update ur KASPERSKY AV and run it agian in safe mode....
AND/OR
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
windows
%SYSTEM%\system copy.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
system xp
%WINDOWS%\acdsee demo.exe
and delete them if they exist.
Close the registry editor.
Last edited:
OP
sushantvirdi
Journeyman
i have scanned my computer in Safe mode with latest definations, but the problem is persisting.. Please help how to remove the autoplay command...
Vishal Gupta
Microsoft MVP
Open regedit and goto:
HKEY_CLASSES_ROOT\Drive
and under this key, u'll get many keys but only 2 keys are of our interest:
Shell
Shellex
just open these 2 keys and look for any key which has the same name as u get in Drives context menu and that key will contain the same application name "copy.exe" in its value.
So if u find such key, just delete it.
HKEY_CLASSES_ROOT\Drive
and under this key, u'll get many keys but only 2 keys are of our interest:
Shell
Shellex
just open these 2 keys and look for any key which has the same name as u get in Drives context menu and that key will contain the same application name "copy.exe" in its value.
So if u find such key, just delete it.
OP
sushantvirdi
Journeyman
There is no entry for copy.exe
Vishal Gupta
Microsoft MVP
^^ are u talking about my regedit entry or Arun's msconfig entry?
If u r talking about regedit, then look into:
HKEY_CLASSES_ROOT\directory
HKEY_CLASSES_ROOT\folder
Just search for copy.exe in regedit and u'll surely get an entry for it and then post the result here.
If u r talking about regedit, then look into:
HKEY_CLASSES_ROOT\directory
HKEY_CLASSES_ROOT\folder
Just search for copy.exe in regedit and u'll surely get an entry for it and then post the result here.
OP
sushantvirdi
Journeyman
I searched the registery for copy.exe and got this....
*img207.imageshack.us/img207/3340/untitled1pc.jpg
*img207.imageshack.us/img207/3340/untitled1pc.jpg
Vishal Gupta
Microsoft MVP
Simply delete the key {6cc6ff02-.............. under MountPoints2 key.
PS: pls use thumbnails.
PS: pls use thumbnails.
OP
sushantvirdi
Journeyman
Thanks mate.. That worked.....
Thanks everyone who helped me....
Thanks everyone who helped me....
- Status