Getting the msg temp2.exe error at xp starup
-
I'm using vista and today,i sent my notebook in to republic poly to allow them to configure.
They install xp pro on my comp using some rewritable cd.
they also update my driver using some files on some external HDD.
When i now load into xp,there is this msg regarding some temp2.exe error at startup.
i asked them and they said it's an internet exp 7 error.
I don't believe it cuz i had IE 7 on my desktop and there's never this issue.
Now i'm home and i goggle temp2.exe,it's a FARKING WORM!
and now i press clt+alt+del,there's this temp1.exe running on processor.
NOW SOMEONE TELL ME HOW DO I REMOVE THIS WORM.
If i can't remove it even after i sent it to my friend for help,i'll make sure i fire the whole student who haconfigure my notebook. -
Can you do a search of temp1 and temp2?- [*]Go to Start > Search.
[*]When the dog asks What do you want to search for?, click All files and folders.
[*]In All or part of the file name, copy and paste temp1.exe in.
[*]Click More advanced options. Check (tick) these boxes:- [*]Search system folders
[*]Search hidden files and folders
[*]Search subfolders -
You have quite a few things to do.
First, you need to stop the worm from running. Else, all your efforts at recovery will be undone by the worm.
To STOP the worm,
Log off internet connection
Task Manager -> Processes
Find Existenz.exe and terminate it.
Find Dtreg.exe and terminate it.
If you can't find the EXE, that means it is not running and you can proceed. Now, to destroy the worm..
1) Delete this directory
%windir%\Mirky
2) Delete all these files
Mirc.ini *
%windir%\Mirky\Moni.zip
%windir%\Mirky\Nick.txt
%windir%\Mirky\Dtreg.exe
Remote.ini *
Script.ini *
%windir%\Mirky\Servers.ini
Aliases.ini *
Perform.ini *
Existenz.exe *
* means that they are found where you installed your mIRC.
3) Delete this registry value
Start Menu -> Run -> Type "regedit" -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run -> delete the value for mirky
Your computer should be okay liao..
But, to be on the safe side, scan with your antivirus program.
I'm assuming that you don't have one at the moment so this is a good time to download and scan. The worm is too crippled to do anything so you can go internet now. -
Hmm... best don't assume first.
Get the files location out first. Many viruses use same file name... -
I load vista and did a full system scan using norton.they found the trojans and removed it.
i'm not sure if temp2.exe eror are caused by these trojans.
I'm not even sure if it has been resolved.
now i load in to vista and there's not more temp2.exe error but now there's this msg that says svchost.exe cannot be foud.
WTF?
and becuz my notebook has dual chip intel 950 and nvdia 7400,those kids ca't even install those drivers for me!
my programs in xp are lagging so badly! -
Try rebooting your computer.
It will load back svchost.exe -
Just curious, why did you "sent my notebook in to republic poly to allow them to configure"?
-
Originally posted by ndmmxiaomayi:
The dog can't find both temp1 and temp2.
Can you do a search of temp1 and temp2?- [*]Go to Start > Search.
[*]When the dog asks [b]What do you want to search for?, click All files and folders.
[*]In All or part of the file name, copy and paste temp1.exe in.
[*]Click More advanced options. Check (tick) these boxes:- [*]Search system folders
[*]Search hidden files and folders
[*]Search subfolders -
Originally posted by Conner MacDermott:
can't find both Existenz.exe and Dtreg.exe.
You have quite a few things to do.
First, you need to stop the worm from running. Else, all your efforts at recovery will be undone by the worm.
To [b]STOP the worm,
Log off internet connection
Task Manager -> Processes
Find Existenz.exe and terminate it.
Find Dtreg.exe and terminate it.
If you can't find the EXE, that means it is not running and you can proceed. Now, to destroy the worm..
1) Delete this directory
%windir%\Mirky
2) Delete all these files
Mirc.ini *
%windir%\Mirky\Moni.zip
%windir%\Mirky\Nick.txt
%windir%\Mirky\Dtreg.exe
Remote.ini *
Script.ini *
%windir%\Mirky\Servers.ini
Aliases.ini *
Perform.ini *
Existenz.exe *
* means that they are found where you installed your mIRC.
3) Delete this registry value
Start Menu -> Run -> Type "regedit" -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run -> delete the value for mirky
Your computer should be okay liao..
But, to be on the safe side, scan with your antivirus program.
I'm assuming that you don't have one at the moment so this is a good time to download and scan. The worm is too crippled to do anything so you can go internet now.[/b]
how do i delete that directory?
where do i go?
And NO i don't have mirc.
It's those arse who program my comp. -
okOriginally posted by Conner MacDermott:Try rebooting your computer.
It will load back svchost.exe
The temp1 and temp 2 first.
how do i know it's resolved?
Can u show me a step by step? -
%Windir% is a variable.
The worm locates the Windows installation folder
By default, this is C:\Windows or C:\Winnt -
my task manager does not have the existen.exe and dtreg.exe.
now do i still have to go to the directory and del anything?
how do i get to the directory? -
You ran a Norton scan?
It should remove and repair any bad stuff already.
You do not need to do anything further. -
i don't have to do anything to the registry too?Originally posted by Conner MacDermott:You ran a Norton scan?
It should remove and repair any bad stuff already.
You do not need to do anything further.
so what about the svchost.exe not able to load? -
Yeah.
If your svchost.exe is infected. Norton will close it. But, it won't run it again. Rebooting your computer will trigger your computer to run this application again. (as in the uninfected svchost.exe) -
How?
-
Vista don't have many compatible drivers yet.Originally posted by boka:I load vista and did a full system scan using norton.they found the trojans and removed it.
i'm not sure if temp2.exe eror are caused by these trojans.
I'm not even sure if it has been resolved.
now i load in to vista and there's not more temp2.exe error but now there's this msg that says svchost.exe cannot be foud.
WTF?
and becuz my notebook has dual chip intel 950 and nvdia 7400,those kids ca't even install those drivers for me!
my programs in xp are lagging so badly! -
Norton killed your svchost and never replaced it back.
Log in to Vista, go the drive where XP is installed. Find the i386 folder or dllcache folder. Copy and paste svchost back into the system32 folder. -
I do not know where is the xp being installed,is there anyway i can locate it?Originally posted by ndmmxiaomayi:Norton killed your svchost and never replaced it back.
Log in to Vista, go the drive where XP is installed. Find the i386 folder or dllcache folder. Copy and paste svchost back into the system32 folder.
now i can't even remember how do i go to the partition thingy. -
OK, I go step by step.Originally posted by boka:I do not know where is the xp being installed,is there anyway i can locate it?
now i can't even remember how do i go to the partition thingy.
First of all when you boot, do you see something like this:
Windows Vista
Windows XP Professional