Question for Shadow_Puter_Dude

Hello Shadow;

In the following thread:

http://forums.majorgeeks.com/showthread.php?t=185225&highlight=DIO3.tmp&page=2

You seem to be concerned about the following files being telltale signs of an infection:
"
C:\Documents and Settings\Jim\Local Settings\Temp\UAC822c.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\DIO10.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\DIO3.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\DIO41.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\DIO5.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\DIO6.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\DIO7.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\DIO8.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\DIO9.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\DIOA.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\DIOB.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\DIOD.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\MAR1.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\MAR2.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\MAR3.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\MAR4.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\MAR5.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\MAR6.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\MAR7.tmp
C:\Documents and Settings\%Userneme%\Local Settings\Temp\MAR8.tmp
C:\Program Files\bad.dll
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\AskService.exe
"

I have regenerating instances of some of the DIO#.tmp and MAR#.tmp files. The others are not there.

I have run a SLEW of tools, killed a bunch of bugs, and now the tools do not find any more signs of infection. However, these pesky file keep regenerating upon reboot, and I can't find any definite reference to either legit, or malware info on them.

Could you help out?

BTW, I checked into the size of services.exe and it looks ok.

I'm including my MGlogs just in case anyone else wants to take a shot at this.
HJT and Combofix logs look clean as far as I could tell.

 

Question for Chaslang

Hello Chaslang;

Firstly, I've learned a lot from your posts and troubleshooting. Thanks for all the work you've done!

Now, to my question:

You might remember thread http://forums.majorgeeks.com/showthread.php?t=146006&highlight=dio8.tmp, in which you asked someone to attach a suppossedly legit file to figure what it was.

I've been chasing the pesky file all around the internet to find about it. There are relatively close matches, but nothing definite on DIO##.tmp or MAR#.tmp files.Although eaqsy to delete, lots of both regenerate into my temp dir at boottime.

Did you ever figure out what they were used for?

My PC is now otherwise clean (thanks to your posts and Shadow_Puter's).

Thanks in advance.

Clone

 

Re: Question for Chaslang

Thanks for taking the time to check and address BOTH threads, Chaslang. I did the whole malware removal shebang and beyond. I'm sort of computer proficient, and capable of interpreting my logs. My only gripe was with the said files, as I did not recogize them, but couldn't directly trace them as malware.

Funny thing; Where in my logs did you find references to:

C:\Program Files\bad.dll
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\AskService.exe ?

I did not see any of those reported, and just double checked to be sure.

EDIT: I think you got my logs mixed up with someone elses' (Or maybe it was an offhand suggestion?).
I just noticed you pulled a "jim" profile there. No Jims here

Thanks again.


Clone