« Automating Abuse Updates for Windows b2evo Users
Missing Fonts in Word »

Stopping Malware from running out of %windir%\temp

My work computer has been infected with some kind of adware that runs out of the C:\Windows\Temp directory. It puts a .exe file in there with some weird random filename like DF4ASX.exe. You can’t delete the file, because it’s running. As soon as you terminate the process, it disappears. Every time you log in, it starts up again.

I created a batch file and put it in the startup directory, to combat this occurrence. Type these two lines into a text editor, and save it as a .bat file in C:\Documents and Settings\All Users\Start Menu\Programs\Startup.

@FOR /F "delims=. usebackq tokens=1,2*" %%i in (`dir /B "%windir%\temp\*"`) do @taskkill /IM %%i.%%j
@FOR /F "delims=. usebackq tokens=1,2*" %%i in (`dir /B "%windir%\temp\*"`) do @echo Y | del "%windir%\Temp\%%i.%%j"

Listen to this article Listen

This entry was posted on Monday, March 28th, 2005 at 10:51:56 and is filed under .

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Comments are moderated like crazy using a variety of plugins. There is a very high likelihood that your comment won't show up right away, especially if you have never commented here before, but it was not deleted.

Please be patient, and do not post your comment more than once. It will show up once it is approved.

You must be logged in to post a comment.