Stopping Malware from running out of %windir%\temp

My work computer has been infected with some kind of adware that runs out of the C:\Windows\Temp directory. It puts a .exe file in there with some weird random filename like DF4ASX.exe. You can’t delete the file, because it’s running. As soon as you terminate the process, it disappears. Every time you log in, it starts up again.

I created a batch file and put it in the startup directory, to combat this occurrence. Type these two lines into a text editor, and save it as a .bat file in C:\Documents and Settings\All Users\Start Menu\Programs\Startup.

@FOR /F "delims=. usebackq tokens=1,2*" %%i in (`dir /B "%windir%\temp\*"`) do @taskkill /IM %%i.%%j
@FOR /F "delims=. usebackq tokens=1,2*" %%i in (`dir /B "%windir%\temp\*"`) do @echo Y | del "%windir%\Temp\%%i.%%j"

Leave a Reply

Comments are moderated like crazy using a variety of plugins. There is a very high likelihood that your comment won't show up right away, especially if you have never commented here before, but it was not deleted.

Please be patient, and do not post your comment more than once. It will show up once it is approved.

You must be logged in to post a comment.