Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Rem36.exe

Reply
Thread Tools

Rem36.exe

 
 
GhostMaster
Guest
Posts: n/a
 
      06-14-2004
Friend said that Norton scan said she should delete this file:

C:\Documents and Settings\Owner\LocalSettings\Temp\Rem36.exe

she clicked delete but then Norton said they could not delete it and then
she tried to quarantine it and it would not let her do that either.
then she put in search on the computer and she found the file and it would
not
let her delete it either.

I Did a google search and found nothing.
Can someone tell me what this is, and how to get rid of it?


 
Reply With Quote
 
 
 
 
Purl Gurl
Guest
Posts: n/a
 
      06-15-2004
GhostMaster wrote:

> Friend said that Norton scan said she should delete this file:


> C:\Documents and Settings\Owner\LocalSettings\Temp\Rem36.exe


Do _not_ reboot this machine. I will explain why in closing.

Right off, you or your "friend" need to ascertain why Norton
popped an alert on this, along with making note of what
virus name or trojan name is given to this file.

Do not fail to determine why Norton popped an alert.

Once you have this information, then research the Norton
site or similar sites, to locate a removal tool. Norton,
McAfee, others, probably offer a small removal tool for
this specific infection, if it is actually an infection.

Use of a removal tool is critical. A removal tool will
remove not only this file but any others associated
with it, restore your registry and repair any malicious
changes made to your virus scanner.

Be sure it is an infection before deleting any files.

> she clicked delete but then Norton said they could not delete it and then
> she tried to quarantine it and it would not let her do that either.
> then she put in search on the computer and she found the file and it would
> not let her delete it either.


That behavior is highly symptomatic of a virus infection.

There are a number of choices, but first be sure you are
dealing with a true infection and not a file which creates
a false positive. Most likely an infection, but be sure.

Best option, a removal tool.

A quick and easy option, which may or may not work, is to
locate the file, highlight, right click, select "properties"
and uncheck "system" and "hidden" properties. Then try to
delete this file. If you cannot delete it, odds are almost
one-hundred percent it is an infected file which has made
use of Microsoft proprietary coding to prevent deletion.

Another option, which is more challenging for you because
you appear to using a less powerful NT5 system, is to
boot to MSDOS, and delete it from there. This _always_
works. However, if you are running NT5, this is Win2K,
XP and others, you have a problem. NT5 is really stripped
down and rather impotent; you cannot boot to MSDOS.

Surprise! Your system is nowhere near as powerful as claimed.

What you can do is have a friend with a significantly
more powerful system, such as Win3.x or Win9.x, create
a floppy disk which will boot you to MSDOS. You can
also download a MSDOS boot disk from the internet.

Another challenge is you will need to learn just a little
bit of MSDOS command line calls to do this. Very easy but
requires you to learn, what you should already know. You
may also have to learn how to MSDOS address directory
names which have spaces or long names, and directory names
should absolutely never have spaces in them nor exceed
eight characters in length, plus three for file extensions.

Yet another challenge is you still have to find any
associated files, discover what damage was done to
your virus scanner, and figure how to repair your
Windows registry, if needed.

Don't forget to inspect your startup folder.

Kinda places you in a pinch, yes? Kinda makes you wish
you stuck with Win98 or Linux.

Best bet, discover the name of the infection and locate
a removal tool designed specifically for that infection.
Actually, for NT5, that is your only viable option.

Do not reboot this machine unless you are prepared to boot
to MSDOS. Many virus infections will cause your machine
to not boot, and you will not discover this until you
try to boot up. Other viruses, will wipe your bios on
reboot or destroy your drive partitions. Be prepared
for this consequence with an emergency boot disk which
will allow you to boot, reformat and install your OS.

Do not install your OS over an infected OS; waste of time.

Copy critical files to a secondary drive, if you feel
this is needed. However, do not transfer your infection
to your secondary drive! Has your friend scanned other
drives to discover if they are infected, as well?

If on a LAN, chances are pretty good all LAN machines
are now infected.

Scary, huh?

Before going delete crazy, be sure it is an infection.

Incidently, how did this probable virus get past Norton?


Purl Gurl
--
Play Poker! Play Blackjack!
http://www.purlgurl.net/~callgirl/android/poker.cgi
http://www.purlgurl.net/~callgirl/android/blakjack.cgi
 
Reply With Quote
 
 
 
 
Locke Nash Cole
Guest
Posts: n/a
 
      06-15-2004
Boot into safe mode, delete the entire contents of c:\Documents and
Settings\Owner\LocalSettings\Temp\

-L


 
Reply With Quote
 
GhostMaster
Guest
Posts: n/a
 
      06-15-2004
Purl Gurl wrote:
: GhostMaster wrote:
:
:: Friend said that Norton scan said she should delete this file:
:
:: C:\Documents and Settings\Owner\LocalSettings\Temp\Rem36.exe
:
: Do _not_ reboot this machine. I will explain why in closing.
:
: Right off, you or your "friend" need to ascertain why Norton
: popped an alert on this, along with making note of what
: virus name or trojan name is given to this file.
:
: Do not fail to determine why Norton popped an alert.
:
: Once you have this information, then research the Norton
: site or similar sites, to locate a removal tool. Norton,
: McAfee, others, probably offer a small removal tool for
: this specific infection, if it is actually an infection.
:
: Use of a removal tool is critical. A removal tool will
: remove not only this file but any others associated
: with it, restore your registry and repair any malicious
: changes made to your virus scanner.
:
: Be sure it is an infection before deleting any files.
:
:: she clicked delete but then Norton said they could not delete it and
:: then she tried to quarantine it and it would not let her do that
:: either. then she put in search on the computer and she found the
:: file and it would not let her delete it either.
:
: That behavior is highly symptomatic of a virus infection.
:
: There are a number of choices, but first be sure you are
: dealing with a true infection and not a file which creates
: a false positive. Most likely an infection, but be sure.
:
: Best option, a removal tool.
:
: A quick and easy option, which may or may not work, is to
: locate the file, highlight, right click, select "properties"
: and uncheck "system" and "hidden" properties. Then try to
: delete this file. If you cannot delete it, odds are almost
: one-hundred percent it is an infected file which has made
: use of Microsoft proprietary coding to prevent deletion.
:
: Another option, which is more challenging for you because
: you appear to using a less powerful NT5 system, is to
: boot to MSDOS, and delete it from there. This _always_
: works. However, if you are running NT5, this is Win2K,
: XP and others, you have a problem. NT5 is really stripped
: down and rather impotent; you cannot boot to MSDOS.
:
: Surprise! Your system is nowhere near as powerful as claimed.
:
: What you can do is have a friend with a significantly
: more powerful system, such as Win3.x or Win9.x, create
: a floppy disk which will boot you to MSDOS. You can
: also download a MSDOS boot disk from the internet.
:
: Another challenge is you will need to learn just a little
: bit of MSDOS command line calls to do this. Very easy but
: requires you to learn, what you should already know. You
: may also have to learn how to MSDOS address directory
: names which have spaces or long names, and directory names
: should absolutely never have spaces in them nor exceed
: eight characters in length, plus three for file extensions.
:
: Yet another challenge is you still have to find any
: associated files, discover what damage was done to
: your virus scanner, and figure how to repair your
: Windows registry, if needed.
:
: Don't forget to inspect your startup folder.
:
: Kinda places you in a pinch, yes? Kinda makes you wish
: you stuck with Win98 or Linux.
:
: Best bet, discover the name of the infection and locate
: a removal tool designed specifically for that infection.
: Actually, for NT5, that is your only viable option.
:
: Do not reboot this machine unless you are prepared to boot
: to MSDOS. Many virus infections will cause your machine
: to not boot, and you will not discover this until you
: try to boot up. Other viruses, will wipe your bios on
: reboot or destroy your drive partitions. Be prepared
: for this consequence with an emergency boot disk which
: will allow you to boot, reformat and install your OS.
:
: Do not install your OS over an infected OS; waste of time.
:
: Copy critical files to a secondary drive, if you feel
: this is needed. However, do not transfer your infection
: to your secondary drive! Has your friend scanned other
: drives to discover if they are infected, as well?
:
: If on a LAN, chances are pretty good all LAN machines
: are now infected.
:
: Scary, huh?
:
: Before going delete crazy, be sure it is an infection.
:
: Incidently, how did this probable virus get past Norton?
:
:
: Purl Gurl

I can't find anything on this. I don't know but maybe this is something
very new in the wild?
I am waiting for her to get back in touch with me. She has a webtv and PC
box.
I need to know what OS she has cause I don't know what she has. I have
gone to three virus dictionaries
and none of them have info on this. I did email her and told her not to
shut the computer down or reboot it till
it can be figured out. She is a newbie so working in MSDOS is out I
believe. She hasn't had her pc but a couple months. For now I believe I
will have her check her firewall to see if it's listed as a program there so
she can block it hopefully. I think she is either using ZoneAlarm or
Norton's firewall. I am hoping this is a false positive.


 
Reply With Quote
 
Purl Gurl
Guest
Posts: n/a
 
      06-15-2004
GhostMaster wrote:

> Purl Gurl wrote:
> : GhostMaster wrote:


> :: Friend said that Norton scan said she should delete this file:


> :: C:\Documents and Settings\Owner\LocalSettings\Temp\Rem36.exe



> I can't find anything on this. I don't know but maybe this is something
> very new in the wild?


Nor can I. Tried a search on rem36 and variations but turned
up nothing related. If an infection, chances are good this
is a random file name.

You do provide a lot of evidence which points to an infection.
Surprising your friend did not notice any odd behavior. Perhaps
this is not an infection but rather a backdoor or spyware.

Usually, virus scanners will not catch spyware. Perhaps her
Norton is recent enough to incorporate spyware scanning.
I am not well versed in recent releases.

She really should have someone versed in these type of problems
sit down with her and examine her machine. I would encourage
her to not reboot, to not run any programs and to unplug her
system from the net until this is resolved. Have her machine
just sit there idle until resolved; any action could activate
whatever is sitting there, waiting.

She really needs someone there to help who knows what to
do and what not to do; a bombsquad specialist who is
comfortable walking on rice paper.


Purl Gurl
--
Purl Gurl Net, Delivering Rock N Roll And Fun
At Two Megabits Per Second
http://www.purlgurl.net/
 
Reply With Quote
 
GhostMaster
Guest
Posts: n/a
 
      06-15-2004
Purl Gurl wrote:
: GhostMaster wrote:
:
:: Purl Gurl wrote:
::: GhostMaster wrote:
:
:::: Friend said that Norton scan said she should delete this file:
:
:::: C:\Documents and Settings\Owner\LocalSettings\Temp\Rem36.exe
:
:
:: I can't find anything on this. I don't know but maybe this is
:: something very new in the wild?
:
: Nor can I. Tried a search on rem36 and variations but turned
: up nothing related. If an infection, chances are good this
: is a random file name.
:
: You do provide a lot of evidence which points to an infection.
: Surprising your friend did not notice any odd behavior. Perhaps
: this is not an infection but rather a backdoor or spyware.
:
: Usually, virus scanners will not catch spyware. Perhaps her
: Norton is recent enough to incorporate spyware scanning.
: I am not well versed in recent releases.
:
: She really should have someone versed in these type of problems
: sit down with her and examine her machine. I would encourage
: her to not reboot, to not run any programs and to unplug her
: system from the net until this is resolved. Have her machine
: just sit there idle until resolved; any action could activate
: whatever is sitting there, waiting.
:
: She really needs someone there to help who knows what to
: do and what not to do; a bombsquad specialist who is
: comfortable walking on rice paper.
:
:
: Purl Gurl

Thanks everyone so far the name of this is called adware.lop
However adaware wont remove this. Any suggestions?

Adaware found this file but would not do a thing to it.
That file is:

C:\Programfiles\aim\sysfiles\aimwdinstall.exe

This is in AIM I believe this is a messenger program. I don't use messenger
programs
So is this a valid app or false positive or is this a true adware BS that
needs to go?
Does AIM have ads?





 
Reply With Quote
 
Purl Gurl
Guest
Posts: n/a
 
      06-15-2004
GhostMaster wrote:

> Purl Gurl wrote:
> : GhostMaster wrote:
> :: Purl Gurl wrote:
> ::: GhostMaster wrote:


> :::: Friend said that Norton scan said she should delete this file:


> :::: C:\Documents and Settings\Owner\LocalSettings\Temp\Rem36.exe


> :: I can't find anything on this. I don't know but maybe this is
> :: something very new in the wild?


> : Nor can I. Tried a search on rem36 and variations but turned
> : up nothing related. If an infection, chances are good this
> : is a random file name.


> : You do provide a lot of evidence which points to an infection.


> Thanks everyone so far the name of this is called adware.lop
> However adaware wont remove this. Any suggestions?


Appears she is safe from having her machine turned
into an Etch-A-Sketch.

However, you still need to associate rem36.exe with this
adware garbage. You need to be sure it is related to the
adware and not a different infection.

Here are instructions for removal of the adware:

http://sarc.com/avcenter/venc/data/adware.lop.html

There are some risks involved. You might check McAfee
to determine if they have a removal program.

Please be sure rem36.exe is associated with the adware,
or is a separate infection, or is a needed system file
which generates a false positive.

Also note your friend either installed this adware,
or it was installed by another program. Removal of
the adware does not guarantee it will not appear
again on reboot.

Did she install a task bar or search bar for her browser?

Gather up all your loose ends before doing anything.

Why this adware cannot be deleted is it is an active
running program. Try,

Ctrl Alt Del (Control key Alternate key Delete key)

Which should pop up your task manager and allow you
to turn off the adware. Then you can delete, maybe.


> Adaware found this file but would not do a thing to it.
> That file is:


> C:\Programfiles\aim\sysfiles\aimwdinstall.exe


Pffttt... that is F'n America Online Instant Messenger,
which is bundled with Windows, along with a lot of
other garbage.

Move into her Control Panel, add/remove programs. You
should be able to remove it from there.

Double check on this. Be sure "AIM" actually is the
AOL instant messenger. Should be, but you never know.


Again, be sure rem36.exe and the adware, are associated.
You may have a virus infection AND adware on the system.


Purl Gurl
--
Purl Gurl Net, Delivering Rock N Roll And Fun
At Two Megabits Per Second
http://www.purlgurl.net/
 
Reply With Quote
 
Hairy One Kenobi
Guest
Posts: n/a
 
      06-16-2004
"Purl Gurl" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...

> Another option, which is more challenging for you because
> you appear to using a less powerful NT5 system, is to
> boot to MSDOS, and delete it from there. This _always_
> works. However, if you are running NT5, this is Win2K,
> XP and others, you have a problem. NT5 is really stripped
> down and rather impotent; you cannot boot to MSDOS.
>
> Surprise! Your system is nowhere near as powerful as claimed.


(Cough)

Next up - why you should replace your multiprocessor RISC and Wintel boxes
with a "more powerful" 1MHz Z80 running CP/M

;o)

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Advertisments