Rem36.exe

Discussion in 'Computer Security' started by GhostMaster, Jun 15, 2004.

  1. GhostMaster

    GhostMaster Guest

    Friend said that Norton scan said she should delete this file:

    C:\Documents and Settings\Owner\LocalSettings\Temp\Rem36.exe

    she clicked delete but then Norton said they could not delete it and then
    she tried to quarantine it and it would not let her do that either.
    then she put in search on the computer and she found the file and it would
    not
    let her delete it either.

    I Did a google search and found nothing.
    Can someone tell me what this is, and how to get rid of it?
    GhostMaster, Jun 15, 2004
    #1
    1. Advertising

  2. GhostMaster

    Purl Gurl Guest

    GhostMaster wrote:

    > Friend said that Norton scan said she should delete this file:


    > C:\Documents and Settings\Owner\LocalSettings\Temp\Rem36.exe


    Do _not_ reboot this machine. I will explain why in closing.

    Right off, you or your "friend" need to ascertain why Norton
    popped an alert on this, along with making note of what
    virus name or trojan name is given to this file.

    Do not fail to determine why Norton popped an alert.

    Once you have this information, then research the Norton
    site or similar sites, to locate a removal tool. Norton,
    McAfee, others, probably offer a small removal tool for
    this specific infection, if it is actually an infection.

    Use of a removal tool is critical. A removal tool will
    remove not only this file but any others associated
    with it, restore your registry and repair any malicious
    changes made to your virus scanner.

    Be sure it is an infection before deleting any files.

    > she clicked delete but then Norton said they could not delete it and then
    > she tried to quarantine it and it would not let her do that either.
    > then she put in search on the computer and she found the file and it would
    > not let her delete it either.


    That behavior is highly symptomatic of a virus infection.

    There are a number of choices, but first be sure you are
    dealing with a true infection and not a file which creates
    a false positive. Most likely an infection, but be sure.

    Best option, a removal tool.

    A quick and easy option, which may or may not work, is to
    locate the file, highlight, right click, select "properties"
    and uncheck "system" and "hidden" properties. Then try to
    delete this file. If you cannot delete it, odds are almost
    one-hundred percent it is an infected file which has made
    use of Microsoft proprietary coding to prevent deletion.

    Another option, which is more challenging for you because
    you appear to using a less powerful NT5 system, is to
    boot to MSDOS, and delete it from there. This _always_
    works. However, if you are running NT5, this is Win2K,
    XP and others, you have a problem. NT5 is really stripped
    down and rather impotent; you cannot boot to MSDOS.

    Surprise! Your system is nowhere near as powerful as claimed.

    What you can do is have a friend with a significantly
    more powerful system, such as Win3.x or Win9.x, create
    a floppy disk which will boot you to MSDOS. You can
    also download a MSDOS boot disk from the internet.

    Another challenge is you will need to learn just a little
    bit of MSDOS command line calls to do this. Very easy but
    requires you to learn, what you should already know. You
    may also have to learn how to MSDOS address directory
    names which have spaces or long names, and directory names
    should absolutely never have spaces in them nor exceed
    eight characters in length, plus three for file extensions.

    Yet another challenge is you still have to find any
    associated files, discover what damage was done to
    your virus scanner, and figure how to repair your
    Windows registry, if needed.

    Don't forget to inspect your startup folder.

    Kinda places you in a pinch, yes? Kinda makes you wish
    you stuck with Win98 or Linux.

    Best bet, discover the name of the infection and locate
    a removal tool designed specifically for that infection.
    Actually, for NT5, that is your only viable option.

    Do not reboot this machine unless you are prepared to boot
    to MSDOS. Many virus infections will cause your machine
    to not boot, and you will not discover this until you
    try to boot up. Other viruses, will wipe your bios on
    reboot or destroy your drive partitions. Be prepared
    for this consequence with an emergency boot disk which
    will allow you to boot, reformat and install your OS.

    Do not install your OS over an infected OS; waste of time.

    Copy critical files to a secondary drive, if you feel
    this is needed. However, do not transfer your infection
    to your secondary drive! Has your friend scanned other
    drives to discover if they are infected, as well?

    If on a LAN, chances are pretty good all LAN machines
    are now infected.

    Scary, huh?

    Before going delete crazy, be sure it is an infection.

    Incidently, how did this probable virus get past Norton?


    Purl Gurl
    --
    Play Poker! Play Blackjack!
    http://www.purlgurl.net/~callgirl/android/poker.cgi
    http://www.purlgurl.net/~callgirl/android/blakjack.cgi
    Purl Gurl, Jun 15, 2004
    #2
    1. Advertising

  3. Boot into safe mode, delete the entire contents of c:\Documents and
    Settings\Owner\LocalSettings\Temp\

    -L
    Locke Nash Cole, Jun 15, 2004
    #3
  4. GhostMaster

    GhostMaster Guest

    Purl Gurl wrote:
    : GhostMaster wrote:
    :
    :: Friend said that Norton scan said she should delete this file:
    :
    :: C:\Documents and Settings\Owner\LocalSettings\Temp\Rem36.exe
    :
    : Do _not_ reboot this machine. I will explain why in closing.
    :
    : Right off, you or your "friend" need to ascertain why Norton
    : popped an alert on this, along with making note of what
    : virus name or trojan name is given to this file.
    :
    : Do not fail to determine why Norton popped an alert.
    :
    : Once you have this information, then research the Norton
    : site or similar sites, to locate a removal tool. Norton,
    : McAfee, others, probably offer a small removal tool for
    : this specific infection, if it is actually an infection.
    :
    : Use of a removal tool is critical. A removal tool will
    : remove not only this file but any others associated
    : with it, restore your registry and repair any malicious
    : changes made to your virus scanner.
    :
    : Be sure it is an infection before deleting any files.
    :
    :: she clicked delete but then Norton said they could not delete it and
    :: then she tried to quarantine it and it would not let her do that
    :: either. then she put in search on the computer and she found the
    :: file and it would not let her delete it either.
    :
    : That behavior is highly symptomatic of a virus infection.
    :
    : There are a number of choices, but first be sure you are
    : dealing with a true infection and not a file which creates
    : a false positive. Most likely an infection, but be sure.
    :
    : Best option, a removal tool.
    :
    : A quick and easy option, which may or may not work, is to
    : locate the file, highlight, right click, select "properties"
    : and uncheck "system" and "hidden" properties. Then try to
    : delete this file. If you cannot delete it, odds are almost
    : one-hundred percent it is an infected file which has made
    : use of Microsoft proprietary coding to prevent deletion.
    :
    : Another option, which is more challenging for you because
    : you appear to using a less powerful NT5 system, is to
    : boot to MSDOS, and delete it from there. This _always_
    : works. However, if you are running NT5, this is Win2K,
    : XP and others, you have a problem. NT5 is really stripped
    : down and rather impotent; you cannot boot to MSDOS.
    :
    : Surprise! Your system is nowhere near as powerful as claimed.
    :
    : What you can do is have a friend with a significantly
    : more powerful system, such as Win3.x or Win9.x, create
    : a floppy disk which will boot you to MSDOS. You can
    : also download a MSDOS boot disk from the internet.
    :
    : Another challenge is you will need to learn just a little
    : bit of MSDOS command line calls to do this. Very easy but
    : requires you to learn, what you should already know. You
    : may also have to learn how to MSDOS address directory
    : names which have spaces or long names, and directory names
    : should absolutely never have spaces in them nor exceed
    : eight characters in length, plus three for file extensions.
    :
    : Yet another challenge is you still have to find any
    : associated files, discover what damage was done to
    : your virus scanner, and figure how to repair your
    : Windows registry, if needed.
    :
    : Don't forget to inspect your startup folder.
    :
    : Kinda places you in a pinch, yes? Kinda makes you wish
    : you stuck with Win98 or Linux.
    :
    : Best bet, discover the name of the infection and locate
    : a removal tool designed specifically for that infection.
    : Actually, for NT5, that is your only viable option.
    :
    : Do not reboot this machine unless you are prepared to boot
    : to MSDOS. Many virus infections will cause your machine
    : to not boot, and you will not discover this until you
    : try to boot up. Other viruses, will wipe your bios on
    : reboot or destroy your drive partitions. Be prepared
    : for this consequence with an emergency boot disk which
    : will allow you to boot, reformat and install your OS.
    :
    : Do not install your OS over an infected OS; waste of time.
    :
    : Copy critical files to a secondary drive, if you feel
    : this is needed. However, do not transfer your infection
    : to your secondary drive! Has your friend scanned other
    : drives to discover if they are infected, as well?
    :
    : If on a LAN, chances are pretty good all LAN machines
    : are now infected.
    :
    : Scary, huh?
    :
    : Before going delete crazy, be sure it is an infection.
    :
    : Incidently, how did this probable virus get past Norton?
    :
    :
    : Purl Gurl

    I can't find anything on this. I don't know but maybe this is something
    very new in the wild?
    I am waiting for her to get back in touch with me. She has a webtv and PC
    box.
    I need to know what OS she has cause I don't know what she has. I have
    gone to three virus dictionaries
    and none of them have info on this. I did email her and told her not to
    shut the computer down or reboot it till
    it can be figured out. She is a newbie so working in MSDOS is out I
    believe. She hasn't had her pc but a couple months. For now I believe I
    will have her check her firewall to see if it's listed as a program there so
    she can block it hopefully. I think she is either using ZoneAlarm or
    Norton's firewall. I am hoping this is a false positive.
    GhostMaster, Jun 15, 2004
    #4
  5. GhostMaster

    Purl Gurl Guest

    GhostMaster wrote:

    > Purl Gurl wrote:
    > : GhostMaster wrote:


    > :: Friend said that Norton scan said she should delete this file:


    > :: C:\Documents and Settings\Owner\LocalSettings\Temp\Rem36.exe



    > I can't find anything on this. I don't know but maybe this is something
    > very new in the wild?


    Nor can I. Tried a search on rem36 and variations but turned
    up nothing related. If an infection, chances are good this
    is a random file name.

    You do provide a lot of evidence which points to an infection.
    Surprising your friend did not notice any odd behavior. Perhaps
    this is not an infection but rather a backdoor or spyware.

    Usually, virus scanners will not catch spyware. Perhaps her
    Norton is recent enough to incorporate spyware scanning.
    I am not well versed in recent releases.

    She really should have someone versed in these type of problems
    sit down with her and examine her machine. I would encourage
    her to not reboot, to not run any programs and to unplug her
    system from the net until this is resolved. Have her machine
    just sit there idle until resolved; any action could activate
    whatever is sitting there, waiting.

    She really needs someone there to help who knows what to
    do and what not to do; a bombsquad specialist who is
    comfortable walking on rice paper.


    Purl Gurl
    --
    Purl Gurl Net, Delivering Rock N Roll And Fun
    At Two Megabits Per Second
    http://www.purlgurl.net/
    Purl Gurl, Jun 15, 2004
    #5
  6. GhostMaster

    GhostMaster Guest

    Purl Gurl wrote:
    : GhostMaster wrote:
    :
    :: Purl Gurl wrote:
    ::: GhostMaster wrote:
    :
    :::: Friend said that Norton scan said she should delete this file:
    :
    :::: C:\Documents and Settings\Owner\LocalSettings\Temp\Rem36.exe
    :
    :
    :: I can't find anything on this. I don't know but maybe this is
    :: something very new in the wild?
    :
    : Nor can I. Tried a search on rem36 and variations but turned
    : up nothing related. If an infection, chances are good this
    : is a random file name.
    :
    : You do provide a lot of evidence which points to an infection.
    : Surprising your friend did not notice any odd behavior. Perhaps
    : this is not an infection but rather a backdoor or spyware.
    :
    : Usually, virus scanners will not catch spyware. Perhaps her
    : Norton is recent enough to incorporate spyware scanning.
    : I am not well versed in recent releases.
    :
    : She really should have someone versed in these type of problems
    : sit down with her and examine her machine. I would encourage
    : her to not reboot, to not run any programs and to unplug her
    : system from the net until this is resolved. Have her machine
    : just sit there idle until resolved; any action could activate
    : whatever is sitting there, waiting.
    :
    : She really needs someone there to help who knows what to
    : do and what not to do; a bombsquad specialist who is
    : comfortable walking on rice paper.
    :
    :
    : Purl Gurl

    Thanks everyone so far the name of this is called adware.lop
    However adaware wont remove this. Any suggestions?

    Adaware found this file but would not do a thing to it.
    That file is:

    C:\Programfiles\aim\sysfiles\aimwdinstall.exe

    This is in AIM I believe this is a messenger program. I don't use messenger
    programs
    So is this a valid app or false positive or is this a true adware BS that
    needs to go?
    Does AIM have ads?
    GhostMaster, Jun 15, 2004
    #6
  7. GhostMaster

    Purl Gurl Guest

    GhostMaster wrote:

    > Purl Gurl wrote:
    > : GhostMaster wrote:
    > :: Purl Gurl wrote:
    > ::: GhostMaster wrote:


    > :::: Friend said that Norton scan said she should delete this file:


    > :::: C:\Documents and Settings\Owner\LocalSettings\Temp\Rem36.exe


    > :: I can't find anything on this. I don't know but maybe this is
    > :: something very new in the wild?


    > : Nor can I. Tried a search on rem36 and variations but turned
    > : up nothing related. If an infection, chances are good this
    > : is a random file name.


    > : You do provide a lot of evidence which points to an infection.


    > Thanks everyone so far the name of this is called adware.lop
    > However adaware wont remove this. Any suggestions?


    Appears she is safe from having her machine turned
    into an Etch-A-Sketch.

    However, you still need to associate rem36.exe with this
    adware garbage. You need to be sure it is related to the
    adware and not a different infection.

    Here are instructions for removal of the adware:

    http://sarc.com/avcenter/venc/data/adware.lop.html

    There are some risks involved. You might check McAfee
    to determine if they have a removal program.

    Please be sure rem36.exe is associated with the adware,
    or is a separate infection, or is a needed system file
    which generates a false positive.

    Also note your friend either installed this adware,
    or it was installed by another program. Removal of
    the adware does not guarantee it will not appear
    again on reboot.

    Did she install a task bar or search bar for her browser?

    Gather up all your loose ends before doing anything.

    Why this adware cannot be deleted is it is an active
    running program. Try,

    Ctrl Alt Del (Control key Alternate key Delete key)

    Which should pop up your task manager and allow you
    to turn off the adware. Then you can delete, maybe.


    > Adaware found this file but would not do a thing to it.
    > That file is:


    > C:\Programfiles\aim\sysfiles\aimwdinstall.exe


    Pffttt... that is F'n America Online Instant Messenger,
    which is bundled with Windows, along with a lot of
    other garbage.

    Move into her Control Panel, add/remove programs. You
    should be able to remove it from there.

    Double check on this. Be sure "AIM" actually is the
    AOL instant messenger. Should be, but you never know.


    Again, be sure rem36.exe and the adware, are associated.
    You may have a virus infection AND adware on the system.


    Purl Gurl
    --
    Purl Gurl Net, Delivering Rock N Roll And Fun
    At Two Megabits Per Second
    http://www.purlgurl.net/
    Purl Gurl, Jun 15, 2004
    #7
  8. "Purl Gurl" <> wrote in message
    news:...

    > Another option, which is more challenging for you because
    > you appear to using a less powerful NT5 system, is to
    > boot to MSDOS, and delete it from there. This _always_
    > works. However, if you are running NT5, this is Win2K,
    > XP and others, you have a problem. NT5 is really stripped
    > down and rather impotent; you cannot boot to MSDOS.
    >
    > Surprise! Your system is nowhere near as powerful as claimed.


    (Cough)

    Next up - why you should replace your multiprocessor RISC and Wintel boxes
    with a "more powerful" 1MHz Z80 running CP/M

    ;o)

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
    Hairy One Kenobi, Jun 16, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. \Oldschool\ Scotty Flamingo

    What are spoolsv.exe and svchost.exe?

    \Oldschool\ Scotty Flamingo, Oct 10, 2003, in forum: Computer Support
    Replies:
    4
    Views:
    2,978
  2. gary

    QUICKEN.EXE & others with EXE

    gary, Jan 18, 2004, in forum: Computer Support
    Replies:
    12
    Views:
    907
    William Poaster
    Jan 19, 2004
  3. Mike

    ABOARD.EXE and AOSD.EXE

    Mike, Feb 22, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    3,934
    lightning_b0lt
    Feb 24, 2004
  4. Bun Mui
    Replies:
    3
    Views:
    8,105
    Duane Arnold
    Apr 30, 2004
  5. Gameface

    Strange files - avserve2.exe & xaeulrzu.exe

    Gameface, Jun 24, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    437
    ┬░Mike┬░
    Jun 24, 2004
Loading...

Share This Page