PDA

View Full Version : The C:\windows\temp problem from Badtrans



10-01-2002, 03:32 AM
The Other day when I went to the C:\windows\temp folder I found a lot of repeated *.txt files where ' * ' subject of E-mail I had read in Outlook express,
Someone told me this was the result of the badtrans virus, I did a file find for files with the content of the text 'BadTrans' that found files but nothing abnormal, so then I did a search for 'C:\windows\temp' and that found a file in C:\windows called '_delis43.ini'

and here is the content of that file

------------ start of file '_delis43.ini' ------------------------
file0]
main=C:\WINDOWS\TEMP\_INS5176._MP
exeostype=1
alt0=C:\WINDOWS\TEMP\ZDataI51.dll
alt1=C:\WINDOWS\TEMP\_WUTL951.DLL

[file1]
main=C:\WINDOWS\TEMP\_INS0432._MP
exeostype=1
alt0=C:\WINDOWS\TEMP\_INZ0432._MP
alt1=C:\WINDOWS\TEMP\_WUTL95.DLL

[file2]
main=C:\WINDOWS\TEMP\_INS0432._MP
exeostype=1
alt0=C:\WINDOWS\TEMP\_INZ0432._MP
alt1=C:\WINDOWS\TEMP\_WUTL95.DLL

[file3]
main=C:\WINDOWS\TEMP\_INS0432._MP
exeostype=1
alt0=C:\WINDOWS\TEMP\_INZ0432._MP
alt1=C:\WINDOWS\TEMP\_WUTL95.DLL

----------------------- End of File ---------------

Keeping a eye (two in fact) on that folder now, as I use Outlook express , shows that file names come and go but do not remain in there like they used too. In fact right now while I am typing this on Star Office 5.2 there is a folder called ' soffice.tmp '

From Eric

11-01-2002, 10:57 PM
What exactly is the point of this post?

Windows temp directory is a directory which is exactly as it says, a temporary directory. Any program can and does use this directory for temporary storage, and your soffice.tmp directory is a temporary directory being used by StarOffice...

14-01-2002, 05:12 AM
The whole point about this posting is the virus problem, you need to read Ian.