General discussion

Locked

Trojan?

By ngen255 ·
Hello, recently when I went to run Windows Media Player, instead of WMP opening, I get a message from Mcafee saying that there are 2 trojans, a ~GLH0001.TMP and a ~GLH0002.tmp. These are both detected as AdClicker-o files, and the application they affect is wmplayer.exe. However, I am unable to take any action with those files. I deleted those files manually, but they just come back. I have d/led and run several trojan scanners, but all have come up with nothing. Also, I get an error message saying that windows couldn't fine C:\Windows\pup.exe. I did some research and found that pup.exe is apparently some part of the trojan which never got installed all the way? I keep getting the error Could Not Execute External Program c:\WINDOWS\pup.exe. Anybody have any suggestions as to what I can do?

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by jschein In reply to Trojan?

re-install latest explorer / media player. Open your registry also and so a search there for pup.exe (exact terms only) and delete any offending lines in there. Reboot.

Collapse -

by ngen255 In reply to

Poster rated this answer.

Collapse -

by TamaraP In reply to Trojan?

If you are running Windows XP turn off system restore,then rerun Mcaffee.

Collapse -

by ngen255 In reply to

Poster rated this answer.

Collapse -

by RCOM In reply to Trojan?

The trojan copies itself to the WINDOWS SYSTEM directory (such as c:\windows\system or c:\WINNT\system32\winpup32.exe) and creates a registry run key to load itself at each system startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "win32app" = C:\WINNT\System32\winpup32.exe
An additional marker registry key is created:
HKEY_LOCAL_MACHINE\SOFTWARE\pup "12212"

You have a variant that is using c:\windows to drop the file. If you don't want to use regedit run msconfig.exe and uncheck pup.exe from the startup menu. As mentioned you need to disable system restore to get rid of the problem. Do a search for *.tmp and delete all files with this extension. Not the folders cause they may have uninstall info that is needed.

Download and run one of the many free tools that get rid of spyware/hack files.

lavasoftusa.com

Collapse -

by ngen255 In reply to

Poster rated this answer.

Collapse -

by ngen255 In reply to Trojan?

This question was closed by the author

Back to Desktop Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums