11-14-06

Out of disk (disc) space error

tmphp32.inf errors

 

Hello, Eric here with an important notice,

Just want to make everyone aware of a new system exploit that has yet to be defined by Microsoft or any of the Major Security or Spyware software companies.  This script comes in with an attachment and nests itself in your windows INF folder.  This script then executes a small program in your processes called svchost.exe (not to be confused with SVCHOST.EXE which is normal) which then grows until it uses up your available hard drive space with a temporary file.  This script was poorly written and was traceable in it’s entirety so I was able to locate and contain it.  Again this hasn’t been discovered by the big boys yet, but will be reported by me and most likely covered in the next few updates.  Most virus programs will pick-up the malformed nature of the file they just won’t know what it is or what to do with it.  If anyone else is experiencing this same behavior (hard drive filling up) please let me know as soon as possible.  A continued use of good judgment is still the best defense, don’t open anything you don’t expect or recognize, delete it.  In this case the file came from a  reputable site and so it would have been difficult to avoid contracting.  It was most likely submitted to the site and stored as downloadable without their knowledge.  Take care and please forward this to other users and to anyone else who you think may benefit from this kind of info.

 

Technical info for techs to contain activity by this script:

In system processes end the process “svchost.exe”  ß only the lower case one

Locate the “c:\windows\inf” folder and rename “svchost.exe” file to “oldsvchost.exe”

Delete the file “tmphp32….” ß- you can only delete this file after stopping the host process

Rename “wtv32ax” and “wtv32bx” files to “oldwtv32ax” and “oldwtv32bx”

Do not change the “branches” file

 

In time there will be an auto fix tool by one or all of the major Anti-Virus and Anti-Spyware companies that will do the above for you.  This is only a means of containment, use at your own risk, I assume no responsibility for individuals attempting this repair.

 
Main
Home & Office
Networks Plus
Contact Us
Data Center
Links
Support
Virus Alert
About us

|Main| |Home & Office| |Networks Plus| |Contact Us| |Data Center| |Links| |Support| |Virus Alert| |About us|


Copyright 1999-2004. Positive Software Corporation. All rights reserved