Help identifying entries

[titilucky]

Windows XP
Mozilla Firefox

My AV showed the following entries, which I would like to identify and remove, if necessary:

ACS DB Updater
ACS Uninstall
A-NSISu.exe
4148.921a Client V
GLJ20.tmp
GLJ4.tmp
INS6.tmp
LSA Shell Export V
Set1E.tmp, Set21.tmp, Set20.tmp, Set30.tmp, Set31.tmp, Set32.tmp, Set33.tmp
wmint.exe

I googled them but most of the info I get is in another language.  Can you help?  I'm afraid some may be to no good.  :-?  If bad files, how can I get rid of them?

Thanks.

[Xeratul]

Well the .tmp files are temporary files which to the best of my knowledge can be deleted. Although don't take my word for it.

Try using this site. http://whatisthatfile.com/ It can be used to shed light on strange files.

[Flame]

Very strange... We're looking into it  :-/  I'm having a hard time finding good results as well...

Flame

[Backdated]

I suspect a Sasser variant, a trojan downloader or two and a couple of other items of malware are involved.
Carry out the procedures listed [highlight]in this post[/highlight] and post a Hijackthis logfile here when done.
If possible, zip the logfile and attach it rather than post it.

[titilucky]

Been cleaning my PC as instructed and up-to-now all is negative.  I also reinstalled my Firewall (ZA) and the entries disappeared, the only one remaining is  GLJ14.tmp which you told me might be a temporary file.  

Only two things I need help with now, (1) how to work with IE-SpyAd, and (2) how to zip a file so I can send you my HJT log.  Any help will be appreciated.  Thanks a lot!  

[Backdated]

That temp file is possibly a trojan downloader family member. Use CCleaner and set it to delete all temp files without waiting for the specified time before running it.

There's a tutorial and explanation of IE-SpyAD [highlight]here[/highlight] and the application itself should be downloaded from it's [highlight]new residence[/highlight] at SpywareWarrior. I'll update all links to it now!

The most popular Zip program has to be [highlight]WinZip[/highlight]. Although it's never been freeware, the shareware version has, up until now at least, never expired and always remained useable.
To archive files, either use it's GUI or the Windows Explorer right click context menu, where, after installation you'll see a Winzip "group" entry. In the attached example, aspi.log is being added to the currently empty aspi.zip archive. You would do the same with hijackthis.log and then attach hijackthis.zip to your post.

[highlight]WinRaR[/highlight] is also a very useful archiving tool which is compatible with Winzip. Again' it's available as a shareware product that, to my knowledge, never expires.

The free open source 7Zip is available [highlight]here[/highlight] but it's default is not wholly compatible with Winzip.

[Backdated]

Sorry, but it seems that there are no more attachments until admin has had a cleaning spree:


You're going to have to post your logfile in sequential blocks of <=5500 characters. If you have some (Free ISP based perhaps?) web space you could upload the logfile there and link to it. Change the .log extension to .txt to ensure compatibility.

[titilucky]

Hi!  Thanks a lot for all your help!  It seems I cleaned the PC and all I have to do is send you my HJT log to see if anything has to be removed; however, I hit a snag.  I do have web space from my ISP but all I've is a blank page, I have to create the page and I don't have an idea on how to do it; in other words, I cannot up/d because I don't know how to do it.  Will I impose on you if I ask for some suggestions?  Thanks.  

[Backdated]

I think you can now post attachments again so you should be OK.

Regarding webspace, many providers demand that webspace is activated and that an HTML file called index.htm or index.html is uploaded before anything else can be achieved. If this is ISP provided webspace, much depends upon which ISP you use so without further info, it's not really possible to advise. By and large though, if it's just a bit of storage space you're after, it's pretty simple to set up and use.
Your "free" webspace can be very useful indeed for storing files and pictures etc or indeed, Hijackthis logfiles. And, as it's free, why not take advantage of it? If you're interested, it may be wise to start a new thread on this in the relevant forum section but have a look at your ISP support area first.