MalWare in Temp Folder - Removal

  trisonic 18:27 26 Oct 2005


In my C:\Docs and Settings\fj\Local Settings\Temp
are several files that will not go away.
One is in a subfolder of Temp\40000010c00069dd890027\hs.exe
I am unable to remove this programme and dont know what it does. Have tried booting into MS-DOS and deleting it, which it does, but then it reappears when i start Windows.
Other files now appearing
Folders :- VGA1, VGA2
Files: ~DF3EF2.TMP

Running WIN XP Home. Have NOD32 Anti virus, Zone Alarm, Adaware, Spybot all are updated regularly sometimes daily.
Have tried the Clean Sweep programme also Hijack This, Microsoft Antispyware and Ewido Security Suite. None of these programmes find anything wrong. hs.exe is 5kb long.
A search at Google has produced one other person with hs.exe resident at the same location but the method recommended to get rid of it did not work with me. I can delete some of the other files and the VGA folders, but they come back when I reboot.
Any help appreciated


  stalion 19:27 26 Oct 2005

try a scan with a2 and a cleanup with cc cleaner
click here
click here

  trisonic 08:45 27 Oct 2005

Neither worked, files still there. CC recognised them but after pressing Clean it did not delete them. My gut feeling is that they are something to do with Microsoft SP2 as they appeared after I installed that. Looks like a reformat job, what a pain. Thanks for the help


  Taff36 09:03 27 Oct 2005

I think you may have something nasty on the computer and I suggest you run HijackThis click here and post a log here click here

Do Not attempt to remove anything without expert advice. Give the Malware Forum a brief description of your problem as you have here.

Incidentally Killbox is a useful facility for removing those stubborn files click here but I recommend you seek advice from the specialists first. You may recognise one or two familiar names on that forum by the way.

  PaulB2005 09:04 27 Oct 2005

If it's just a handful of files then why re-format?

What problem are they causing exactly?

Submit the hs.exe to

click here

click here

click here

and see if they are malicious.

  Confab 09:32 27 Oct 2005

Try the CC in safe mode.


  trisonic 15:51 27 Oct 2005

I have managed to solve the problem, though it took a little time ;)

The problem was a programme called History Sweep which creates the Temp folder mentioned in my first posting, then adds dozens of files on a daily basis without deleting them.

The ONLY software that got rid of it IN SAFE MODE was SmitRem from click here its free and only works in Safe Mode.

However when I rebooted into Normal Windows after using it, the programme reappeared along with a few more files.

What followed was a long process of using MSCONFIG and disabling all the programmes in the StartUp menu, then one by one enabling them to find the culprit, needless to say it was one of the last ones.

Having deleted it I still had to clear it out of the Registry which was straightforward :))

Thanks for your responses and suggestions


  trisonic 16:03 27 Oct 2005

This is the correct file and path for smitRem, I recommend it for getting rid of difficult files.

Programme: smitRem.exe



This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Dell XPS 13 9370 (2018) review

Creative studio Omnibus' brand identity for We Said Enough, a non-profit against sexual misconduct

What to ask Siri on the HomePod

Meilleurs VPN (2018)