Cheat Engine

paupav · Posted: Sat Jul 14, 2012 8:15 am Post subject: is DAT297B.tmp.exe system process

because i noticed it is running and uses a lot of ram and lot of processor...
P.S im using win 7

Dark Byte · Posted: Sat Jul 14, 2012 8:22 am Post subject:

it's most likely a backdoor trojan or adware

paupav · Posted: Sat Jul 14, 2012 11:13 am Post subject:

:O ok, thanks. My pc is verry slow and i cant run any flash..

SF · Posted: Sat Jul 14, 2012 12:32 pm Post subject:

You should consider just formatting it.
Oh, and change your passwords to sites you access (Use another PC to do this!)

Hero · Posted: Sat Jul 14, 2012 12:34 pm Post subject:

Its funny that this thread is one of the only 3 results on google for this virus. Just reformat like SF said, its not worth it. Considering it seems like it is unheard of.

paupav · Posted: Sat Jul 14, 2012 3:04 pm Post subject:

SF · Posted: Sat Jul 14, 2012 10:57 pm Post subject:

paupav · Posted: Sun Jul 15, 2012 7:59 am Post subject:

Gniarf · Posted: Sun Jul 15, 2012 9:31 am Post subject:

To be useful to an attacker, an infected file has to be executed even after rebooting, preferably without you noticing it.

In windows registry, check every Run/RunOnce key and look of odd stuff (files with a randomly generated name, names containing tmp,.bat,.com, extensions that are unusual for executables...).
Also check C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup and C:\users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup for similar stuff.

And there is also the possibility that it crazily infected all your .exe files to be sure to be executed. Haven't seen such a virus in 7 years, so dump that as very unlikely and forget it, or run an AV scan if it reassures you.

paupav · Posted: Sun Jul 15, 2012 1:52 pm Post subject:

Gniarf · Posted: Sun Jul 15, 2012 3:02 pm Post subject:

-Datamngr is an adware, remove it. I recommend using Hijackthis and check what they describe here
-facemood. I ain't a fecebook user so idk if you use that one. If you don't wipe this away.
-Imminent.Notifier: dunno if you really wanted it installed, but it can be removed through add/remove programs.
-SweetIM: same as above.

As to why there are remnants of applications you deleted, well, uninstallers are not very thorough. All that matters to guys who write crapbars like sweetIM is that you INSTALL their poop. They don't give a damn about removal.
Normally a CCleaner run should fix that anyway.

Also beware that there are several "Run" keys you should inspect (I had a funny freak once in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run).
If you don't find a reference to "DAT297B.tmp.exe" somewhere, we've got a problem.

paupav · Posted: Sun Jul 15, 2012 3:44 pm Post subject:

Gniarf · Posted: Sun Jul 15, 2012 3:53 pm Post subject:

Whoops, no it ain't http://www.spigot.com/remove-search-settings.html .

But I want a clear answer to that question: did you find a reference to "DAT297B.tmp.exe" in your registry?

paupav · Posted: Mon Jul 16, 2012 4:19 am Post subject:

valent89 · Newbie cheater Reputation: 0 Joined: 12 Jul 2012 Posts: 17

Just format the danm PC. It's less effort to do so after all this. The Windows 7 Key is legit? That's fine too. Now you can download a legit Windows 7 with any version, have to be same as yours of cause, as long as you checked and knew your W7 Genuine Key. Use 'KeyFinder' for that. Use 'Windows 7 USB DVD Download Tool' to burn it into your USB (preferably new one and format it into NTCS first) or DVD for the installation after format. Backup all your personal files: Musics, Videos, Pictures, etc...