1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

010101.dat 250MB file - kazaa?

Discussion in 'All Other Software' started by DanteG, Sep 19, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. DanteG

    DanteG Thread Starter

    Joined:
    Sep 19, 2003
    Messages:
    7
    Hi,

    I have found this large file which is constatly on my PC, and I think it may be used by kazaa for caching files but I'm not sure. Does anyone know what it is and if it is safe to delete?

    Thanks,

    DG
     
  2. RSM123

    RSM123

    Joined:
    Aug 1, 2002
    Messages:
    5,531
    Do you have a fileneme ? Have you checked file properties ?
     
  3. DanteG

    DanteG Thread Starter

    Joined:
    Sep 19, 2003
    Messages:
    7
    Hi,

    Yes, the file name is 010101.dat. Properties: Created 15 July 2003, Modified 15 July 2003, Size 269MB.

    If you use Kazaa, do a search on your hard drive to see if you have the same file.

    Thanks,

    DG
     
  4. RSM123

    RSM123

    Joined:
    Aug 1, 2002
    Messages:
    5,531
  5. RSM123

    RSM123

    Joined:
    Aug 1, 2002
    Messages:
    5,531
    Also - are you using regular Kazaa or Kazaalite ?

    If you're using Kazaa then get rid of it and install Kazaalite. In case you haven't read the many related threads here Kazaa is full of junk spyware. Kazaalite is free of such impedients.
     
  6. Topkat

    Topkat

    Joined:
    Aug 10, 2003
    Messages:
    401
  7. DanteG

    DanteG Thread Starter

    Joined:
    Sep 19, 2003
    Messages:
    7
    I used to use Kazaa but switched to Kazaa Lite a while back because of the Spyware. That link you gave me to computing.net was actually my thread - I asked on that forum a few weeks ago but no-one could tell me if it is definately a Kazaa file and whether it is ok to delete it. But thanks for looking for me anyway - I appreciate it.

    DG
     
  8. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Kazaa uses .dat files to store partial downloads. Its probably a file your in the process of downloading.
     
  9. Sancho

    Sancho

    Joined:
    May 20, 2003
    Messages:
    116
    brendandonhu is right. all DAT files from Kazzaa are files that never finished downloading. If you are in the process of downloading something named similar keep it. If you canceled a download a long time ago, that file is gonna sit there and take up space, so just trash it.
     
  10. Topkat

    Topkat

    Joined:
    Aug 10, 2003
    Messages:
    401
    Hate to be the one that bears possibly bad tidings, but if this link is correct then you have been infected with a worm on the Kazaa network called: Win32/HLLP.Hantaner

    http://www.rav.ro/virus/showvirus.php?v=140
    go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents to the forum.

    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.
     
  11. DanteG

    DanteG Thread Starter

    Joined:
    Sep 19, 2003
    Messages:
    7
    Ok, now I am really worried. I searched for the Hanta file, which I found in my Windows folder along with the 010101.dat file. I ran Hijack this! (the scan only lasted about a second, is that normal?) and here are the results of the log file:

    Logfile of HijackThis v1.97.2
    Scan saved at 13:24:28, on 20/09/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\PDESK.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\RSRCMTR.EXE
    C:\PROGRAM FILES\DIGIGUIDE\CLIENT01.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY\KBDTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\EDONKEY2000\EDONKEY2000.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\MY DOCUMENTS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.hotsearchbox.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ign.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://cgi1.ebay.co.uk/aw-cgi/ebayISAPI.dll?MyeBayItemsBiddingOn&userid=sjigga&pass=default&first=N&dayssince=2&ssPageName=MerchOff"); (C:\Program Files\Netscape\Users\simon\prefs.js)
    O2 - BHO: (no name) - {F8A53FBE-5846-11D2-A022-006097D2400E} - (no file)
    O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\PROGRAM FILES\REGETDX\IEBAR.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - Startup: DigiGuide (2).lnk = C:\Program Files\DigiGuide\client.exe
    O4 - Startup: Resource Meter (2).lnk = C:\WINDOWS\RSRCMTR.EXE
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: IE Zoom &In - C:\PROGRAM FILES\IE ZOOMER\IE Zoom In.htm
    O8 - Extra context menu item: IE Zoom O&ut - C:\PROGRAM FILES\IE ZOOMER\IE Zoom Out.htm
    O8 - Extra context menu item: Open in IE &Zoomer - C:\PROGRAM FILES\IE ZOOMER\Open in IE Zoomer.htm
    O8 - Extra context menu item: IE Zoomer Help... - C:\PROGRAM FILES\IE ZOOMER\IE Zoomer Help.htm
    O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\PROGRAM FILES\COMMON FILES\REGET SHARED\CC_All.htm
    O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\PROGRAM FILES\COMMON FILES\REGET SHARED\CC_Link.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .cryp: C:\PROGRA~1\INTERN~1\PLUGINS\Npcl32.dll
    O12 - Plugin for .AVI: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npavi32.dll
    O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
    O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.fhm.com/girls/zoomify/download/zoomify138.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installfromtheweb.com/install/iftwclix.cab
    O16 - DPF: {3EDED642-E3C9-4E12-9883-9899820EEC3C} (DMPlayerX Control) - http://www.digimask.com/digimaskfun/pages/DMPlayerX.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

    I dont have a clue to what any of this means, but I would really appreciate your advice. I won't be able to sleep now until I can get this worm removed.

    Thanks,

    DG
     
  12. bluecast

    bluecast

    Joined:
    Aug 11, 2003
    Messages:
    221
    If you don't think you need it, you can delete it.

    I think you should delete it because look:

    When downloading in KaZaA or KaZaA Lite, the temporary download .DAT files are named something like

    download107583173.dat

    not

    010101.dat
     
  13. DanteG

    DanteG Thread Starter

    Joined:
    Sep 19, 2003
    Messages:
    7
    Hey Bluecast,

    Thanks for the advice but Topkat has pointed out that this is a worm, so I want to remove it properly and safely. Also, Kazaa .dat files used for temp downloads are actually stored in your download folder, whereas the 010101.dat file is in my Windows folder.

    I have posted that HijackThis! log file as he instructed and am awaiting further assistance from anyone kind enough to help.

    DG
     
  14. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Deleting the 2 files you have mentioned and scanning with an update antivirus should be able to clear this up.
     
  15. DanteG

    DanteG Thread Starter

    Joined:
    Sep 19, 2003
    Messages:
    7
    Do you think so? I am no expert, but is it not possible that this worm may have effected the registry or something like that?

    Also, I have done a virus scan (Norton) and it was clean. Then I scanned the two files specifically and again it was clean. So Norton, for some reason, does not recognise this worm even with the latest virus definition update.

    I just dont want to delete them thinking that the worm is gone, when in fact it still there. I prefer to wait a little longer to see if anyone has had experience with removing this particular worm. Otherwise I will reluctantly take your advice and have to delete them and see what happens.

    Oh, and if anyone would be kind enough to comment on my HijackThis! log file report, it would be much appreciated as I have no idea what it means (no new problems I hope!).

    Thanks,

    DG
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/166024

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice