Jump to content

Featured Replies

Posted

I have a spyware program called tvm.exe installed on my machine and i cant delete it. There is no uninstall option (obviously), i cant delete the file as its currently in use. Whenever i delete the registry entry that launches the exe at startup, the running exe puts it back in before i get the chance to close the exe.

 

The drive is NTFS so i cant boot from floppy, i have tried downloading a NTFS boot floppy which allows me to do a number of stuff, except delete files! Argh!!!

 

Could someone pls give me some ideas?

You might try one of the alternate step-by-step boot modes, that might give you the option to cancel it. You might also try booting to safe mode, which might prevent the startup list from running at all.

-The Gavster

Three students died that year at the academy; one was executed, one was killed in a training accident, and one died of natural causes, for a knife to back will naturally kill anyone. -RA Salvatore

 

Like to IRC? Try http://irc.randomirc.com

  • Author
I have already tried them. The only way i can think of, is removing the hard-drive and taking it into work to install it as a slave, then removing it from there. But that seems to be a lot of effort for something which doesnt actually cause me any problems - and just uses a little processing power. I just hate the idea of having something on my pc that i have no control over.
  • Author

There is no process called TVM.exe running at any point, and i cant see any other process that looks out of place - any i am not sure about i have been looking up.

 

I have even wrote my own VB program that returns a list of processes just incase task manager cant show it for some reason.

I was infected with the TV MEDIA/tvm.exe hijacker, and because my computer is 2000 professional, for some reason I could not get into SAFE mode. So I went into COMMAND PROMPT mode by hitting START, ACCESSORIES, COMMAND PROMPT. Then I used the commands to change the directory to C: program files\tv media. Then I clicked ctl-alt-del and selected PROCESSES, then EXPLORER, and stopped it. I then went back to the command prompt and was able to erase the tvm.exe and its DLLs. (If you don't know how to use the commands, hit START, then HELP, then enter commands and hit LIST OF COMMANDS. They are basically DOS commands.)

 

Then I rebooted, ran HIJACK THIS to remove the R3 URLSearchHook, then ran Startup Inspector and deleted the TV media entries. Then I went into the Program files directory and deleted the TV Media directory.

 

Rebooted, and it was gone! Everything seems to be working ok now.

 

Hope this helps

  • Author

Thanks. You actually stopped explorer? Didnt think about that will try it tonight when i get home.

 

Will let you know how i get on. I use XP, which tends to restart explorer, but i will give it ago.

 

Alternatively i will write a new windows shell, boot to that THEN remove the exe, before setting back to the original Windows shell.

-Any excuse to dig out .net and knock something up :)

  • 3 weeks later...

I'm running Window XP SP2 and had the same problem: Could not remove the TV Media folder because it was being used by another program or person. I used the following procedure to correct the problem:

 

1. Open the Task Mananger and under the Processes tab find and remove Explorer.exe

2. Still using Task Manager hit the New Task... button under the Applications tab.

3. Write cmd and hit OK to open a DOS command window.

4. Navigate to the "Programs Folder" using cd \ and cd program files

5. Delete the TV Media folder using the command del "tv media" (must use the quotation marks) and then remove the folder using rd "tv media"

6. Finally to restart the computer use the command shutdown -s :)

Hi there...I have the same exact problem with TVM.exe. I'm running Windows XP, and I tried deleting it using Pingv's advice. It worked for the most part, except that it wouldn't delete the "TvmBho.dll" and "TvmCore.dll" files. It said that access was denied. What should I do?

Thanks Pingv. Your method of removing TV Media files...Tvm.exe, etc. worked for me.

System: Windows xp SP1

 

Note: In Addition to Pingv's method, you may also want to remove the TV Media entries from Windows Registry, although they are probably no big deal since the Tvm.exe is now deleted. I used "Vilme Registry Explorer", downloaded from http://www.vsft.com. It's pretty good, I think.

 

Delete The Following (or similar entries) which launch Tvm.exe at the boot of your computer (you can't delete them until after Tvm.exe is deleted using Pingv's method):

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TV Media\C:\Program Files\TV Media\Tvm.exe

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TV Media\C:\Program Files\TV Media\Tvm.exe

 

HKEY_USERS\S-(a very big number, I omitted)\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TV Media\C:\Program Files\TV Media\Tvm.exe

 

Sept 10, 2004, about 12 days, Since I Removed TV Media, Still fine.

 

Some Investigation:

How did this TV Media app get installed on our computers?

If anyone has any info, please post.

I am a programmer and I studied the .exe and .dll's and found they are online apps, theoretically capable of reading or writing to any file on your computer, transferring data online using MS winsock TCP functions, and could download and install and run other apps, invisibly. It should be a crime.

I also found these links:

 

http: // ads.centralmedia.ws/runner.htm

www .totalvelocity.com

 

centralmedia.ws is registered to:

 

Central Media

11301 West Olympic Blvd, #554

Los Angeles, CA 90064

Phone: +1.0000000000

Email: postmaster @ centralmedia.ws

 

totalvelocity.com is registered to:

 

Total Velocity

11301 West Olympic Blvd, #554

Los Angeles, California 90064

Phone: 213-947-1000

 

I am not sure if this address is for real.

I was infected with the TV MEDIA/tvm.exe hijacker, and because my computer is 2000 professional, for some reason I could not get into SAFE mode. So I went into COMMAND PROMPT mode by hitting START, ACCESSORIES, COMMAND PROMPT. Then I used the commands to change the directory to C: program files\tv media. Then I clicked ctl-alt-del and selected PROCESSES, then EXPLORER, and stopped it. I then went back to the command prompt and was able to erase the tvm.exe and its DLLs. (If you don't know how to use the commands, hit START, then HELP, then enter commands and hit LIST OF COMMANDS. They are basically DOS commands.)

 

Then I rebooted, Then I went into the Program files directory and deleted the TV Media directory.

 

Rebooted, and it was gone! Everything seems to be working ok now.

 

try this out it may help

  • 2 weeks later...

Mike, you asked for evidence of where users were infected with tvm malware. In my case, it was on Riddler.com, playing Doubletake.

 

Riddler used to be a good game site a long time ago, but I will not be going back there.

 

PS: Spyhunter does not detect tvm.exe, TV Media, whatever you want to call it. I knew I had picked up something at the time -- 7/22/04 -- but I just found out what it was this evening, finally.

  • 2 weeks later...
Some Investigation:

How did this TV Media app get installed on our computers?

If anyone has any info, please post.

I am a programmer and I studied the .exe and .dll's and found they are online apps, theoretically capable of reading or writing to any file on your computer, transferring data online using MS winsock TCP functions, and could download and install and run other apps, invisibly. It should be a crime.

I also found these links:

 

 

I think tvm got installed on my system by Download Accelerator Plus (DAP) from speedbit (http://www.speedbit.com). It used to be a great Download manager(before anyone else had them). All it ever did was show adverts. The newest version seems to install about 6 or 7 spyware/adware/crapware programs.

 

I am using spybot S&D, ad-aware, and bazooka to work on removing them

 

jon

  • Author

Never use download accelerator - it cant work by default! Just misleading crap.

 

I think i got mine off DVD Copy or something similar with that name. I found that whenever i deleted the registry entries, they were recreated straight away. In the end i used the good old DOS program 'Replace' to replace the exe with some other random file, and that worked. After the next reboot i could delete the other files and registry entries with no problems.

Guest
Reply to this topic...