Skip to content

Why donate?

Which type of operating system are you running?

What is prnet.tmp?

prnet.tmp is usually located in the 'C:\WINDOWS\system32\' folder.

If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.

Vendor and version information [?]

prnet.tmp does not have any version or vendor information.

Digital signatures [?]

prnet.tmp is not signed.

Hashes [?]


What will you do with prnet.tmp?

To help other users, please let us know what you will do with prnet.tmp:

What did other users do?

The poll result listed below shows what users chose to do with prnet.tmp. 92% have voted for removal. Based on votes from 37 users.

User vote results: There were 34 votes to remove and 3 votes to keep

NOTE: Please do not use this poll as the only source of input to determine what you will do with prnet.tmp.

Malware or legitimate?

If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.

Please select the option that best describe your thoughts on the information provided on this web page

Free online surveys

And now some shameless self promotion ;)

A screenshot of FreeFixer's scan result.Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/20008/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.

If you have questions, feedback on FreeFixer or the website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.


Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.

I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.

ugeforever writes

1 thumb

Trojan.Virtumonde modifies the Windows Internet connection mechanism and display various pop-up advertisements.

File System Modifications

* The following file was created in the system:

1 %System%\prnet.tmp
35.499 bytes
MD5: 0x60DC1E87D0EB46F39F36AC2BA9106EA6
SHA-1: xC5E34F3DF87FDD34EB993237836E04BCEBE6B6E3
Trojan.Win32.VB [Ikarus]
packed with PE_Patch.PECompact [Kaspersky Lab]

* Note:
o %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Memory Modifications

* There were new processes created in the system:

prnet.tmp %System%\prnet.tmp 94.208 bytes

Registry Modifications

* The following Registry Key was created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet

* The newly created Registry Values are:
+ prnet = ""%System%\prnet.tmp""

so that prnet.tmp runs every time Windows starts
+ DisplayName = "Advertisement Service"
+ UninstallString = "%System%\prnet.tmp Uninstall"
o [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
+ prnet = ""%System%\prnet.tmp""

so that prnet.tmp runs every time Windows starts

Other details

* To mark the presence in the system, the following Mutex object was created:

* The following ports were open in the system:

Port Protocol Process
1034 TCP prnet.tmp (%System%\prnet.tmp)
1036 UDP prnet.tmp (%System%\prnet.tmp)

* The following Internet Connection was established:

Server Name Server Port Connect as User Connection Password 80 (null) (null)

* The following GET requests were made:
o index.html
o index.jpg

# 5 May 2009, 8:55

Leave a reply

AVG Internet Security 2014