HTML/Crypted.Gen Virus:
in [Windows XP]
|
From: PA Bear [MS MVP] on 16 Apr 2010 15:03 cf. http://groups.google.com/group/microsoft.public.windowsxp.general/msg/f2e8ff1b44b6d9a9 -- ~PA Bear Navyguy wrote: > On Apr 14, 7:38 pm, "David H. Lipman" <DLipman~nosp...(a)Verizon.Net> > wrote: >> From: "Navyguy" <maginee...(a)yahoo.com> >> >>> I have a Dell Dimension 8200 with Windows Firewall, Avira antivirus, >>> Spybot and Hive Cleanup and all the programs work well together and >>> are up to date. However, my computer recently became infected with a >>> HTML/Crypted.Gen virus. >> >>> http://www.avira.com/en/threats/section/fulldetails/id_vir/3666/html_... >> >>> I ran Avira and Spybot and thought that it had corrected to problem >>> but today when I logged on I had the same virus alert. I would >>> appreciate any thoughts/suggestions on how to remove this virus from >>> my computer. >> >> It is not a virus and you can't get infected by it. However if the script >> it represents its successfully executed it may lead to the installation >> of >> some other malware. >> >> What this is is a generic detection for a cryptic HTML script. >> >> If you got alerted on it then Avira AntiVir did its job and blocked the >> malicious code in the HTML script. >> >> Perform a full scan of your system using AntoVir to make sure the script >> is not in a cache somewhere. >> >> -- >> Davehttp://www.claymania.com/removal-trojan-adware.html >> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp > > I've already run Avria and Spybot and thought it had corrected the > problem but I guess it didn't since I got the same message agai today > with the same virus. > > This is the infected file: Documents and Settings\user name\Local > Settings Temp\tempinternet files\Content IE5\MOMXYOEG\asrefinc > 101.jsw > > I tried looking for this file in the system but I can't seem to find > it under Documents and Settings. > > Thanks, > Robert
From: Navyguy on 17 Apr 2010 14:14 On Apr 16, 3:21 am, "David H. Lipman" <DLipman~nosp...(a)Verizon.Net> wrote: > From: "Navyguy" <maginee...(a)yahoo.com> > > | Hi Dave, > > | Ok the User account seems to be alright but my Administartot account > | is infected with this non-virus. I have deleted all the Temporary > | Internet files and changed the disk spaced used to 50 yet every time I > | restart the computer and login as the Administrator the same infected > | file pops up. I only use the Administrator account to update my > | computer so I'm baffled how my Administartor account became corrupted? > > | I'd appreciate any help or advice to remove this. > > | Thanks, > | Robert > > Download and execute HiJack This! (HJT)http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe > > Then post the contents of the HJT log in your post with a full explanation of your problem > and what you have done to date in one of the below expert forums... > > { Please - Do NOT post the HJT Log here ! } > > Forums where you can get expert advice for HiJack This! (HJT) Logs. > > NOTE: Registration is REQUIRED in any of the below before posting a log > > Suggested primary:http://www.thespykiller.co.uk/index.php?board=3.0 > > Suggested secondary:http://www.bleepingcomputer.com/forums/forum22.htmlhttp://www.malwarebytes.org/forums/index.php?showforum=7 > > Suggested tertiary:http://www.dslreports.com/forum/cleanuphttp://www.cybertechhelp.com/forums/forumdisplay.php?f=25http://www.atribune.org/forums/index.php?showforum=9http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Her...http://gladiator-antivirus.com/forum/index.php?showforum=170http://forum.networktechs.com/forumdisplay.php?f=130http://forums.maddoktor2.com/index.php?showforum=17http://www.spywarewarrior.com/viewforum.php?f=5http://forums.spywareinfo.com/index.php?showforum=18http://forums.techguy.org/f54-s.htmlhttp://forums.tomcoyote.org/index.php?showforum=27http://forums.subratam.org/index.php?showforum=7http://www.5starsupport.com/ipboard/index.php?showforum=18http://aumha.net/viewforum.php?f=30http://makephpbb.com/phpbb/viewforum.php?f=2http://forums.techguy.org/54-security/http://forums.security-central.us/forumdisplay.php?f=13 > > -- > Davehttp://www.claymania.com/removal-trojan-adware.html > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp I've been sick the last day or so so I haven't been able to respond. Firstly, bothmy User Account and my Administrator account are infected. I've done what you suggested and it keeps coming back. If this isn't a virus it sure is acting like one. I've tried using Hijack before and I never recieved a response from anyone. Robert
From: Navyguy on 17 Apr 2010 14:17 On Apr 16, 12:03 pm, "PA Bear [MS MVP]" <PABear...(a)gmail.com> wrote: > cf.http://groups.google.com/group/microsoft.public.windowsxp.general/msg.... > -- > ~PA Bear > > > > Navyguy wrote: > > On Apr 14, 7:38 pm, "David H. Lipman" <DLipman~nosp...(a)Verizon.Net> > > wrote: > >> From: "Navyguy" <maginee...(a)yahoo.com> > > >>> I have a Dell Dimension 8200 with Windows Firewall, Avira antivirus, > >>> Spybot and Hive Cleanup and all the programs work well together and > >>> are up to date. However, my computer recently became infected with a > >>> HTML/Crypted.Gen virus. > > >>>http://www.avira.com/en/threats/section/fulldetails/id_vir/3666/html_.... > > >>> I ran Avira and Spybot and thought that it had corrected to problem > >>> but today when I logged on I had the same virus alert. I would > >>> appreciate any thoughts/suggestions on how to remove this virus from > >>> my computer. > > >> It is not a virus and you can't get infected by it. However if the script > >> it represents its successfully executed it may lead to the installation > >> of > >> some other malware. > > >> What this is is a generic detection for a cryptic HTML script. > > >> If you got alerted on it then Avira AntiVir did its job and blocked the > >> malicious code in the HTML script. > > >> Perform a full scan of your system using AntoVir to make sure the script > >> is not in a cache somewhere. > > >> -- > >> Davehttp://www.claymania.com/removal-trojan-adware.html > >> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp > > > I've already run Avria and Spybot and thought it had corrected the > > problem but I guess it didn't since I got the same message agai today > > with the same virus. > > > This is the infected file: Documents and Settings\user name\Local > > Settings Temp\tempinternet files\Content IE5\MOMXYOEG\asrefinc > > 101.jsw > > > I tried looking for this file in the system but I can't seem to find > > it under Documents and Settings. > > > Thanks, > > Robert- Hide quoted text - > > - Show quoted text - If you look, I've posted that I'm using XP, SP3 on my second message. Robert
From: David H. Lipman on 17 Apr 2010 14:58 From: "Navyguy" <magineer02(a)yahoo.com> | I've been sick the last day or so so I haven't been able to respond. | Firstly, bothmy User Account and my Administrator account are | infected. I've done what you suggested and it keeps coming back. If | this isn't a virus it sure is acting like one. | I've tried using Hijack before and I never recieved a response from | anyone. Robert: If you post to the SpyKiller... http://www.thespykiller.co.uk/index.php?board=3.0 And give me the URL, I will make sure you get immediate attention. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Navyguy on 17 Apr 2010 16:21 On Apr 17, 11:58 am, "David H. Lipman" <DLipman~nosp...(a)Verizon.Net> wrote: > From: "Navyguy" <maginee...(a)yahoo.com> > > | I've been sick the last day or so so I haven't been able to respond. > | Firstly, bothmy User Account and my Administrator account are > | infected. I've done what you suggested and it keeps coming back. If > | this isn't a virus it sure is acting like one. > > | I've tried using Hijack before and I never recieved a response from > | anyone. > > Robert: > > If you post to the SpyKiller...http://www.thespykiller.co.uk/index.php?board=3.0 > > And give me the URL, I will make sure you get immediate attention. > > -- > Davehttp://www.claymania.com/removal-trojan-adware.html > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp Hi Dave, Here's the URL, I appreciate your helping me. http://thespykiller.co.uk/index.php/topic,9212.new.html Thanks, Robert
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: System Restore question. Next: Format with Recovery console |