Some Virus/Trojan Problem...Wierd..!!!

Status
Not open for further replies.
Dipen01

Dipen01

Youngling
Hello,

I am experiencing something wierd with my PC these days.

All the Folders of all my drives contain 3 icons

1) Winzip_temp.exe
2) Folder.htt
3) desktop.ini

Well i havent even installed Winzip ever still whats this happening. Even Winzip stays in PC's active memory all the time.

I guess its some kind of Trojan or Virus but even Quick heal and Mcafee are unable to detect it. So in these circumstances what to do..??

Its hoggin my memory a lot..Any advices ..suggestion..??

Regards,
Dipen
 
dIgItaL_BrAt

dIgItaL_BrAt

Cyborg Agent
folder.htt and desktop.ini are Windows system files so u don't need to worry about those.What u DO need to worry about is Winzip_temp.exe.That file is due to the W32/MyWife.e@MM worm.Update ur virus definitions immidiately and remove it cuz it's got a pretty lethal payload.
On the 3rd day of any month, approximately 30 minutes after an infected system is started, the worm overwrites files on local drives with the following extensions with the text "DATA Error [47 0F 94 93 F4 K5]":
DOC
XLS
MDB
MDE
PPT
PPS
ZIP
RAR
PDF
PSD
DMP
 
OP
Dipen01

Dipen01

Youngling
Damn...!!! how do i update...it...3rd is coming soon.... Can i get any direct.... Softie..which can remove it...

or i am using quickheal ...so any specific update for it.. :(

Like there are for various removers...
 
anandk

anandk

Distinguished Member
reg folder.htt, check what this says :
VBS_REDLOF.C
*www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_REDLOF.C&VSect=T

reg Winzip_temp.exe
"...Having DESKTOP.INI and TEMP.HTT in any folder will turn it into an HTML browseable folder. DESKTOP.INI will point to TEMP.HTT as its template file that would run every time the folder is viewed. Inside TEMP.HTT, there will be another call to "WinZip_Temp.exe" to activate it in case there is not any instances of the worm currently running..."
click *us.mcafee.com/virusInfo/default.asp?id=description&virus_k=138027

:arrow: update ur quickheal and run it at boottime or in safe mode. quickheal calls this massmailing worm as I-Worm.Nyxem.e

if it dznt help check this link *reviews.cnet.com/4520-6600_7-6426309-1.html

A few antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see:

Computer Associates: Win32/Blackmal.F!Worm
F-Secure: Email-Worm.Win32.Nyxem.e
McAfee: W32/MyWife.d@MM
Microsoft: Win32/MyWife.e
Panda: W32/Tearec.A.worm (W32/MyWife.E.Worm)
Sophos: W32/Nyxem-D
Symantec: W32.Blackmal.E@mm
Trend Micro: WORM_GREW.A (Worm_BLUEWORM.E) .

ps : dipen, i c u r from pune; u cud always contact quickheals ofc at wakdewadi for imdt assisstance.
 
OP
Dipen01

Dipen01

Youngling
@digital and anandk : thanks bro..

btw...i never noticed the folder.htt and deskop.ini in every folder. i hope its not abnormal..

and regarding contact Quick Heal..well am using Trial version of Quickheal so i guess...they would be helping only registered users..
 
OP
Dipen01

Dipen01

Youngling
Amitbhai...but is it efficient at par at these leaders...

___

Am unable to download it though.... from www.ca.com ... Its asks for Coupon No. Now i hav to call and get it..Its wierd... any other alternative...
 
Status
Not open for further replies.
Top Bottom