Virus Problem

[aravind_72]

In my office, many computers are affected by three viruses. (1) winzip_tmp.exe (2) Folder.htt & (3) desktop.ini. It is not permitting anti-virus to be loaded. while attempting Norton Antivirus, it prompts a message "are you sure to quit the application". If given NO also, it is unable to load the program. also, unistallation of the anti-virus program is also not possible. Please tell where from patches can be laoded. also i've tried with bootable Norton Anti-virus 2005 cd to remove the virus. It is not finding the virus in DOS prompt.

 

[Desmond]

Head for the Task Manager and check for unwanted applications running in the background. If you find any, stop them. After you have finished stopping all the unwanted applications, run NAV. It should now work and remove all infected files.

If this doesnt work, get into Safe Mode and try the above procedure.

 

[anandk]

same problem dscsd here *www.thinkdigit.com/forum/showthread.php?t=24623&highlight=Folder.htt

reg folder.htt, check what this says :
VBS_REDLOF.C
*www.trendmicro.com/vinfo/viru...DLOF.C&VSect=T

reg Winzip_temp.exe
"...Having DESKTOP.INI and TEMP.HTT in any folder will turn it into an HTML browseable folder. DESKTOP.INI will point to TEMP.HTT as its template file that would run every time the folder is viewed. Inside TEMP.HTT, there will be another call to "WinZip_Temp.exe" to activate it in case there is not any instances of the worm currently running..."
click *us.mcafee.com/virusInfo/defau...virus_k=138027

update ur quickheal and run it at boottime or in safe mode. quickheal calls this massmailing worm as I-Worm.Nyxem.e

if it dznt help check this link *reviews.cnet.com/4520-6600_7-6426309-1.html

A few antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see:

Computer Associates: Win32/Blackmal.F!Worm
F-Secure: Email-Worm.Win32.Nyxem.e
McAfee: W32/MyWife.d@MM
Microsoft: Win32/MyWife.e
Panda: W32/Tearec.A.worm (W32/MyWife.E.Worm)
Sophos: W32/Nyxem-D
Symantec: W32.Blackmal.E@mm
Trend Micro: WORM_GREW.A (Worm_BLUEWORM.E) .

 

[aryayush]

Is 'desktop.ini' a virus?
I have hidden files titled 'desktop.ini' in virtually every folder on my PC. How do I get rid of it if it indeed is a virus?
I have ZoneAlarm Security Suite, Norton AntiVirus 2006, Spy Sweeper and Spyware Doctor 3.8 installed.

 

[anandk]

Desktop.ini is used to tell Windows how to display a folder. For example, enabling Thumbnail view creates a desktop.ini file in that folder which amongst other things, tells Windows to add an extra item to the View menu for that folder. Desktop.ini files are also used when you customize folders, change their icons etc.

The problem is that "desktop.ini" files may contain CLSID references to arbitrary executables in the "[.ShellClassInfo]" section. This can be exploited to execute arbitrary files with another user's privileges when the user browses a folder containing a malicious "desktop.ini" file.

post ur hijackthis file at www.hijackthis.de for analysis to be sure.

 

[Vishal Gupta]

If u get DESKTOP.INI file in every folder, then its 100% virus problem!

 

[madmax]

Oh man I have been seeing this file on my PC for the past 6 months
thanx for the info anand

 

[aryayush]

If u get DESKTOP.INI file in every folder, then its 100% virus problem!

Uh oh! I guess I have been infected.

 

[anandk]

Uh oh! I guess I have been infected.

i repeat, post ur hijackthis logfile here or ot www.hiajackthis.de for analysis, so that u can be sure.