Virus Problem

Discussion in 'Software Q&A' started by aravind_72, May 24, 2006.

Thread Status:
Not open for further replies.
  1. aravind_72

    aravind_72 New Member

    Joined:
    Jan 8, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    0
    In my office, many computers are affected by three viruses. (1) winzip_tmp.exe (2) Folder.htt & (3) desktop.ini. It is not permitting anti-virus to be loaded. while attempting Norton Antivirus, it prompts a message "are you sure to quit the application". If given NO also, it is unable to load the program. also, unistallation of the anti-virus program is also not possible. Please tell where from patches can be laoded. also i've tried with bootable Norton Anti-virus 2005 cd to remove the virus. It is not finding the virus in DOS prompt.
     
  2. Desmond David

    Desmond David Destroy Erase Improve

    Joined:
    Apr 9, 2005
    Messages:
    5,782
    Likes Received:
    80
    Trophy Points:
    48
    Location:
    Pune
    Head for the Task Manager and check for unwanted applications running in the background. If you find any, stop them. After you have finished stopping all the unwanted applications, run NAV. It should now work and remove all infected files.

    If this doesnt work, get into Safe Mode and try the above procedure.
     
  3. anandk

    anandk Distinguished Member

    Joined:
    Mar 8, 2005
    Messages:
    3,786
    Likes Received:
    106
    Trophy Points:
    0
    Location:
    Pune
    same problem dscsd here http://www.thinkdigit.com/forum/showthread.php?t=24623&highlight=Folder.htt

    reg folder.htt, check what this says :
    VBS_REDLOF.C
    http://www.trendmicro.com/vinfo/viru...DLOF.C&VSect=T

    reg Winzip_temp.exe
    "...Having DESKTOP.INI and TEMP.HTT in any folder will turn it into an HTML browseable folder. DESKTOP.INI will point to TEMP.HTT as its template file that would run every time the folder is viewed. Inside TEMP.HTT, there will be another call to "WinZip_Temp.exe" to activate it in case there is not any instances of the worm currently running..."
    click http://us.mcafee.com/virusInfo/defau...virus_k=138027

    update ur quickheal and run it at boottime or in safe mode. quickheal calls this massmailing worm as I-Worm.Nyxem.e

    if it dznt help check this link http://reviews.cnet.com/4520-6600_7-6426309-1.html

    A few antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see:

    Computer Associates: Win32/Blackmal.F!Worm
    F-Secure: Email-Worm.Win32.Nyxem.e
    McAfee: W32/MyWife.d@MM
    Microsoft: Win32/MyWife.e
    Panda: W32/Tearec.A.worm (W32/MyWife.E.Worm)
    Sophos: W32/Nyxem-D
    Symantec: W32.Blackmal.E@mm
    Trend Micro: WORM_GREW.A (Worm_BLUEWORM.E) .
     
  4. aryayush

    aryayush New Member

    Joined:
    May 6, 2005
    Messages:
    5,594
    Likes Received:
    20
    Trophy Points:
    0
    Location:
    Noida
    Is 'desktop.ini' a virus?
    I have hidden files titled 'desktop.ini' in virtually every folder on my PC. How do I get rid of it if it indeed is a virus?
    I have ZoneAlarm Security Suite, Norton AntiVirus 2006, Spy Sweeper and Spyware Doctor 3.8 installed.
     
  5. anandk

    anandk Distinguished Member

    Joined:
    Mar 8, 2005
    Messages:
    3,786
    Likes Received:
    106
    Trophy Points:
    0
    Location:
    Pune
    Desktop.ini is used to tell Windows how to display a folder. For example, enabling Thumbnail view creates a desktop.ini file in that folder which amongst other things, tells Windows to add an extra item to the View menu for that folder. Desktop.ini files are also used when you customize folders, change their icons etc.

    The problem is that "desktop.ini" files may contain CLSID references to arbitrary executables in the "[.ShellClassInfo]" section. This can be exploited to execute arbitrary files with another user's privileges when the user browses a folder containing a malicious "desktop.ini" file.

    post ur hijackthis file at www.hijackthis.de for analysis to be sure.
     
  6. Vishal Gupta

    Vishal Gupta Microsoft MVP

    Joined:
    Jul 28, 2005
    Messages:
    5,173
    Likes Received:
    121
    Trophy Points:
    0
    Location:
    AskVG.com
    If u get DESKTOP.INI file in every folder, then its 100% virus problem!
     
  7. madmax

    madmax New Member

    Joined:
    Dec 22, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    HELL
    Oh man I have been seeing this file on my PC for the past 6 months
    thanx for the info anand
     
  8. aryayush

    aryayush New Member

    Joined:
    May 6, 2005
    Messages:
    5,594
    Likes Received:
    20
    Trophy Points:
    0
    Location:
    Noida
    Uh oh! I guess I have been infected.
     
  9. anandk

    anandk Distinguished Member

    Joined:
    Mar 8, 2005
    Messages:
    3,786
    Likes Received:
    106
    Trophy Points:
    0
    Location:
    Pune
    i repeat, post ur hijackthis logfile here or ot www.hiajackthis.de for analysis, so that u can be sure.
     
Thread Status:
Not open for further replies.

Share This Page