tenga.gen SOS

Since I installed NOD32 on my computer I keep getting alerts about win32/tenga.gen virus . AMON deletes the infected files and it destroys my system, I can't log on after restart. I formatted my HD and reinstalled everything, but that virus keeps coming back.
Back when I had Norton Internet Security, it never found any vruses like that, but then I replaced it with Kerio Personal Firewall and NOD32. That's when the whole mess started.
Plus I get Windows Security Alert that my antivirus definitions are out of date, though NOD32 updates itself every hour.

 

try to start in safe mode and to scan with NOD32 again.
Where does NOD32 find the virus...which folder ?
Try also to disable system restore.

 

Do you have any media drives inserted?

 

Be sure to install all security patches for your OS, including a firewall, after you install the OS from scratch (hopefully you are not using an old Win9x system). If it's possible, install and update NOD32 before you connect your computer to LAN if you share the network with neighbours.

 

Probably Norton didn't detect that malware and that's the reason you haven't received alerts.

Since you know how , format your hard drive and reinstall Windows (FULL FORMAT).
The first thing you have to do then is to install firewall and as soon as you connect to internet to update Windows . Then install NOD32 and update it , configure it:
https://www.wilderssecurity.com/showthread.php?t=37509

Go ahead and be careful what you install and load on that machine .
http://www.microsoft.com/protect


I recommend you use Windows Firewall with "Don't allow exceptions" checked .Windows must be always updated . If you want two-way firewall , I recommend ZoneAlarm free

 

Because an infected file may replicate after you restart and when you turn off this XP Service the file won't replicate.

When dealing with malware in XP/Me environment, this is essential

 

It didn't help. The virus still came back. NOD32 cleaned 183 out of 183 infected files, but I'm still not happy that it got into my system in the first place. Is Kerio really that bad of a firewall? I actually heard the opposite, that it's similar to ZoneAlarm, that's why I installed it.

 

Are you using Win XP SP2 with all security patches applied? Please elaborate as to what have you done - did you format the disk and install NOD32 from scratch, or just reinstalled the OS ?

 

I doubt patched system has anything to do with this one. Tenga is a file infector, not worm using some system vulnerability.
And as such it will replicate on disk activity (execution of programs).

 

A quote from Mike's Tenga description: Other Details: tries to spread via DCOM RPC Interface Buffer Overrun Vulnerability by generating random IP addresses.

 

Somehow I doubt it....as your question was never answered. If it has been done the question then would be in what order was his system updated

 

I've been running NOD32 and Kerio personal firewall on default settings for a few months and I don't have your trouble.

 

Possible source for this virus: http://forum.insidepro.com/viewtopic.php?t=234

 

Nope, I don't have SAMInside.

Anyway, I'm switching to ZoneAlarm Pro 6. Kerio is annoying.

 

Excellent choice . NOD32 + Zone Alarm

 

Are you sharing the main "C" drive?

Cheers

 

Follow the instructions here and you shouldn't have any more problems with tenga

 

I got win32/tenga.gen!!
Have you desinfected the PC?
What must I do

 

Tenga spreads over LAN so first of all, unplug the pc from network, boot from a clean media (booting to safe mode might suffice), run nod32 and clean all infected files. Also make sure that you have NOD32 2.7 installed.

 

Scan your PC with NOD32 in safe mode and clean everything it finds. Install a personal firewall: Comodo or something else and only then connect to the internet.

 

A word of warning about tenga :

The school network once got infected by it, and it appends at the end of the executable part of files. That means, it will destroy setup exectuables or self-extracting archives, because it will only keep the "executable" part that's found at the beginning of them. I was annoyed to discover that when setup files on my external hard drive were erased (i had to connect it to the school pc's). Luckily I had backups, and then suggested the school to purchase a nod32 buisness license complete with administration console. What they didn't do because "it was a pain to install antiviruses on each computer". Yeah. Nice.

Also yes, it spreads via network, so you have to disconnect the computer from it before disinfecting.

I'd also suggest you run a sfc /scannow after it, to replace possible damaged system files with clean versions. You may need your system CD/DVD.

 

ISP Etheric has a utility that NOD32 detects as the Win32/Tenga.gen virus. However, I fail to see how a highly expensive ISP would be handing out viruses...

http://www.etheric.net/software.html

TCPOptimizer.exe
hxxp://www.etheric.net/Downloads/TCPOptimizer.exe (they comment "with thanks to SpeedGuide.net)

Has anyone tried this utility?