on a roll

Discussion in 'malware problems & news' started by zappa, Jun 29, 2004.

Thread Status:
Not open for further replies.
  1. zappa

    zappa Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    176
    Location:
    Los Angeles, Ca.
    I am on a roll with various infections:

    Nod32 gave me this info:
    1) VBS/Psyme.W.Gen.trojan (file was datBOAO.temp)
    2) Win32/Small.I.trojan (file was msmc.exe)
    3) Win32/Collector A unknown infection type (virtool) (file was active security.ocx)

    Tonight I happenend to see a few infected files that Nod32 and I deleted yesterday, all in Windows/system folder
    1) p-1255c.exe
    2) etcpln.exe
    3) launcher.exe
    Nod32 identified all these as.. unknown but probably NewHeur-PE virus.
    Nod32 did not detect them when I restarted today but did when I used on demand scan.

    I was surfing when i got this infection from a web page and the infection tried to create new start ups including a new WinMedia Player and etcpln.exe. I use Mike Lin's "StartUp Monitor" which instzntly notified me of new startups which I denied.

    I ran RegRun and deleted, for the second time, etcpln.exe from start up.

    Nod32 couldn't delete "launcher.exe" so I renamed it then deleted it.

    I looked around for descriptions of these files at Eset and another A.V. site but could not find the exact names as I have them.

    I have tried to run TDS-3 three separate times but it freezes and or locks up with "not responding" and I have to go to "control-alt-delete" and end it from there. Unusual as TDS3 has never responded like this before.

    My OS is Win98SE.

    I have not investigated my registry. Any ideas or sugggestions on what NewHeur-PE virus is and how it reappeared after restaring today?

    thank you.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas


    NewHeur-PE is the name NOD gives an unknown virus discovered using heuristics.

    Launcher.exe is an adware problem.
    INFO

    Looks like you have a lot of "stuff" on your computer.

    You could post a hijack log to start. READ

    You do have to register to post a log.
     
Thread Status:
Not open for further replies.