tenga.gen SOS

Discussion in 'NOD32 version 2 Forum' started by mmhbk, May 11, 2006.

Thread Status:
Not open for further replies.
  1. mmhbk

    mmhbk Registered Member

    Joined:
    May 11, 2006
    Posts:
    5
    Since I installed NOD32 on my computer I keep getting alerts about win32/tenga.gen virus . AMON deletes the infected files and it destroys my system, I can't log on after restart. I formatted my HD and reinstalled everything, but that virus keeps coming back.
    Back when I had Norton Internet Security, it never found any vruses like that, but then I replaced it with Kerio Personal Firewall and NOD32. That's when the whole mess started.
    Plus I get Windows Security Alert that my antivirus definitions are out of date, though NOD32 updates itself every hour.
     
  2. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    try to start in safe mode and to scan with NOD32 again.
    Where does NOD32 find the virus...which folder ?
    Try also to disable system restore. ;)
     
  3. Lollan

    Lollan Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    288
    Do you have any media drives inserted?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Be sure to install all security patches for your OS, including a firewall, after you install the OS from scratch (hopefully you are not using an old Win9x system). If it's possible, install and update NOD32 before you connect your computer to LAN if you share the network with neighbours.
     
  5. ASpace

    ASpace Guest


    Probably Norton didn't detect that malware and that's the reason you haven't received alerts.

    Since you know how , format your hard drive and reinstall Windows (FULL FORMAT).
    The first thing you have to do then is to install firewall and as soon as you connect to internet to update Windows . Then install NOD32 and update it , configure it:
    https://www.wilderssecurity.com/showthread.php?t=37509

    Go ahead and be careful what you install and load on that machine .
    http://www.microsoft.com/protect


    I recommend you use Windows Firewall with "Don't allow exceptions" checked .Windows must be always updated . If you want two-way firewall , I recommend ZoneAlarm free
     
  6. mmhbk

    mmhbk Registered Member

    Joined:
    May 11, 2006
    Posts:
    5
     
  7. ASpace

    ASpace Guest

    Because an infected file may replicate after you restart and when you turn off this XP Service the file won't replicate.

    When dealing with malware in XP/Me environment, this is essential ;)
     
  8. mmhbk

    mmhbk Registered Member

    Joined:
    May 11, 2006
    Posts:
    5
    It didn't help. The virus still came back. NOD32 cleaned 183 out of 183 infected files, but I'm still not happy that it got into my system in the first place. Is Kerio really that bad of a firewall? I actually heard the opposite, that it's similar to ZoneAlarm, that's why I installed it.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Are you using Win XP SP2 with all security patches applied? Please elaborate as to what have you done - did you format the disk and install NOD32 from scratch, or just reinstalled the OS ?
     
  10. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I doubt patched system has anything to do with this one. Tenga is a file infector, not worm using some system vulnerability.
    And as such it will replicate on disk activity (execution of programs).
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    A quote from Mike's Tenga description: Other Details: tries to spread via DCOM RPC Interface Buffer Overrun Vulnerability by generating random IP addresses.
     
  12. Ga1tar

    Ga1tar Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    118
    Location:
    U.K
    Somehow I doubt it....as your question was never answered. If it has been done the question then would be in what order was his system updated
     
    Last edited by a moderator: May 13, 2006
  13. mmhbk

    mmhbk Registered Member

    Joined:
    May 11, 2006
    Posts:
    5
     
  14. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    I've been running NOD32 and Kerio personal firewall on default settings for a few months and I don't have your trouble.
     
  15. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
  16. mmhbk

    mmhbk Registered Member

    Joined:
    May 11, 2006
    Posts:
    5
  17. ASpace

    ASpace Guest


    Excellent choice . NOD32 + Zone Alarm :D
     
  18. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Are you sharing the main "C" drive?

    Cheers :D
     
  19. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
    Follow the instructions here and you shouldn't have any more problems with tenga
     
  20. Golo

    Golo Registered Member

    Joined:
    Jan 30, 2007
    Posts:
    1
    I got win32/tenga.gen!!
    Have you desinfected the PC?
    What must I do
     
  21. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Tenga spreads over LAN so first of all, unplug the pc from network, boot from a clean media (booting to safe mode might suffice), run nod32 and clean all infected files. Also make sure that you have NOD32 2.7 installed.
     
  22. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Scan your PC with NOD32 in safe mode and clean everything it finds. Install a personal firewall: Comodo or something else and only then connect to the internet.
     
  23. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    A word of warning about tenga :

    The school network once got infected by it, and it appends at the end of the executable part of files. That means, it will destroy setup exectuables or self-extracting archives, because it will only keep the "executable" part that's found at the beginning of them. I was annoyed to discover that when setup files on my external hard drive were erased (i had to connect it to the school pc's). Luckily I had backups, and then suggested the school to purchase a nod32 buisness license complete with administration console. What they didn't do because "it was a pain to install antiviruses on each computer". Yeah. Nice.

    Also yes, it spreads via network, so you have to disconnect the computer from it before disinfecting.

    I'd also suggest you run a sfc /scannow after it, to replace possible damaged system files with clean versions. You may need your system CD/DVD.
     
  24. fjc9000

    fjc9000 Registered Member

    Joined:
    Apr 8, 2007
    Posts:
    1
    ISP Etheric has a utility that NOD32 detects as the Win32/Tenga.gen virus. However, I fail to see how a highly expensive ISP would be handing out viruses...

    http://www.etheric.net/software.html

    TCPOptimizer.exe
    hxxp://www.etheric.net/Downloads/TCPOptimizer.exe (they comment "with thanks to SpeedGuide.net)

    Has anyone tried this utility?
     
    Last edited by a moderator: Apr 9, 2007
Thread Status:
Not open for further replies.