Trojan/Virus AND IE problem. Help needed :(

Discussion in 'malware problems & news' started by TerryJingle, Apr 22, 2006.

Thread Status:
Not open for further replies.
  1. TerryJingle

    TerryJingle Registered Member

    Joined:
    Apr 22, 2006
    Posts:
    1
    Well, I really don't know where to begin. Around 90 minutes ago, I switched on my laptop, as normal. But when I opened Internet Explorer, AVG alerted me of a virus...

    Virus name
    Virus identified Exploit.CVE-2005-1790

    Path
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\\JEW0L7TZ\fillmemadv[1].htm

    Filename
    fillmemadv[1].htm

    And a trojan...

    Virus name
    Trojan horse Downloader.Agent.13.AI

    Path
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\MQ2PL98Q\xpladv771[1].wmf

    Filename
    xpladv771[1].wmf

    So I chose the 'heal' option for both, and for both it said they'd been successfully healed. But I looked in my Virus Vault, and there they were. Checked the info for 'em and said they were 'Unhealable'. Every time I close all IE windows, then open one, it seems to create more and more copies of it, and I get some box thing pop up top-left saying 'Explorer User Prompt'. I'm pretty much an amateur when it comes to computers, but I scanned with Ewido, Ad-aware etc, via 'Internet Options' from control panel I deleted all cookies and all files from Temporary Internet Files, including offline content, I also deleted my history. Well, that didn't work either. So by now I had quite a few of the same trojan and virus, obviously it's respawning itself or whatever, creating more copies everytime I close all IE windows and then open a new one, and I kept moving them to the Virus Vault. So, in my infinite wisdom (or lack of), I went to the Virus Vault and decided to try something... I restored one of the viruses, and I decided to restore it to my documents (so it'd be easy to find), in the hope that I could delete it manually... well, didn't work as well as I hoped, as it created yet another copy. Then I tried deleting 'em all from the Virus Vault, hoped that might work, but then when I opened up IE, more copies were created. I THINK I might have gotten the viruses and trojans just before I went to bed last night... someone sent me a link to a metacafe video of Ronaldinho (soccer player). I clicked and watched the video, I then sent the link to someone else. When she tried opening it, she said her Anti-Virus told her that it couldn't open the site or whatever because it contained a virus. I thought nothing of it at the time, but now it seems to be the main culprit. Sorry for the use of bad language, but this is really f****ing annoying me now. Like I said, I'm an amateur when it comes to computers, so any help to get rid of this problem would be very, very much appreciated.

    Regards
    TJ

    PS, I think I'm running the latest version of IE, SP2, Windows XP Home.
     
  2. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Try running some of the online scanners in my signature or download the standalone DrWeb CureIt.
     
  3. Milan222

    Milan222 Registered Member

    Joined:
    May 4, 2006
    Posts:
    1
    Hi; I got the same problem and trying to find out what happened. I have recently downloaded from Download.com site and Napster, does it ring the bell?
    The origin of virus was in "counter.class" file which was in the .zip folder I have downloaded.

    Please let me know on this e-mail: Removed to prevent harvesting - Ron

    Thanks

    Milan
     
    Last edited by a moderator: May 4, 2006
  4. SwordOfSecurity

    SwordOfSecurity Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    108
    Location:
    Canada
    Well seeing how you're doing things currently, I can tell you to do some basic, effective procedures. First I might reccomend you change AV's once these viruses are gone, since AVG free tends to be horrible in a lot of ways compared to other free AV's (like avast! and AntiVir). Anyway, here are a few tips:

    1.) Update AVG AV to the max, and change all settings it has in real-time protection, full system scanning, etc. to the highest sensitivity (i.e. Select 'Scan all files' opposed to 'Scan infectable files').

    2.) (OPTIONAL BUT HANDY) Download and install CCleaner, its a handy tool to properly clean all temporary files & more. It's also good for maintenance every now and then just to remove junk files. Once it's installed, run it to clear all the temporary files (feel free to configure it to ignore certain things, etc.)

    3.) Update Ad-Aware & ewido to the max, then set both to highest sensitivity (similar to step 1).

    4.) Disable system restore points.

    5.) Reboot your computer in safe mode.

    6.) Run full system scans with all security products (selecting the remove option [if not then quarantine] since "healing" or "repairing" is usually not the way to go when removing viruses, UNLESS they've infected useful files you want to save)

    7.) Reboot your computer again and check if everything is ok, if not, then run a few online scans that provide cleaning services, like KAV, etc.

    8.) If your computer has been verified to be completely cleaned, then turn on System Restore again.

    Hope that helps.
     
  5. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    try what SwordofSecurity said and additionally you can scan your PC with AntiVir also in the safe mode. It's much more effective even compared with some paid AVs. ;)
     
Loading...
Thread Status:
Not open for further replies.