Some Virus/Trojan Problem...Wierd..!!!

Dipen01 · 28-02-2006, 01:34 PM

Hello,

I am experiencing something wierd with my PC these days.

All the Folders of all my drives contain 3 icons

1) Winzip_temp.exe
2) Folder.htt
3) desktop.ini

Well i havent even installed Winzip ever still whats this happening. Even Winzip stays in PC's active memory all the time.

I guess its some kind of Trojan or Virus but even Quick heal and Mcafee are unable to detect it. So in these circumstances what to do..??

Its hoggin my memory a lot..Any advices ..suggestion..??

Regards,
Dipen

dIgItaL_BrAt · 28-02-2006, 01:45 PM

folder.htt and desktop.ini are Windows system files so u don't need to worry about those.What u DO need to worry about is Winzip_temp.exe.That file is due to the W32/MyWife.e@MM worm.Update ur virus definitions immidiately and remove it cuz it's got a pretty lethal payload.
On the 3rd day of any month, approximately 30 minutes after an infected system is started, the worm overwrites files on local drives with the following extensions with the text "DATA Error [47 0F 94 93 F4 K5]":
DOC
XLS
MDB
MDE
PPT
PPS
ZIP
RAR
PDF
PSD
DMP

Dipen01 · 28-02-2006, 08:25 PM

Damn...!!! how do i update...it...3rd is coming soon.... Can i get any direct.... Softie..which can remove it...

or i am using quickheal ...so any specific update for it..

Like there are for various removers...

dIgItaL_BrAt · 28-02-2006, 08:43 PM

W32.Blackmal@mm Removal Tool

anandk · 28-02-2006, 08:59 PM

reg folder.htt, check what this says :
VBS_REDLOF.C
http://www.trendmicro.com/vinfo/viru...DLOF.C&VSect=T

reg Winzip_temp.exe
"...Having DESKTOP.INI and TEMP.HTT in any folder will turn it into an HTML browseable folder. DESKTOP.INI will point to TEMP.HTT as its template file that would run every time the folder is viewed. Inside TEMP.HTT, there will be another call to "WinZip_Temp.exe" to activate it in case there is not any instances of the worm currently running..."
click http://us.mcafee.com/virusInfo/defau...virus_k=138027

update ur quickheal and run it at boottime or in safe mode. quickheal calls this massmailing worm as I-Worm.Nyxem.e

if it dznt help check this link http://reviews.cnet.com/4520-6600_7-6426309-1.html

A few antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see:

Computer Associates: Win32/Blackmal.F!Worm
F-Secure: Email-Worm.Win32.Nyxem.e
McAfee: W32/MyWife.d@MM
Microsoft: Win32/MyWife.e
Panda: W32/Tearec.A.worm (W32/MyWife.E.Worm)
Sophos: W32/Nyxem-D
Symantec: W32.Blackmal.E@mm
Trend Micro: WORM_GREW.A (Worm_BLUEWORM.E) .

ps : dipen, i c u r from pune; u cud always contact quickheals ofc at wakdewadi for imdt assisstance.

Dipen01 · 01-03-2006, 02:26 PM

@digital and anandk : thanks bro..

btw...i never noticed the folder.htt and deskop.ini in every folder. i hope its not abnormal..

and regarding contact Quick Heal..well am using Trial version of Quickheal so i guess...they would be helping only registered users..

GameAddict · 01-03-2006, 06:23 PM

Dipen01,

Get CA's eTrust Anti Virus. Very light weight and free for home users.

GA

Dipen01 · 01-03-2006, 07:43 PM

Amitbhai...but is it efficient at par at these leaders...

___

Am unable to download it though.... from www.ca.com ... Its asks for Coupon No. Now i hav to call and get it..Its wierd... any other alternative...

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine