http://www.avira.com/en/threats/section/fulldetails/id_vir/3666/html_crypted.gen.html
I ran Avira and Spybot and thought that it had corrected to problem
but today when I logged on I had the same virus alert. I would
appreciate any thoughts/suggestions on how to remove this virus from
my computer.
Thanks,
Robert
Has a(another) Norton or McAfee application ever been installed on the
computer (e.g., a free-trial version that came preinstalled when you bought
it)?
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
Sometimes, AV programs (Avira AntiVir included) detect false positives.
What is the name of the file(s) associated with this particular type of
malware (note that it is not a virus)? Can you upload it/them to these
two sites?:
| http://www.avira.com/en/threats/section/fulldetails/id_vir/3666/html_crypted.gen.html
It is not a virus and you can't get infected by it. However if the script it represents
its successfully executed it may lead to the installation of some other malware.
What this is is a generic detection for a cryptic HTML script.
If you got alerted on it then Avira AntiVir did its job and blocked the malicious code in
the HTML script.
Perform a full scan of your system using AntoVir to make sure the script is not in a
cache somewhere.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
I've already run Avria and Spybot and thought it had corrected the
problem but I guess it didn't since I got the same message agai today
with the same virus.
This is the infected file: Documents and Settings\user name\Local
Settings Temp\tempinternet files\Content IE5\MOMXYOEG\asrefinc
101.jsw
I tried looking for this file in the system but I can't seem to find
it under Documents and Settings.
Thanks,
Robert
| I've already run Avria and Spybot and thought it had corrected the
| problem but I guess it didn't since I got the same message agai today
| with the same virus.
| This is the infected file: Documents and Settings\user name\Local
| Settings Temp\tempinternet files\Content IE5\MOMXYOEG\asrefinc
| 101.jsw
| I tried looking for this file in the system but I can't seem to find
| it under Documents and Settings.
Again -- It is NOT a virus !
That is your IE Teemp Internet Files cache or TIF.
Go to IE --> Tools --> Internet Options
Delete all files in the cache and set the cache to be no larger than 50MB.
Hello Dave,
Although the file in question isn't a virus it managed to 'infect' my
administrator's account's Internet temporary files as well as my User
account. I was under the impression that when using a User
account(which is what I use to surf the Internet) that the
Administrator account (Internet temporary files) are separate?
In any case I deleted all the files in both accounts in the Internet
temporary files folder. However with regards to the User account there
were (8) files it wouldn't let me delete ending with:
Cookie: Username @ c.msn
Cookie: Username @ bing
Cookie: Username @ Windows Marketing Plan
Cookie: Username @ c.Live
Cookie: Username @ atdmt
Cookie: Username @ MSN
Cookie: Username @ aplshuffle
Yet after I deleted all the files I went back to check and each time I
look there's more files to delete. Maybe I didn't get them all but
when I was doing this there were no other files that I saw to delete?
Lastly, the good news is that so far the annoying and apprehensive
alert for the last two days hasn't popped up. Hopefully this has
corrected the problem.
Thanks,
Robert
Hi Dave,
Ok the User account seems to be alright but my Administartot account
is infected with this non-virus. I have deleted all the Temporary
Internet files and changed the disk spaced used to 50 yet every time I
restart the computer and login as the Administrator the same infected
file pops up. I only use the Administrator account to update my
computer so I'm baffled how my Administartor account became corrupted?
I'd appreciate any help or advice to remove this.
Thanks,
Robert
| Hi Dave,
| Ok the User account seems to be alright but my Administartot account
| is infected with this non-virus. I have deleted all the Temporary
| Internet files and changed the disk spaced used to 50 yet every time I
| restart the computer and login as the Administrator the same infected
| file pops up. I only use the Administrator account to update my
| computer so I'm baffled how my Administartor account became corrupted?
| I'd appreciate any help or advice to remove this.
| Thanks,
| Robert
Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
Then post the contents of the HJT log in your post with a full explanation of your problem
and what you have done to date in one of the below expert forums...
{ Please - Do NOT post the HJT Log here ! }
Forums where you can get expert advice for HiJack This! (HJT) Logs.
NOTE: Registration is REQUIRED in any of the below before posting a log
Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0
Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
I've been sick the last day or so so I haven't been able to respond.
Firstly, bothmy User Account and my Administrator account are
infected. I've done what you suggested and it keeps coming back. If
this isn't a virus it sure is acting like one.
I've tried using Hijack before and I never recieved a response from
anyone.
Robert
If you look, I've posted that I'm using XP, SP3 on my second message.
Robert
| I've been sick the last day or so so I haven't been able to respond.
| Firstly, bothmy User Account and my Administrator account are
| infected. I've done what you suggested and it keeps coming back. If
| this isn't a virus it sure is acting like one.
| I've tried using Hijack before and I never recieved a response from
| anyone.
Robert:
If you post to the SpyKiller...
http://www.thespykiller.co.uk/index.php?board=3.0
And give me the URL, I will make sure you get immediate attention.
Hi Dave,
Here's the URL, I appreciate your helping me.
http://thespykiller.co.uk/index.php/topic,9212.new.html
Thanks,
Robert
| Hi Dave,
| Here's the URL, I appreciate your helping me.
| http://thespykiller.co.uk/index.php/topic,9212.new.html
I see that MS MVP Derek Knight has already responded.
*You are in good hands!*
Hello Dave,
I decided to delete my Internet temp files again both on the User
account and Administrative account then ran the program from the link
Derek gave on both accounts. It appears that both accounts are now
clean and hopefully I won't see it again.
I want to thank both you and Derek for helping me throught this.
Robert
+1
Please don't leave Derek hanging, Robert: Reply your forum thread ASAP.
Thanks.