|
|
|
#1
18-April-2002, 06:37
|
||||
|
||||
Virus Alert HTML.VMExploit
Sorry got an extra "E" in the topic title - grateful if any passing mod could edit
Part one Status report Part two Will describe action taken taken on first receipt of this report - this is second run of virus check! This has got through my system despite having EZ Anti Virus running continiously. Plead guilty to perhaps one week lapse in keeping tables up to date:- Started scanning: 03:03:07, 18/04/02 Major dat file v1000 Minor dat file v1981 Macro dat file Apr 16 2002 (VMD Ver 1.6) Scanning memory... Scanning boot sectors... C  Master Boot Record does not match template, but is OK: standard Win95 OSR2.C Partition Boot Record matches template, is OK: standard MSWIN 4.1 FAT32.Scanning file(s)... C WINDOWS\Temporary Internet Files\Content.IE5\87WSCQXH\a3[1].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\TQQA6PUV\a3[1].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\W5IRGXYJ\a3[1].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\W5IRGXYJ\a3[2].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\E1JK10VM\wl[1].js - infected with HTML.VMExploit virus. C WINDOWS\Temporary Internet Files\Content.IE5\Z7DFNL0W\a3[1].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\Q7U7292Z\a3[1].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\SD6FOTMN\a3[1].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\1WOZDPW1\a3[1].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\1WOZDPW1\a3[3].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\OTMVG5AN\a3[1].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\2VANMTU3\a3[1].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\1VJBHXOE\tss[1].js - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\IBMR61QR\wl[1].js - infected with HTML.VMExploit virus. C WINDOWS\Temporary Internet Files\Content.IE5\IBMR61QR\wl[2].js - infected with HTML.VMExploit virus. C WINDOWS\Temporary Internet Files\Content.IE5\KTIF45E3\sl[1].js - infected with HTML.VMExploit virus. C WINDOWS\Temporary Internet Files\Content.IE5\KTIF45E3\a3[1].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\HRJF59GE\a3[1].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\HRJF59GE\a3[2].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\HRJF59GE\a3[3].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\45AV8HIF\a3[1].jpg - infected with HTML.VMExploit.enc virus. C WINDOWS\Temporary Internet Files\Content.IE5\45AV8HIF\a3[2].jpg - infected with HTML.VMExploit.enc virus. Finished scanning: 03:42:42, 18/04/02 Number of files scanned: 91831. Number of infections: 22 Number of infected files not cleaned/deleted/renamed: 22 First 10 files: C WINDOWS\Temporary Internet Files\Content.IE5\87WSCQXH\a3[1].jpg (HTML.VMExploit.enc virus)C WINDOWS\Temporary Internet Files\Content.IE5\TQQA6PUV\a3[1].jpg (HTML.VMExploit.enc virus)C WINDOWS\Temporary Internet Files\Content.IE5\W5IRGXYJ\a3[1].jpg (HTML.VMExploit.enc virus)C WINDOWS\Temporary Internet Files\Content.IE5\W5IRGXYJ\a3[2].jpg (HTML.VMExploit.enc virus)C WINDOWS\Temporary Internet Files\Content.IE5\E1JK10VM\wl[1].js (HTML.VMExploit virus)C WINDOWS\Temporary Internet Files\Content.IE5\Z7DFNL0W\a3[1].jpg (HTML.VMExploit.enc virus)C WINDOWS\Temporary Internet Files\Content.IE5\Q7U7292Z\a3[1].jpg (HTML.VMExploit.enc virus)C WINDOWS\Temporary Internet Files\Content.IE5\SD6FOTMN\a3[1].jpg (HTML.VMExploit.enc virus)C WINDOWS\Temporary Internet Files\Content.IE5\1WOZDPW1\a3[1].jpg (HTML.VMExploit.enc virus)C WINDOWS\Temporary Internet Files\Content.IE5\1WOZDPW1\a3[3].jpg (HTML.VMExploit.enc virus)
Last edited by Worldlife; 18-April-2002 at 08:42. 
|
|
#2
18-April-2002, 06:45
|
||||
|
||||
|
Part Two
When I realised that the virus checker was finding all these infected files in the Windows Temporary File and it was taking a very long time to process this file I stopped the checker. Emptied the Windows Temporary file by Control Panel/ Internet/Options procedure. This recheck followed that operation after closing down and restarting windows. .... to proceed further by edit... must get Mrs W/L's breakfast!!!!!
|
|
#3
18-April-2002, 07:16
|
||||
|
||||
|
Oh dear sorry to hear it WL. This page has some info I just picked it out of hundreds of pages.
Good luck! Info here.
__________________
Beef. "Thinking about what you might not be able to control, only wastes time and energy, till it eventually becomes your enemy." 
|
|
#4
18-April-2002, 08:52
|
||||
|
||||
|
Installing the Microsoft update
Thanks Beef for your prompt answer
 I've downloaded and installed the Updated Microsoft Virtual Machine for Windows OS mentioned in your link. The damage to the system seems to have been contained by the prompt alert by eTrustEZantivirus (it came up on the boot check!) and not as bad as the cases cited...phew!! An odd thing I did note, before the EZ warning, was that my connection tray icon for Freeserve was changed a few times and I thought it was Explorer having games!!! I'll follow now with thoughts as to whether I should delete all the internet temporary files as shown in various windows panels- there is conflicting info! Once again...thanks. Will run virus checker whilst out
|
|
#5
18-April-2002, 09:03
|
||||
|
||||
Conflicting information
 conflicts with find and the anti-virus program lists:-  and the details of "find"  Do folks reckon I could probably delete all the above files without problem. Could they be important system files labelled in this way or does the fact they are in "temporary" mean they can be rubbished? Be back later... Off for a dental check 
|
|
#6
18-April-2002, 09:46
|
|||
|
|||
|
as far as i know you can delete them, it is a history of where you have been on the net, best wat to check is to move them to ea temp dir, if the system does not complain then get rid, if not then you still have them
windows may not let you move them all, the ones it wants to keep i would be happy with hope that helps
|
|
#7
18-April-2002, 10:28
|
|||
|
|||
|
I empty mine on a regular basis.
All it is is IE Cache. So if you delete them your sites will take a little longer to load the first time. Any way of working out which site is was so that you can posta warning?
|
|
#8
18-April-2002, 11:40
|
||||
|
||||
|
Just in case the bomb explodes
Just in case I get a system failure!!!
Deleted the whole of Temporary Internet IE5 files that were transferred to the recycle bin. Many warnings of the "do you really want to delete - this could be fatal" kind. Left only with Tqqu6pnu and Index.dat that Windows refused to delete. Intended to do a "find" on all the infected files and then try deletion of each one individually, Virus checker only reported infection in the recycle bin. Stopped the virus checker when I realised that the files in the recycle bin were being allocated a different name to when they were found in Temporary Internet. Seemed very virulent situation!!! Crossed fingers and deleted content of recycle bin. On trying to close down Realplayer popped up and froze. But I've restarted ok - will run virus checker again and then see if any other programs complain about the changes. Vic .... cor what a birthday pressy 
|
 |
| Tags |
| bad, birthday, connection, failure, files, happy, internet, virus, windows |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Hybrid Mode
|
|
All times are GMT +1. The time now is 01:28.