Solved

TPE encrypted virus

Posted on 2004-09-29
11
529 Views
Last Modified: 2012-05-05
I have windows XP and run Vet anti-virus. I was notified that my computer was infected with a TPE encrypted virus which VET could not clean but instead re-named and deleted except that when I run VET again it says it has done the same thing again and again and again. I have disbabled system restore and run VET in safe Mode after deleting all my Prefetch BUT it is still there. what can I do ? VET doesn't give me anymore info on the virus apart from what I've given you, that's it ! I look forward to your reply.
0
Comment
Question by:stayhappy
  • 3
  • 2
  • 2
  • +1
11 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12179249
Download Stinger from here http://vil.nai.com/vil/stinger/
and also use this online virus scan http://housecall.trendmicro.com/  to see if they all report the same virus.

Run these in safe mode aswell and see if there is any difference.

What is the exact name of the virus ?

What do you mean by this
run VET in safe Mode after deleting all my Prefetch ??

Try doing this
Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Also you may want to reinstall your anti-virus to see if that would help

SR
0
 

Author Comment

by:stayhappy
ID: 12186323
I've done as you said and both scans bring up no trace of any virus at all , same result in safe Mode , BUT VET still says that I've got the virus. and it gives me NO name , NO other description apart from TPE encrypted virus . that's it !


What do you mean by "run VET in safe Mode after deleting all my Prefetch ??" i was advised to do that by someone else which gave no result. just though you should know.

haven't reinstalled my anti virus BUT I downloaded AVG Anti-virus Free Edition and ran that and that didn't detect a virus either
 
 
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12188717
>> What do you mean by "run VET in safe Mode after deleting all my Prefetch

I was asking that because you said that same message in your comment and I didnot understand what you meant by that..
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Accepted Solution

by:
nomi17 earned 250 total points
ID: 12192757
It looks like there may be files left over in the registry that will cause the launch of this infection after every reboot.  

Download this file(RegScrub XP):
http://www.majorgeeks.com/download2048.html
This app scans your registry for invalid entries and deletes them (actually, it removes them and stores it just in case you need to restore).

Follow sunrays instructions to delete all temp files and cookies.  Boot in safe mode and rescan your computer and let VET detect, rename and delete the files in question.  

Once this is done, run RegScrub and let it scan your registry.  Select all entries if finds and delete them.
Reboot normally and run another VET scan and let us know how it goes.
0
 
LVL 6

Expert Comment

by:nomi17
ID: 12192774
Note:  Run Regscrub twice since the first scan will remove entries that are "tied" to others.  The second scan will remove anything leftover.
0
 

Author Comment

by:stayhappy
ID: 12196733
Thanx for your input.

I uninstalled VET and then ran stinger then the Regscrub ( 100+ problems located ) twice then reinstalled VET ( with upgrade ) and ran VET and no sign of virus. that means I'm Ok doesn't it ?
0
 
LVL 12

Assisted Solution

by:rossfingal
rossfingal earned 250 total points
ID: 12208447
Hi!  stayhappy

It probably means you're clean.
However, just to be sure -
Make sure the option to "Show all Files and Folders", including hidden and system, is enabled
Search your entire computer for any instances of the following files:
(particularly check the prefetch, dllcache, and all temp folders)
history.doc
polyengine.dos.tpe.11
polyengine.dos.tpe.12
polyengine.dos.tpe.13
tpe.obj
tpe-gen.com
tpe-gen.obj
tpe-v11.asm
tpe-v12.asm
tpe-v13.asm
Delete all that you find (if present)
Empty the recycle bin
Reboot your computer and you should be fine.

Regards...
RF
0
 
LVL 6

Expert Comment

by:nomi17
ID: 12275803
Hi stayhappy,

Was away on a much needed vacation!
Just wanted to follow up on your issue.  Hope the suggestions given on this post helped you solve your problem.  Please let us know.

Thanks,
nomi17
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Dell Analyzer Question 1 70
Is my Machine open to hackers 3 115
PUP or Virus 6 86
optimal method deal ransomware in files folders 9 147
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question