Solved

TPE encrypted virus

Posted on 2004-09-29
11
516 Views
Last Modified: 2012-05-05
I have windows XP and run Vet anti-virus. I was notified that my computer was infected with a TPE encrypted virus which VET could not clean but instead re-named and deleted except that when I run VET again it says it has done the same thing again and again and again. I have disbabled system restore and run VET in safe Mode after deleting all my Prefetch BUT it is still there. what can I do ? VET doesn't give me anymore info on the virus apart from what I've given you, that's it ! I look forward to your reply.
0
Comment
Question by:stayhappy
  • 3
  • 2
  • 2
  • +1
11 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12179249
Download Stinger from here http://vil.nai.com/vil/stinger/
and also use this online virus scan http://housecall.trendmicro.com/  to see if they all report the same virus.

Run these in safe mode aswell and see if there is any difference.

What is the exact name of the virus ?

What do you mean by this
run VET in safe Mode after deleting all my Prefetch ??

Try doing this
Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Also you may want to reinstall your anti-virus to see if that would help

SR
0
 

Author Comment

by:stayhappy
ID: 12186323
I've done as you said and both scans bring up no trace of any virus at all , same result in safe Mode , BUT VET still says that I've got the virus. and it gives me NO name , NO other description apart from TPE encrypted virus . that's it !


What do you mean by "run VET in safe Mode after deleting all my Prefetch ??" i was advised to do that by someone else which gave no result. just though you should know.

haven't reinstalled my anti virus BUT I downloaded AVG Anti-virus Free Edition and ran that and that didn't detect a virus either
 
 
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12188717
>> What do you mean by "run VET in safe Mode after deleting all my Prefetch

I was asking that because you said that same message in your comment and I didnot understand what you meant by that..
0
 
LVL 6

Accepted Solution

by:
nomi17 earned 250 total points
ID: 12192757
It looks like there may be files left over in the registry that will cause the launch of this infection after every reboot.  

Download this file(RegScrub XP):
http://www.majorgeeks.com/download2048.html
This app scans your registry for invalid entries and deletes them (actually, it removes them and stores it just in case you need to restore).

Follow sunrays instructions to delete all temp files and cookies.  Boot in safe mode and rescan your computer and let VET detect, rename and delete the files in question.  

Once this is done, run RegScrub and let it scan your registry.  Select all entries if finds and delete them.
Reboot normally and run another VET scan and let us know how it goes.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 6

Expert Comment

by:nomi17
ID: 12192774
Note:  Run Regscrub twice since the first scan will remove entries that are "tied" to others.  The second scan will remove anything leftover.
0
 

Author Comment

by:stayhappy
ID: 12196733
Thanx for your input.

I uninstalled VET and then ran stinger then the Regscrub ( 100+ problems located ) twice then reinstalled VET ( with upgrade ) and ran VET and no sign of virus. that means I'm Ok doesn't it ?
0
 
LVL 12

Assisted Solution

by:rossfingal
rossfingal earned 250 total points
ID: 12208447
Hi!  stayhappy

It probably means you're clean.
However, just to be sure -
Make sure the option to "Show all Files and Folders", including hidden and system, is enabled
Search your entire computer for any instances of the following files:
(particularly check the prefetch, dllcache, and all temp folders)
history.doc
polyengine.dos.tpe.11
polyengine.dos.tpe.12
polyengine.dos.tpe.13
tpe.obj
tpe-gen.com
tpe-gen.obj
tpe-v11.asm
tpe-v12.asm
tpe-v13.asm
Delete all that you find (if present)
Empty the recycle bin
Reboot your computer and you should be fine.

Regards...
RF
0
 
LVL 6

Expert Comment

by:nomi17
ID: 12275803
Hi stayhappy,

Was away on a much needed vacation!
Just wanted to follow up on your issue.  Hope the suggestions given on this post helped you solve your problem.  Please let us know.

Thanks,
nomi17
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now