Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

TPE encrypted virus

Posted on 2004-09-29
11
Medium Priority
?
548 Views
Last Modified: 2012-05-05
I have windows XP and run Vet anti-virus. I was notified that my computer was infected with a TPE encrypted virus which VET could not clean but instead re-named and deleted except that when I run VET again it says it has done the same thing again and again and again. I have disbabled system restore and run VET in safe Mode after deleting all my Prefetch BUT it is still there. what can I do ? VET doesn't give me anymore info on the virus apart from what I've given you, that's it ! I look forward to your reply.
0
Comment
Question by:stayhappy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
11 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12179249
Download Stinger from here http://vil.nai.com/vil/stinger/
and also use this online virus scan http://housecall.trendmicro.com/  to see if they all report the same virus.

Run these in safe mode aswell and see if there is any difference.

What is the exact name of the virus ?

What do you mean by this
run VET in safe Mode after deleting all my Prefetch ??

Try doing this
Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Also you may want to reinstall your anti-virus to see if that would help

SR
0
 

Author Comment

by:stayhappy
ID: 12186323
I've done as you said and both scans bring up no trace of any virus at all , same result in safe Mode , BUT VET still says that I've got the virus. and it gives me NO name , NO other description apart from TPE encrypted virus . that's it !


What do you mean by "run VET in safe Mode after deleting all my Prefetch ??" i was advised to do that by someone else which gave no result. just though you should know.

haven't reinstalled my anti virus BUT I downloaded AVG Anti-virus Free Edition and ran that and that didn't detect a virus either
 
 
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12188717
>> What do you mean by "run VET in safe Mode after deleting all my Prefetch

I was asking that because you said that same message in your comment and I didnot understand what you meant by that..
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 6

Accepted Solution

by:
nomi17 earned 1000 total points
ID: 12192757
It looks like there may be files left over in the registry that will cause the launch of this infection after every reboot.  

Download this file(RegScrub XP):
http://www.majorgeeks.com/download2048.html
This app scans your registry for invalid entries and deletes them (actually, it removes them and stores it just in case you need to restore).

Follow sunrays instructions to delete all temp files and cookies.  Boot in safe mode and rescan your computer and let VET detect, rename and delete the files in question.  

Once this is done, run RegScrub and let it scan your registry.  Select all entries if finds and delete them.
Reboot normally and run another VET scan and let us know how it goes.
0
 
LVL 6

Expert Comment

by:nomi17
ID: 12192774
Note:  Run Regscrub twice since the first scan will remove entries that are "tied" to others.  The second scan will remove anything leftover.
0
 

Author Comment

by:stayhappy
ID: 12196733
Thanx for your input.

I uninstalled VET and then ran stinger then the Regscrub ( 100+ problems located ) twice then reinstalled VET ( with upgrade ) and ran VET and no sign of virus. that means I'm Ok doesn't it ?
0
 
LVL 12

Assisted Solution

by:rossfingal
rossfingal earned 1000 total points
ID: 12208447
Hi!  stayhappy

It probably means you're clean.
However, just to be sure -
Make sure the option to "Show all Files and Folders", including hidden and system, is enabled
Search your entire computer for any instances of the following files:
(particularly check the prefetch, dllcache, and all temp folders)
history.doc
polyengine.dos.tpe.11
polyengine.dos.tpe.12
polyengine.dos.tpe.13
tpe.obj
tpe-gen.com
tpe-gen.obj
tpe-v11.asm
tpe-v12.asm
tpe-v13.asm
Delete all that you find (if present)
Empty the recycle bin
Reboot your computer and you should be fine.

Regards...
RF
0
 
LVL 6

Expert Comment

by:nomi17
ID: 12275803
Hi stayhappy,

Was away on a much needed vacation!
Just wanted to follow up on your issue.  Hope the suggestions given on this post helped you solve your problem.  Please let us know.

Thanks,
nomi17
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question