Solved

TPE encrypted virus

Posted on 2004-09-29
11
541 Views
Last Modified: 2012-05-05
I have windows XP and run Vet anti-virus. I was notified that my computer was infected with a TPE encrypted virus which VET could not clean but instead re-named and deleted except that when I run VET again it says it has done the same thing again and again and again. I have disbabled system restore and run VET in safe Mode after deleting all my Prefetch BUT it is still there. what can I do ? VET doesn't give me anymore info on the virus apart from what I've given you, that's it ! I look forward to your reply.
0
Comment
Question by:stayhappy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
11 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12179249
Download Stinger from here http://vil.nai.com/vil/stinger/
and also use this online virus scan http://housecall.trendmicro.com/  to see if they all report the same virus.

Run these in safe mode aswell and see if there is any difference.

What is the exact name of the virus ?

What do you mean by this
run VET in safe Mode after deleting all my Prefetch ??

Try doing this
Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Also you may want to reinstall your anti-virus to see if that would help

SR
0
 

Author Comment

by:stayhappy
ID: 12186323
I've done as you said and both scans bring up no trace of any virus at all , same result in safe Mode , BUT VET still says that I've got the virus. and it gives me NO name , NO other description apart from TPE encrypted virus . that's it !


What do you mean by "run VET in safe Mode after deleting all my Prefetch ??" i was advised to do that by someone else which gave no result. just though you should know.

haven't reinstalled my anti virus BUT I downloaded AVG Anti-virus Free Edition and ran that and that didn't detect a virus either
 
 
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12188717
>> What do you mean by "run VET in safe Mode after deleting all my Prefetch

I was asking that because you said that same message in your comment and I didnot understand what you meant by that..
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 
LVL 6

Accepted Solution

by:
nomi17 earned 250 total points
ID: 12192757
It looks like there may be files left over in the registry that will cause the launch of this infection after every reboot.  

Download this file(RegScrub XP):
http://www.majorgeeks.com/download2048.html
This app scans your registry for invalid entries and deletes them (actually, it removes them and stores it just in case you need to restore).

Follow sunrays instructions to delete all temp files and cookies.  Boot in safe mode and rescan your computer and let VET detect, rename and delete the files in question.  

Once this is done, run RegScrub and let it scan your registry.  Select all entries if finds and delete them.
Reboot normally and run another VET scan and let us know how it goes.
0
 
LVL 6

Expert Comment

by:nomi17
ID: 12192774
Note:  Run Regscrub twice since the first scan will remove entries that are "tied" to others.  The second scan will remove anything leftover.
0
 

Author Comment

by:stayhappy
ID: 12196733
Thanx for your input.

I uninstalled VET and then ran stinger then the Regscrub ( 100+ problems located ) twice then reinstalled VET ( with upgrade ) and ran VET and no sign of virus. that means I'm Ok doesn't it ?
0
 
LVL 12

Assisted Solution

by:rossfingal
rossfingal earned 250 total points
ID: 12208447
Hi!  stayhappy

It probably means you're clean.
However, just to be sure -
Make sure the option to "Show all Files and Folders", including hidden and system, is enabled
Search your entire computer for any instances of the following files:
(particularly check the prefetch, dllcache, and all temp folders)
history.doc
polyengine.dos.tpe.11
polyengine.dos.tpe.12
polyengine.dos.tpe.13
tpe.obj
tpe-gen.com
tpe-gen.obj
tpe-v11.asm
tpe-v12.asm
tpe-v13.asm
Delete all that you find (if present)
Empty the recycle bin
Reboot your computer and you should be fine.

Regards...
RF
0
 
LVL 6

Expert Comment

by:nomi17
ID: 12275803
Hi stayhappy,

Was away on a much needed vacation!
Just wanted to follow up on your issue.  Hope the suggestions given on this post helped you solve your problem.  Please let us know.

Thanks,
nomi17
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question