?
Solved

Removing HTML/crypted.gen

Posted on 2009-03-30
2
Medium Priority
?
12,578 Views
Last Modified: 2013-11-22
I have a virus/trojan called HTML/crypted.gen, I am using Antivir, it detects it everytime you open a webpage.  Antivir will not remove it by any means, including Quarantine,Delete,Ignore,Rename, nothing will remove it, if you continue to click through eventually you can get to the website you initially requested.  I have used software at http://www.atribune.org/ that removed all the temp files and such.  The virus is located at the following location.   C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files

After deleting everything in this folder and restarting IE, the files are all recreated and the Virus remains.
0
Comment
Question by:ctanksley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 15

Accepted Solution

by:
xmachine earned 2000 total points
ID: 24026637
Hi,

Try the following:

1) Download and run ToolBarCop (http://windowsxp.mvps.org/toolbarcop.htm)
2) Download and run CCleaner (www.ccleaner.com/download)
3) Check the following articles about disabling IE BHO objects

http://www.winhelponline.com/tbchelp.htm

http://support.microsoft.com/kb/298931

http://windowsxp.mvps.org/noexplorer.htm

4) If your using IE 7, check how to reset it and disable all third-party BHO's + plugins

http://blogs.msdn.com/ie/archive/2006/06/12/628499.aspx

5) Download and run HijackThis portable and submit the log here

 (http://www.portableshare.com/downloads/HijackThis-Portable.html)

A Symantec Certified Specialist @ your service
0
 
LVL 23

Expert Comment

by:Mohamed Osama
ID: 24026886
I need to ask a couple of questions first before recomending any tools.
1- Does this happen with All websites, or is this limited to some of them ?
2- Are you on a LAN or a standa lone computer? , if on LAN how many other machines ?, are they yours ? , do they have Antivirus installed?
3- What exactly is the infection name ? , is the file extension .JS,.VBS or .HTM ? , the full file name will hellp here.
4- Have you tried using other browsers than Internet explorer ? (Opera,Chrome,Firefox) , does the problem persist?
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question