Solved

Removing HTML/crypted.gen

Posted on 2009-03-30
2
12,525 Views
Last Modified: 2013-11-22
I have a virus/trojan called HTML/crypted.gen, I am using Antivir, it detects it everytime you open a webpage.  Antivir will not remove it by any means, including Quarantine,Delete,Ignore,Rename, nothing will remove it, if you continue to click through eventually you can get to the website you initially requested.  I have used software at http://www.atribune.org/ that removed all the temp files and such.  The virus is located at the following location.   C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files

After deleting everything in this folder and restarting IE, the files are all recreated and the Virus remains.
0
Comment
Question by:ctanksley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 15

Accepted Solution

by:
xmachine earned 500 total points
ID: 24026637
Hi,

Try the following:

1) Download and run ToolBarCop (http://windowsxp.mvps.org/toolbarcop.htm)
2) Download and run CCleaner (www.ccleaner.com/download)
3) Check the following articles about disabling IE BHO objects

http://www.winhelponline.com/tbchelp.htm

http://support.microsoft.com/kb/298931

http://windowsxp.mvps.org/noexplorer.htm

4) If your using IE 7, check how to reset it and disable all third-party BHO's + plugins

http://blogs.msdn.com/ie/archive/2006/06/12/628499.aspx

5) Download and run HijackThis portable and submit the log here

 (http://www.portableshare.com/downloads/HijackThis-Portable.html)

A Symantec Certified Specialist @ your service
0
 
LVL 23

Expert Comment

by:Mohamed Osama
ID: 24026886
I need to ask a couple of questions first before recomending any tools.
1- Does this happen with All websites, or is this limited to some of them ?
2- Are you on a LAN or a standa lone computer? , if on LAN how many other machines ?, are they yours ? , do they have Antivirus installed?
3- What exactly is the infection name ? , is the file extension .JS,.VBS or .HTM ? , the full file name will hellp here.
4- Have you tried using other browsers than Internet explorer ? (Opera,Chrome,Firefox) , does the problem persist?
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ransom.CRYPTXXX Activity 2 9 130
Twitching screen 11 140
Adware on Android hooked into Chrome 6 65
how to setup email notification on AVG Admin Console? 4 19
Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question