Solved

Removing HTML/crypted.gen

Posted on 2009-03-30
2
12,414 Views
Last Modified: 2013-11-22
I have a virus/trojan called HTML/crypted.gen, I am using Antivir, it detects it everytime you open a webpage.  Antivir will not remove it by any means, including Quarantine,Delete,Ignore,Rename, nothing will remove it, if you continue to click through eventually you can get to the website you initially requested.  I have used software at http://www.atribune.org/ that removed all the temp files and such.  The virus is located at the following location.   C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files

After deleting everything in this folder and restarting IE, the files are all recreated and the Virus remains.
0
Comment
Question by:ctanksley
2 Comments
 
LVL 15

Accepted Solution

by:
xmachine earned 500 total points
ID: 24026637
Hi,

Try the following:

1) Download and run ToolBarCop (http://windowsxp.mvps.org/toolbarcop.htm)
2) Download and run CCleaner (www.ccleaner.com/download)
3) Check the following articles about disabling IE BHO objects

http://www.winhelponline.com/tbchelp.htm

http://support.microsoft.com/kb/298931

http://windowsxp.mvps.org/noexplorer.htm

4) If your using IE 7, check how to reset it and disable all third-party BHO's + plugins

http://blogs.msdn.com/ie/archive/2006/06/12/628499.aspx

5) Download and run HijackThis portable and submit the log here

 (http://www.portableshare.com/downloads/HijackThis-Portable.html)

A Symantec Certified Specialist @ your service
0
 
LVL 23

Expert Comment

by:Admin3k
ID: 24026886
I need to ask a couple of questions first before recomending any tools.
1- Does this happen with All websites, or is this limited to some of them ?
2- Are you on a LAN or a standa lone computer? , if on LAN how many other machines ?, are they yours ? , do they have Antivirus installed?
3- What exactly is the infection name ? , is the file extension .JS,.VBS or .HTM ? , the full file name will hellp here.
4- Have you tried using other browsers than Internet explorer ? (Opera,Chrome,Firefox) , does the problem persist?
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now