Solved

Removing HTML/crypted.gen

Posted on 2009-03-30
2
12,443 Views
Last Modified: 2013-11-22
I have a virus/trojan called HTML/crypted.gen, I am using Antivir, it detects it everytime you open a webpage.  Antivir will not remove it by any means, including Quarantine,Delete,Ignore,Rename, nothing will remove it, if you continue to click through eventually you can get to the website you initially requested.  I have used software at http://www.atribune.org/ that removed all the temp files and such.  The virus is located at the following location.   C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files

After deleting everything in this folder and restarting IE, the files are all recreated and the Virus remains.
0
Comment
Question by:ctanksley
2 Comments
 
LVL 15

Accepted Solution

by:
xmachine earned 500 total points
ID: 24026637
Hi,

Try the following:

1) Download and run ToolBarCop (http://windowsxp.mvps.org/toolbarcop.htm)
2) Download and run CCleaner (www.ccleaner.com/download)
3) Check the following articles about disabling IE BHO objects

http://www.winhelponline.com/tbchelp.htm

http://support.microsoft.com/kb/298931

http://windowsxp.mvps.org/noexplorer.htm

4) If your using IE 7, check how to reset it and disable all third-party BHO's + plugins

http://blogs.msdn.com/ie/archive/2006/06/12/628499.aspx

5) Download and run HijackThis portable and submit the log here

 (http://www.portableshare.com/downloads/HijackThis-Portable.html)

A Symantec Certified Specialist @ your service
0
 
LVL 23

Expert Comment

by:Admin3k
ID: 24026886
I need to ask a couple of questions first before recomending any tools.
1- Does this happen with All websites, or is this limited to some of them ?
2- Are you on a LAN or a standa lone computer? , if on LAN how many other machines ?, are they yours ? , do they have Antivirus installed?
3- What exactly is the infection name ? , is the file extension .JS,.VBS or .HTM ? , the full file name will hellp here.
4- Have you tried using other browsers than Internet explorer ? (Opera,Chrome,Firefox) , does the problem persist?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now