Solved

Removing HTML/crypted.gen

Posted on 2009-03-30
2
12,541 Views
Last Modified: 2013-11-22
I have a virus/trojan called HTML/crypted.gen, I am using Antivir, it detects it everytime you open a webpage.  Antivir will not remove it by any means, including Quarantine,Delete,Ignore,Rename, nothing will remove it, if you continue to click through eventually you can get to the website you initially requested.  I have used software at http://www.atribune.org/ that removed all the temp files and such.  The virus is located at the following location.   C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files

After deleting everything in this folder and restarting IE, the files are all recreated and the Virus remains.
0
Comment
Question by:ctanksley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 15

Accepted Solution

by:
xmachine earned 500 total points
ID: 24026637
Hi,

Try the following:

1) Download and run ToolBarCop (http://windowsxp.mvps.org/toolbarcop.htm)
2) Download and run CCleaner (www.ccleaner.com/download)
3) Check the following articles about disabling IE BHO objects

http://www.winhelponline.com/tbchelp.htm

http://support.microsoft.com/kb/298931

http://windowsxp.mvps.org/noexplorer.htm

4) If your using IE 7, check how to reset it and disable all third-party BHO's + plugins

http://blogs.msdn.com/ie/archive/2006/06/12/628499.aspx

5) Download and run HijackThis portable and submit the log here

 (http://www.portableshare.com/downloads/HijackThis-Portable.html)

A Symantec Certified Specialist @ your service
0
 
LVL 23

Expert Comment

by:Mohamed Osama
ID: 24026886
I need to ask a couple of questions first before recomending any tools.
1- Does this happen with All websites, or is this limited to some of them ?
2- Are you on a LAN or a standa lone computer? , if on LAN how many other machines ?, are they yours ? , do they have Antivirus installed?
3- What exactly is the infection name ? , is the file extension .JS,.VBS or .HTM ? , the full file name will hellp here.
4- Have you tried using other browsers than Internet explorer ? (Opera,Chrome,Firefox) , does the problem persist?
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question