darkmage479 Posted September 12, 2004 Posted September 12, 2004 okey, the problem seems to be that this benign but annoying trojan win32pf has manifested itself in my machine. it infects every.exe file on my hard disks (which i can remove) but only reinfects them again. after some work i think isolated the source file C:\Documents and Settings\User\Local Settings\Temp\hke4.tmp\which infects all the executables on my comp. my virus scanner can't remove this file and i'm locked out from deleting it manually. any ideas?
ugenn Posted September 12, 2004 Posted September 12, 2004 okey, the problem seems to be that this benign but annoying trojan win32pf has manifested itself in my machine. it infects every.exe file on my hard disks (which i can remove) but only reinfects them again. after some work i think isolated the source file C:\Documents and Settings\User\Local Settings\Temp\hke4.tmp\which infects all the executables on my comp. my virus scanner can't remove this file and i'm locked out from deleting it manually. any ideas? Check your registry autostartup for funky entries: Some of the common keys to checkHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunonceHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
darkmage479 Posted September 12, 2004 Author Posted September 12, 2004 (edited) thanks ugenn. i have located a couple of those registries, what do i do with them now? but i don't notice anything unusual...there are a coupe defaults with no location though. what does it all mean? excuse my inexperience at this... Edited September 12, 2004 by darkmage479
darkmage479 Posted September 12, 2004 Author Posted September 12, 2004 excuse the double post.... new information. running the lastest f-prot antivirus i recieved the following info from the scan. besides all my.exes being infected i have: hke4.tmp - C:\Documents and Settings\*User*\Local Settings\Temp - status infected - w32/Parite.B@mm (exact) - unable to remove virus *User* being my administrator account this help any?
darkmage479 Posted September 12, 2004 Author Posted September 12, 2004 wow!!! triple post... never mind, i got the bugger with a tool from bitdefender. say goodbye, win32pf. Me : 1virus programmer: 0, but he got 4 hours of my precious time.
Alpha Posted September 13, 2004 Posted September 13, 2004 Makesure you keep your Virus Definitions up to date next time.
ugenn Posted September 13, 2004 Posted September 13, 2004 More importantly, don't run apps u don't trust. And be click-happy with attachments. Practice safe sex^H^H^Hcomputing.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now