Hey All,
I just deleted two worms:
deleted: virus Worm.Win32.Huhk.c File: C:\WINDOWS\explorer.exe
deleted: virus Worm.Win32.Huhk.c Running module: explorer.exe\Explorer.EXE
Am I safe now and how did I get infected?
I had downloaded a ewigo trojan scanner prior to the problem; maybe that was it? I had to do a win xp system restore to get back in business and have deleted all but the current one.
Cnon
Update just received word that it was a false positive for kaspersky.
They have fixed it now.
Hi cnon,
You might not been infected at all in the first place. It might be a false positive, hopefully you did not delete explorer.exe. Read this: It appears to be confirmed by Kaspersky that this Worm.Win32.Huhk.c ‘infection’ is a false positive. There are a lot of posts on the Kaspersky user support forum referred to in an earlier reply to this thread. Some people have made things worse by using the delete option to remove the explorer.exe file. So, if you’re reading this to get information about this ‘infection’, don’t delete explorer.exe. Hopefully, you will have obtained the latest signature update to correct the problem by now.
I do wonder how false positives come about. How are names arrived at, especially when it’s false? Is this still malware, albeit ‘harmless’ - even though a lot of harm has been created.
Also, perhaps Zonealarm could ask Kaspersky to urgently provide web-based information and instructions on any future false positives to avert much of the trouble that has been caused to many people. Some people have deleted the explorer.exe file and found it difficult to progress without a taskbar upon rebooting their computer.
So whenever an alarm is fired through what kind of security program, get informed if it is real or an apparent FP or inform here, at least do not delete right away, so you could set the file back. Update at virustotal to see what other scanners say. FP’s can be a pain in the back, worse than a real virus infection sometimes. See the sticky I made in the virus and worms,
polonus