Hey, what’s goin on, last night I had my first encounter with any sort of MalWare, and after spending all night trying to figure it out myself without any luck, I decided I would post here as there seems to be quite a few people who actually know what theyre talking about. So like I said, last night I was downloading a program from a pretty shady source (which ironically enough was for an Ad-Ware blocker), when my Avast! VB started going off. Here’s all the info about my system and the trojan itself, if I forgot anything just lemme know:
OS System and updates:
Windows XP Home Edition 2002 w/ service pack 2
Avast! version and VPS file number:
Avast! version VPS 0659-0 (most up to date), Virus database current as well.
Name of the Virus, the filename, and where the trojan was located:
Virus name is Win32:Trojan-gen.{Other}, which affected the file - C:\Documents and Settings\Ben Hutchins\Start Menu\Programs\Startup\win32.exe
After I became infected My computer kept freezing up on me, which could have been a result of the trojan or because I was running 2 different virus scanners running (hey, I panicked!) and everytime Windows would boot back up I would, and still am getting prompted to open one of three files (Win32.dll, MSWINSCK.OCX, or SYSINFO.OCX) which are all located in my StartUp directory (located at C:\Documents and Settings\Ben Hutchins\Start Menu\Programs\Startup), which is also where the infected files came from. I’m wondering if the prompts I get after rebooting my computer is the program trying to replicate, but because Windows doesn’t recognize the .OCX or .dll extentions, it’s keeping it contained. What was strange to me was that I received 4 notices for the same Win32 trojan from Avast every time I turned my computer back on. After the 4th time tho, I stopped getting virus warnings, and the virus scans actually came back clean.
So I guess my question is this, what should or can I do about the Win.exe file that is currently quarentined by Avast, do I even need it? Also, what about the 3 files in my Startup folder that keep trying to open up, is there any salvaging them? or do I need them at all? (actually, after just looking at the properties of each file, I notice that they were all created when I became infected)… strange.
So that’s it I think, if anyone has any suggestions I would greatly appreciate it, and if you need any more information from me just lemme know.
thanks,
Ben