Win 32: Tinyfx(Trj) - please help!

While conducting research, I received two popups from Avast saying that I had a Trojan Horse and advising me to move it “chest” (which I did). I then did a standard scan using Avast and received several more popups (same advice - all moved to chest). The infected files all seem to be in my temporary Internet files. Is it okay to just delete the temp files?

I’m running Windows 98. Any help is appreciated!

Since it is a temporary location, there should be no problem in cleaning the temporary Internet files. That however may not stop more of the same being downloaded, you should have the Web Shield provider enabled if you haven’t already. With win98 you will have to set your browser manually to use the web shield proxy:
For IE - broadband users: - Tutorial - Web Shield Proxy Set-up for IE
For IE - dialup users - Tutorial - Web Shield Proxy Set-up for IE (Dial-up)
For Firefox users - Tutorial - Web Shield Proxy Set-up for Firefox

This should be able to detect the files as they are being downloaded by the web shield before they end up in your temporary Internet files.

What is your firewall (as this too should provide outbound protection) ?

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode, a-Squared free.

Wow! Thank-you, David. That was fast.

I will delete the temp Internet files as you suggested right away. thanks again!

No problem, welcome to the forums.

Let us know if you need any further help.

I went into the control panel, selected all the temp Internet files and manually deleted them. I am now doing another standard scan of the system This may be a stupid question but…I just noticed that Avast was scanning files under “c:\windows\temporaryinternetfiles\con” (I can’t see the rest of the location’s address). Why is there still temporary Internet files to scan? I’m confused.
Obviously, I’m not an I.T. student!

Hi Student,

When run the Trojan attempts to download a component from the web into \services.exe and execute it.

The following registry entry is also created:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WinMedia

Follow general instructions for trojan removal: http://www.claymania.com/removal-trojan-adware.html under section2,

polonus

Please ensure that you set-up your browser to use the web shield proxy as I have previously mentioned, this intercepts files being downloaded into the internet temp files and scans them, if they are infected then it alerts you and blocks the download. This stops it getting onto your system.

I also asked about your firewall, which you didn’t answer, what is it ?
A firewall is an absolutely essential security tool.

Did you download and run a-squared as I suggested ?

This can happen if you’re still online when you delete them or if some of the files are hidden.

Try using either CleanUp

http://www.stevengould.org/software/cleanup/

or CCleaner Slim (or Basic if you need languages other than English)

http://www.ccleaner.com/download/builds.aspx

Avoid the one with the Yahoo Toolbar.

Sorry David, I was in such a rush to get rid of the virus, I didn’t respond to your questions. I don’t think I have a firewall and I haven’t yet followed your former instructions (which I will). My system is quite old and I find that when I have had a firewall running, everything slows down quite a bit (maybe it’s my mind). Can you suggest a firewall that will run on Windows 98 and not cause too much of a slowdown?

I ran Avast after I deleted the Temp Internet files and there were no problems. Should I be concerned about the possibility of a backdoor having been created? thanks again. You guys are great.

Hi Polonus,

Do I still need to follow your directions if a standard scan of Avast has since shown that there are no problems? Deleting the temp files seemed to do the trick. thanks

Me again.
Is ad-aware SE by Lavasoft similiar to the programs that you guys are suggesting that I download? I ran ad-aware successfully after I removed the temp Internet files. thanks

Hi Student, consider also downloading the unofficial Win 98 SE ServicePack 2.01, works great, just download and install, you then even have USB support, the looks are like ME, you’ll find this upgrade here:
http://www.softpedia.com/progDownload/Unofficial-Windows--SE-Service-Pack--Final-Download-9065.html

The older versions of ZA free is a good free firewall that does not lean to heavy on the cycles, FF 2.0 or Flock 0.7.11 are good browsers on the now rather obsolete Win 98 SE platform.
Enjoy this new Win 98SE experience!

polonus

I will deal with the second bit first you haven’t got to worry about it installing a backdoor, first you have to have a backdoor (firewall) for it to try and circumvent.

Many firewalls now insist on XP the latest version of zone alarm being one of them and more that we would usually recommend for a first time firewall user as it has a user friendly interface.

See some firewall tests for comparison, some are freeware but many are paid for versions http://www.firewallleaktester.com/tests.php. Also see http://www.thefreecountry.com/security/firewalls.shtml You will have to chesk if they will work with win98.

AdAware is an anti-adware/spyware program but I don’t think it is as good as a-squared free, you can use both of these as they are non-resident (provided you have enough free hard disk space). So they only use resources when you start them up to do a scan, close them down on completion of the scan.

Hi David, I found a firewall (jetico) from the link you gave me and I have it installed. More than a dozen windows came up (after I first started it and as I was logging on to the Internet) requesting approval from me. I’m clicking okay and quite literally have no idea what I am allowing. Do you know anything about this firewall? I tried to configure it during setup but have no idea what I am doing. I feel handicap with this IT stuff!

Open Jetico and find where the ‘applications’ are listed and post the list or a screenshot of it here…

I have never used Jetico, and many firewalls are the same as this, one of the reasons why zone alarm was a good choice for new users was it didn’t swamp you with requests for permission.

What you are experiencing now will tail off as you get over the initial period where it will ask about virtually everything. Do as Tech suggested and check the applications area, see image, I found this at the Jetico site. There is also a support forum which should also be worth a browse, http://www.smokey-services.eu/forum/index.php.

When I tried Jettico I found it much too difficult for my taste. I couldn’t get the pop ups to stop.

You might be happier with Zone Alarm or Comodo.

I agree here with mauserme, but then an earlier version of ZA free, because this has to run on Win 98 SE (servicepack 2.1).

polonus

You’re right, Polonus. Comodo is not Windows 98 compatible.

I downloaded some of the ZA manuals and it looks like any version prior to 6.x would be OK. Old versions are available here

http://www.filehippo.com/download_zonealarm_free/

Yes David, I think I’ll keep what I have for now and see if the popups stop. When I shutdown yesterday, I noticed (too late) that I could have saved my earlier responses but failed to. I have saved them since so hopefully I won’t be asked permission for the same tasks from here on. I certainly hope the software doesn’t leave it up to me to be able to recognize potentially harmful situations.

Tech, I checked the applications section as you suggested and it seems ok.

I’m not sure who you people are - if this is your work or if you are volunteers. I think I’ll tag you superheros and just leave it at that.

thanks again!