Win32:Crypt-FMV [Trj]

Hi i need help my virus chest is getting full the same oneScanning of selected files

Action was completed successfully!

Virus has been detected!
File Name: cejo.tmp
FileID: 7
Virus Description: Win32:Crypt-FMV [Trj]

what’s the next move repair or delete. thank-you

keep a copy of it then delete other copies"may be it is a FP"

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

If they are all identical, then yes it is feasible to remove all but one.

What was the original location of the detection, if it keeps getting recreated then we need to find the file/program creating it (and the location may give a clue).

If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?

If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

malwarebytes blocked access to malicious ip:195.2.253.9? firewall am using comodo firewall log scan
alwarebytes’ Anti-Malware 1.41
Database version: 3219
Windows 6.0.6002 Service Pack 2

23/11/2009 5:03:24 PM
mbam-log-2009-11-23 (17-03-24).txt

Scan type: Full Scan (C:|D:|E:|)
Objects scanned: 275710
Time elapsed: 42 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Well that IP is for a Russian domain

195.2.252.0 - 195.2.253.255 netname: MADET-NET descr: Madet Ltd. country: RU

Don’t know what that company does, but it has a large range of IPs.

I’m also not familiar how the MBAM IP blocking works, if that were an outbound connection, presumably you know nothing of this IP.

I would have though that your firewall should also have intercepted what would presumably be an unauthorised outbound connection. Nor does there seem to be any Defence+ (or whatever they call it) alert.