|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 My First Virus On Vista(Click here to view the original thread with full colors/images)Posted by: alexsabree Well i got vista ultimate up and running and it turns out i have a virus. "PE_TENGA.A could not be cleaned or quaruntined" Trend Micro says. Heres what trend micro's descriptions are: PE_TENGA.A This virus spreads via network shares. It retrieves the first three octets of a host machine's IP address. It then generates the fourth octet from 1 to 255 and scans the whole network for writable shared folders using port 139. Once found, it searches for executable (.EXE) files and infects them. Upon execution, it downloads the malicious file DL.EXE from the Web site utenti.lycos.it/vx9. Trend Micro detects the said file as TROJ_TENGADL.A. This downloaded Trojan, in turn, downloads the file GAELICUM.EXE, which Trend Micro detects as PE_TENGA.A-O. The file detected as PE_TENGA.A-O is the mother file infector of this virus. It attempts to connect to the site vx9.users.freebsd.at. While doing this, it also spawns a remote command prompt. This file infector, PE_TENGA.A, uses either the appending type or cavity type of infection to infect files. It checks the last section of the host file for unused space. If the said space is greater than this virus' file size, it uses cavity infection. Otherwise, it simply appends its viral code at the end of the host file. Some files contain extra codes at the end of their last section. This virus overwrites the said section with its codes. As a result, the files become corrupted. It infects all .EXE files it finds in all of the system's folders. However, it avoids infecting the file NTOSKRNL.EXE. This file infector can execute at every system startup if the file it infects has autostart capabilities. This virus also checks for its infection marker "V" to avoid reinfecting a file. It also makes sure that only one instance of itself is running on the infected system's memory by creating the mutex gaelicum. It runs on Windows 95, 98, ME, NT, 2000, and XP. TROJ_TENGADL.A This memory-resident Trojan searches for an Internet connection on the system. If a connection exists it then accesses the Web site, utenti.{BLOCKED}lycos.it/vx9/, and proceeds to download the following files: * CBACK.EXE - detected by Trend Micro as BKDR_CALLBACK.B * GAELICUM.EXE - detected by Trend Micro as PE_TENGA.A It then executes these malware after the download process. This Trojan creates the following registry entries to ensure the automatic execution of the downloaded malware at every system startup: HKEY_LOCAL_MACHINE\Software\Microsoft\ Then, after a while it infected my sound drivers... which obviously can not be cleaned or quaruntied because they are currently being used. So i cant open my sound control panel. I am doing a full system scan in the morning... and in the meantime im trying to get Windows xp working. I AM COMPLETELY FU***D WTF CAN I DO??? Posted by: Snake-Eyes I have to say this before any thing else: LOL VISTA. GG, not even a full month before your first virus. Anyway. My suggestion is to reformat. Preferably with XP, but Vista will be work too. Posted by: alexsabree yeah i know, vista sucks, but right now my xp isnt workin. Is their anyway i can get rid of this virus without having to reformat? Posted by: savagenator follow warez's guide....if it works for vista....or search the virus on google and find the way to take if off XP, and see if it works with vista. anyway, thats pretty cool that vista has viruses already, even if it screws people over it will force microsoft to release fixes Posted by: alexsabree [QUOTE][i]Originally posted by savagenator [/i] [B]follow warez's guide....if it works for vista....or search the virus on google and find the way to take if off XP, and see if it works with vista. anyway, thats pretty cool that vista has viruses already, even if it screws people over it will force microsoft to release fixes [/B][/QUOTE] Yeah its cool from your point of view :( Ive already gone through his guide.. its corrupted all of my .exe files so i will have to reinstall all my games and such.. But some things i dont have the cd for, such as photoshop and many other games i didnt get legally. (i guess that's what i get) I dont want to reformat.. just to much stuff i will lose.. Posted by: GoodNews101 Is it possible for you to access the internet and download and run Kaspersky's free online virus scan? Kaspersky is phenomenal and better than trend micro; they update their full product hourly. NOD32 by ESET is another outstanding anti-vir, etc., but I don't know if they have a free online scan. Posted by: t3ch_threads try using a live cd such as knoppix. It runs an os off the cd, so you should be able to use it to rescue some of your files. Posted by: alexsabree Ehh.. i reformated, and i went out and bought windows Xp PRO (I has windows xp home, but they wouldnt let me reactivate it :() I also just reinstalled vista. So now i have windows vista ultimate windows xp pro and ubuntu running flawlessly. (btw, ubuntu is awesome ;)) Posted by: t3ch_threads [QUOTE][i]Originally posted by alexsabree [/i] [B]So now i have windows vista ultimate windows xp pro and ubuntu running flawlessly.[/B][/QUOTE] Very nice! High five! </borat> Posted by: alexsabree yeah i got ubuntu because i want a backup incase windows catches a virus again (very likely) Posted by: Trotter [quote] Ehh.. i reformated, and i went out and bought windows Xp PRO (I has windows xp home, but they wouldnt let me reactivate it )[/quote] If you upgraded over it, Vista invalidates the serial key for it. vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |