Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With New Poly Win32 Virus


  • Please log in to reply
6 replies to this topic

#1 margep

margep

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 26 August 2006 - 10:42 PM

can someone please help
i did a McAfe scan after getting several dll errors and it found that i was infected with the new poly win32 virus. it can not be cleaned, quarantined or deleted and i do not know what to do nexct. i am running windows xp and recently upgraded to sp2. help would be appreciated.
Thank You,
Marge

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:46 PM

Posted 27 August 2006 - 06:51 AM

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download, install and update Ewido Anti-Spyware v4.0. DO NOT perform a scan yet..
Print out the Ewido Install and Scan Instructions.

Please download ATF Cleaner by Atribune.
DO NOT use yet..

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Scan with Ewido per the "Safe Mode" instructions you printed out.

Run a full scan with McAfee and reboot back to normal mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 margep

margep
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 27 August 2006 - 04:04 PM

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download, install and update Ewido Anti-Spyware v4.0. DO NOT perform a scan yet..
Print out the Ewido Install and Scan Instructions.

Please download ATF Cleaner by Atribune.
DO NOT use yet..

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Scan with Ewido per the "Safe Mode" instructions you printed out.

Run a full scan with McAfee and reboot back to normal mode.



#4 margep

margep
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 27 August 2006 - 04:12 PM

I followed all your directions and after I did the last scan it said that I am still infected with the New Poly Win32 Virus.
I am running Internet Explorer on my pc.
Any more suggestions will be greatly appreciated.
Thanks again,
Marge

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:46 PM

Posted 27 August 2006 - 04:30 PM

Per McAfee

This is a heuristic detection which indicates that a file is possibly infected with a Polymorphic Win32 virus. Win32 stands for 32-bit Windows and includes Windows 95, 98, NT, 2000, XP, ME, etc. Ensure that you are using the latest engine and DATs and send a copy of the file to AVERT if it is still detected as "New Poly Win32"

http://vil.nai.com/vil/content/v_99969.htm (characteristics)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 margep

margep
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 28 August 2006 - 04:37 PM

Thank you for giving me the solution to my problem.
Again I followed your direction and was able to quarantine the newpolywin32 virus with the last scan that you suggested.
You are my hero of the day !!!!!!!!!
Thanks again,
Merge

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:46 PM

Posted 28 August 2006 - 04:51 PM

Good job. :thumbsup:

Now you should SET A NEW RESTORE POINT to prevent reinfection from an old restore point. Any malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to set a new RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users