Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Need help with virus removal

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts

I have gotten the TROJ_VB.XR virus. And it seems to have downloaded another while it was at it.

The first one allows pop ups at the top of all web pages, and will even open a browser every 3 to 5 minutes
when you are in another application and bring you to some semi random ad pages.

I have located 3 files that are associated with it. 1 is in the windows folder, called newfrn.exe, another
in the temp folder called NDr~~.tmp.html (where the ~~ is random stuff, it changes it's name)
and one under the program files in a hidden directory called F?nts. That file is also hidden and
called W?crtupd.exe. It makes a call to the internet every so often and try's to use the NDR~ files
to create pop ups.

I have deleted all of them, but they come back. I have used the lastest trend micro scans to try to clean it
up to no avail. I assume it is something in Memory that rewrites the files. Or in the registry that
calls another file I don't know about 1 time, that creates these files. I have tried starting up in
safe mode, then deleting them, but they come back.

Don't know enough about the registry stuff to know what to look for there or not. Afraid to take stuff out of that.

Anyone got any ideas?

Steve Ricker
  • 0




    Tech Staff

  • Technician
  • 16,645 posts
Hello stevenricker...

Please go to the Malware Forum and follow the instructions at the top....Especially the Start Here.

That will give you several steps that will help you clean up 70 percent of all problems by yourself...then post a hijackthis log in THAT forum. Be patient, the Malware Forum is a very busy place and a two or three day wait is not unusual. DO NOT REPLY TO OR BUMP YOUR OWN LOG. If it shows a reply it may be overlooked as one that is being worked on.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.

  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

I will go over to that forum and read up right now.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP