Need help removing virus
Started by
RC021603
, Feb 27 2006 02:23 PM
#1
Posted 27 February 2006 - 02:23 PM
#2
Posted 27 February 2006 - 02:35 PM
Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE .
That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.
If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.
That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.
If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.
#3
Posted 28 February 2006 - 12:15 PM
I have tried some of the techniques listed. None of the virus scans I run are picking it up. The are telling me there are no threats. Even if I right click on the actual program, h91749.exe, and click scan for viruses it turns up as no threat. I know it is a threat. I don't know but I think they are not picking it up because it has not downloaded itself yet as a virus because I keep clicking close before it does. The info I found on the web says that h91746.exe is disquised as a legitamate program so then it downloads the virus in MS-DOS. It says it is a dialer and the name of that virus is "Dial/TlfLic-C." Once it is succesfully downloaded it deletes the .exe file. Here is one description I found on the web....
This section helps you to understand how it behaves
Dial/TlfLic-C is a dialler application.
Dial/TlfLic-C tries to create a dialup connection to a remote server and then loads web pages which may give access to further pages relating to online gambling and sex. Internet Shortcuts to these web sites may be created on the Desktop.
The main executable component of Dial/TlfLic-C drops a executable from its resource section to the Windows TEMP folder as h91746.exe and uses it to perform the dialup connection. Dial/TlfLic-C then deletes h91746.exe.
A file with an extension of INI may also be created in the TEMP folder.
Any advice?
This section helps you to understand how it behaves
Dial/TlfLic-C is a dialler application.
Dial/TlfLic-C tries to create a dialup connection to a remote server and then loads web pages which may give access to further pages relating to online gambling and sex. Internet Shortcuts to these web sites may be created on the Desktop.
The main executable component of Dial/TlfLic-C drops a executable from its resource section to the Windows TEMP folder as h91746.exe and uses it to perform the dialup connection. Dial/TlfLic-C then deletes h91746.exe.
A file with an extension of INI may also be created in the TEMP folder.
Any advice?
#4
Posted 28 February 2006 - 12:17 PM
The Malware Team are the people to ask
#5
Posted 28 February 2006 - 12:17 PM
yes, completely follow the instructions, which ends with posting a hijackthis log in the MALWARE forum
In addition to the log, you can add the above information, and also flag the thread with a title -- new virus
In addition to the log, you can add the above information, and also flag the thread with a title -- new virus
#6
Posted 02 March 2006 - 12:17 AM
Thanks for sending me to the clean up process. I went through it all and it seems to have fixed the problem. My only question is the original name of the program trying to download in MS-DOS was called h91746.exe. The last program I ran, Trojen Hunter, said it cleaned it but it didn't delete it. It said it changed the name to h91746.exe.tcf. What does that mean? I know the info I found on that virus said that h91746.exe is the file that the virus creates to download the actual virus. Should I leave the file alone now? Since it has been cleaned and is not doing what it was trying to do I don't know if I should leave it alone, but parts of me wants to delete it to get it off my computer for good. I think understandably I am a little weary about leaving it there but I figure my best advice would come from someone of greater computer knowledge. Also, thank you so much again for the clean up process. This is a great support site and I am so glad it is ran by donations. Currently I am tight on money and cannot afford to make a donation but be sure that I will donate when my finances pick up again. Thanks for all the help that is offered here and let me know what you think I should do with that file.
#7
Posted 02 March 2006 - 03:33 AM
The best thing is to submit the log to the malware team
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users