[RC021603]

About every 2-3 minutes I get a message popping up saying something about h91746.exe is trying to do something in MS-DOS and it's not sure if it is okay. It tells me click close to cancel operations or ignore. I have been clicking close so it does not do it but it wont go away. I found the program located in C:/WINDOWS/Temp as h91746.exe. When I try to delete it a message pops up saying it is in use by another program. I found out by doing an internet search it is a viruse that desquises itself as that .exe file name and then downloads itself and deletes the .exe file. Then it can gain personal information from you using a website. I don't know what it is but I want it gone, before it downloads itself. I have run different virus scans and none have taken this off or even found it as a threat. Is there any advice for removing this and maybe some more information about this virus? I also saw another posting on this website about downloading "hijack this" software. I ran a scan and saved the log. I glanced through it and did not find anything that looked connected to that but maybe somebody else with better knowlege of a computer can see if it is in there. I tried to attache that log to this posting but I am not sure if it worked. Is there anything I can try to delete this file and is there any more info I can get on this virus? Thanks.

[Advertisements]

Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE .

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.

[gerryf]

Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE .

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.

[RC021603]

I have tried some of the techniques listed. None of the virus scans I run are picking it up. The are telling me there are no threats. Even if I right click on the actual program, h91749.exe, and click scan for viruses it turns up as no threat. I know it is a threat. I don't know but I think they are not picking it up because it has not downloaded itself yet as a virus because I keep clicking close before it does. The info I found on the web says that h91746.exe is disquised as a legitamate program so then it downloads the virus in MS-DOS. It says it is a dialer and the name of that virus is "Dial/TlfLic-C." Once it is succesfully downloaded it deletes the .exe file. Here is one description I found on the web....

This section helps you to understand how it behaves
Dial/TlfLic-C is a dialler application.

Dial/TlfLic-C tries to create a dialup connection to a remote server and then loads web pages which may give access to further pages relating to online gambling and sex. Internet Shortcuts to these web sites may be created on the Desktop.

The main executable component of Dial/TlfLic-C drops a executable from its resource section to the Windows TEMP folder as h91746.exe and uses it to perform the dialup connection. Dial/TlfLic-C then deletes h91746.exe.

A file with an extension of INI may also be created in the TEMP folder.

Any advice?

[Retired Tech]

The Malware Team are the people to ask

[gerryf]

yes, completely follow the instructions, which ends with posting a hijackthis log in the MALWARE forum

In addition to the log, you can add the above information, and also flag the thread with a title -- new virus

[RC021603]

Thanks for sending me to the clean up process. I went through it all and it seems to have fixed the problem. My only question is the original name of the program trying to download in MS-DOS was called h91746.exe. The last program I ran, Trojen Hunter, said it cleaned it but it didn't delete it. It said it changed the name to h91746.exe.tcf. What does that mean? I know the info I found on that virus said that h91746.exe is the file that the virus creates to download the actual virus. Should I leave the file alone now? Since it has been cleaned and is not doing what it was trying to do I don't know if I should leave it alone, but parts of me wants to delete it to get it off my computer for good. I think understandably I am a little weary about leaving it there but I figure my best advice would come from someone of greater computer knowledge. Also, thank you so much again for the clean up process. This is a great support site and I am so glad it is ran by donations. Currently I am tight on money and cannot afford to make a donation but be sure that I will donate when my finances pick up again. Thanks for all the help that is offered here and let me know what you think I should do with that file.

[Retired Tech]

The best thing is to submit the log to the malware team