5 Replies Latest reply on Sep 14, 2010 12:57 PM by macmasterson

    virus infection - McAfee missed it - here is desc and fix

                                         

      Environment:

       

      Sony VAIO laptop. 64-bit. Windows 7.

       

      Characteristics:

       

      Not detectable via full scan by McAfee

       

      Current user is the only one affected. Must be in AppData?

       

      No executables can be started except IE-8 and McAfee. Msg is “Application cannot be executed. The file somename.exe is infested. Do you want to activate your antivirus software now?”

       

      IE-8 for almost every site shows msg, “IE warning – visiting this website may harm your computer” followed by recommendation to go to virus detection web site. That is at antivirpwr.com where they prompt you to buy their software.

       

      IE-8 is sent to porn sites.

       

      Popup occurs constantly: “Infiltration alert”

       

      Another popup occurs constantly: “Attention, spyware alert” and says you have 13 (or some large number) of viruses in you system. Run a full scan now?”

       

      Picked up on 9/13/2010 either from Skype or Facebook

       

       

       

      To FIX

       

      Files added to users/username/AppData/Local:

       

      • ·        1029806827.exe
      • ·        Edoligejope.dll
      • ·        Etucemucorojewu.dll
      • ·        Igipayukayej.dll
      • ·        Ilepefoqesoda.dll
      • ·        Ljotiyifaniv.bin
      • ·        Mvuqujid.dat
      • ·        Orefatuf.dll
      • ·        Ovukuyepebeham.dll
      • ·        Uzuraxonug.dll
      • ·        Wicms032.dll
      • ·        Folder qgorvuowk

       

      Moved those files to temp directory.

       

      Now at startup “cannot execute AppData\Local\wicms032.dll and uzuraxonug.dll. Popups are not coming up. IE still cannot display any web pages but other messages are removed.

       

      Used msconfig for cleanup of startup:

       

      3 lines turned off:

       

      1.      Wrikerudanesum  rundll32.exe “…\local\wicms032.dll”, startup

       

      2.      Pcuinllh …\local\qgorvuowk\jkinmpbugiw.exe

       

      3.      Mtonowukazagawic rundll32.ee “…\local\uzuraxonug.dll”, startup

       

      On restart the error messages disappeared.

       

      IE still cannot display web pages.

       

      FireFox is OK. Note that proxy incorrectly set to manual 127.0.0.1 port 6092. Reset to no proxy.

       

      In IE8 at tools. Reset to factory default, deleted all cookies and history.

       

      Now it works.