I ran both panda and trend micro scanners and updated their crap which took around 4000 hours on 46.6k (verizon sucks) and when i finally get to clean the files the all my programs close. Before I get to enter my info for their ticket bull**** it closes everything, wtf. I even have task manager open and im closing all the duplicate programs that the virus opens so I only have 15-20 processes at one time. What else can i do?, this isn't working..
Oh yea and the virii that I have are PE_TENGA.A and TROJ_TENGADL.A
Heres what trend micro's descriptions are:
PE_TENGA.A
This virus spreads via network shares. It retrieves the first three octets of a host machine's IP address. It then generates the fourth octet from 1 to 255 and scans the whole network for writable shared folders using port 139. Once found, it searches for executable (.EXE) files and infects them.
Upon execution, it downloads the malicious file DL.EXE from the Web site utenti.lycos.it/vx9. Trend Micro detects the said file as TROJ_TENGADL.A. This downloaded Trojan, in turn, downloads the file GAELICUM.EXE, which Trend Micro detects as PE_TENGA.A-O.
The file detected as PE_TENGA.A-O is the mother file infector of this virus. It attempts to connect to the site vx9.users.freebsd.at. While doing this, it also spawns a remote command prompt.
This file infector, PE_TENGA.A, uses either the appending type or cavity type of infection to infect files. It checks the last section of the host file for unused space. If the said space is greater than this virus' file size, it uses cavity infection. Otherwise, it simply appends its viral code at the end of the host file.
Some files contain extra codes at the end of their last section. This virus overwrites the said section with its codes. As a result, the files become corrupted.
It infects all .EXE files it finds in all of the system's folders. However, it avoids infecting the file NTOSKRNL.EXE. This file infector can execute at every system startup if the file it infects has autostart capabilities.
This virus also checks for its infection marker "V" to avoid reinfecting a file. It also makes sure that only one instance of itself is running on the infected system's memory by creating the mutex gaelicum.
It runs on Windows 95, 98, ME, NT, 2000, and XP.
TROJ_TENGADL.A
This memory-resident Trojan searches for an Internet connection on the system. If a connection exists it then accesses the Web site, utenti.{BLOCKED}lycos.it/vx9/, and proceeds to download the following files:
* CBACK.EXE - detected by Trend Micro as BKDR_CALLBACK.B
* GAELICUM.EXE - detected by Trend Micro as PE_TENGA.A
It then executes these malware after the download process.
This Trojan creates the following registry entries to ensure the automatic execution of the downloaded malware at every system startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\
