Hi there,
Today I opened a file that supossedly one of my MSN contacts sent me. It was an invitation to see his photo for myspaces and it came with a file named foto.zip. I opened and unpacked the file and the nightmare started.
Now the MSN keeps sending similar messages with the zip file included and my contacts are constantly receiving those instant messages. I assumed it was a virus, but my current Trend Micro can not clean it.
I have found the file foto.zip several times and I have deleted it. But it keeps coming back to the temp directory.
Actually Trendmicro Offiscan 6.5 has found TROJ_DLOADER.AIC in one file that appears hidden (in CONTENTIE.5) and can not be cleaned or deleted. This .exe file probably executes a program that keeps creating .exe files on C:\temp, which yes, they can be detected and deleted. We have the last engine for Oficescan, the pattern file is updated, but still can not clean it.
I have loaded fresh versions of SS&D and HJT. The log from HJT shows me that there is a process running that I can't recognize. I disabled it using HJT and deleted from memory. After I reboot the notebook, I got the trojan detected again, the foto.zip file is back and another .exe file start running, from C:\temp.
I tried House Call but it did not find the trojan.
I have rebooted in safe mode, ran the OfficeScan again, but no use.
Can somebody help me to clean this mess?
Thanks
maolvera
Today I opened a file that supossedly one of my MSN contacts sent me. It was an invitation to see his photo for myspaces and it came with a file named foto.zip. I opened and unpacked the file and the nightmare started.
Now the MSN keeps sending similar messages with the zip file included and my contacts are constantly receiving those instant messages. I assumed it was a virus, but my current Trend Micro can not clean it.
I have found the file foto.zip several times and I have deleted it. But it keeps coming back to the temp directory.
Actually Trendmicro Offiscan 6.5 has found TROJ_DLOADER.AIC in one file that appears hidden (in CONTENTIE.5) and can not be cleaned or deleted. This .exe file probably executes a program that keeps creating .exe files on C:\temp, which yes, they can be detected and deleted. We have the last engine for Oficescan, the pattern file is updated, but still can not clean it.
I have loaded fresh versions of SS&D and HJT. The log from HJT shows me that there is a process running that I can't recognize. I disabled it using HJT and deleted from memory. After I reboot the notebook, I got the trojan detected again, the foto.zip file is back and another .exe file start running, from C:\temp.
I tried House Call but it did not find the trojan.
I have rebooted in safe mode, ran the OfficeScan again, but no use.
Can somebody help me to clean this mess?
Thanks
maolvera
