ANI Exploit

Discussion in 'Malware Help (A Specialist Will Reply)' started by trapsmv15, Sep 5, 2007.

  1. trapsmv15

    trapsmv15 Private E-2

    Help, please:

    AVG found the Exploit.ANI virus on my comp. I downloaded the Microsoft patch but do assume it's not enough. How do I get rid of the darn thing? :( I can't find it manually and I'm not THAT great with computers... Would System Restore work if I went back in time far enough? It had to have happened recently, as I scan quite a bit. I've searched around but haven't seen answers to specifically help.

    Thanks.
    -Ryan
     
    trapsmv15, Sep 5, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Exactly where did AVG find this? What file name and in what folder? Do yo have a log you can attach.
     
    chaslang, Sep 5, 2007
    #2
  3. trapsmv15

    trapsmv15 Private E-2

    I couldn't find the Edit function earlier, and I didn't want to bump for the log.

    Let's see...... AVG has it as:


    Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\SOTRPH4W\riff_last[1].bin

    Log is included.
    Thanks.
     

    Attached Files:

    trapsmv15, Sep 5, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That is just a file in your TIF (Temporary Internet Files) folder. You can just delete it yourself, or you can empty your IE cache, or you can run any number of disk cleaning tools to simple remove it. Just try what I have given you below and then tell me if AVG still finds it. If so attach an AVG log (I did not ask for a HijackThis log which is of no use in fixing this).

    Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main ATF Cleaner menu to close the program.
     
    chaslang, Sep 5, 2007
    #4
  5. trapsmv15

    trapsmv15 Private E-2

    I ran ATF, then a complete scan with AVG - same result. Just the one TIF, so it doesn't seem so bad?

    I can't really figure out how to create a log with this AVG Free. I can create an 'Event History Log', but it's not even really detailed enough to attach separate (it's below). I'll keep searching around to figure out how to make a detailed log for AVG. Sorry for the trouble!




    <rec time="2007/09/05 19:54:23" user="Compaq_Owner" source="General">
    <value>@HL_TestStarted</value>
    <attr name="testname">@TestName_02</attr>
    </rec>
    <rec time="2007/09/05 20:04:41" user="Compaq_Owner" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\SHHW660H\Mar[1].htm</attr>
    <attr name="type">@EID_Fi_vir</attr>
    <attr name="what">JS/Downloader.Agent</attr>
    </rec>
    <rec time="2007/09/05 20:47:01" user="Compaq_Owner" source="General">
    <value>@HL_TestEnded</value>
    <attr name="testname">@TestName_02</attr>
    <attr name="infectedfiles">1</attr>
    </rec>
    <rec time="2007/09/05 20:47:05" user="Compaq_Owner" source="Virus">
    <value>@HL_ActionTakenFailed</value>
    <attr name="filename">C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\SHHW660H\Mar[1].htm</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    </history>
     
    trapsmv15, Sep 5, 2007
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No it is not a major problem! You can just delete the below file but make sure your browser are closed when doing so.

    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\SHHW660H\Mar[1].htm

    However it or something similar may reappear. Your system may be in need of updates. You should complete the steps in the below link the first of which is getting Windows updates.

    How to Protect yourself from malware!
     
    chaslang, Sep 5, 2007
    #6
  7. trapsmv15

    trapsmv15 Private E-2

    OK, cool. Thanks for your help! I'll do that right now and be on my way. :cool

    Take care,
    -Ryan
     
    trapsmv15, Sep 5, 2007
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely.
     
    chaslang, Sep 5, 2007
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds