Virus Question

  • Thread starter Thread starter U-571
  • Start date Start date
U

U-571

I have a virus, somewhere in my Win2000 PC, called mshtml3.exe. I
can't find the file to remove it. My virus software, AVG, identifies
the virus as a "trojanhorsedownloader.generic.EVK, but can't delete
it. I have found some very involved instructions for removing the
virus.

Question:

Can I just reformat the partition, or zero out the entire HD and
eliminate the virus? That would be much easier than trying to save
the currently installed OS.

Thanks for helpful suggestions.

BG
 
I have a virus, somewhere in my Win2000 PC, called mshtml3.exe. I
can't find the file to remove it.
Click to expand...

Windows Explorer. Search.

The few references I could find for that one placed it in either
\winnt\temp (or C:\WINDOWS\Temp\ depending on your install) or \Documents
and Settings\YOURUSERNAME\Local Settings\Temp\

But that's no guarantee. Try there first, and then search, regardless.
My virus software, AVG, identifies
the virus as a "trojanhorsedownloader.generic.EVK, but can't delete
it.
Click to expand...

It should have quarantined it in their "Virus Vault."
I have found some very involved instructions for removing the
virus.
Click to expand...

For which virus?

Technically speaking, that one isn't a virus. It's purpose is to download a
trojan, assuming the name given is representative, but their 'searchable'
Virus Encyclopedia doesn't have their own name,
trojanhorsedownloader.generic.EVK, listed so I can't say for sure.
Question:

Can I just reformat the partition, or zero out the entire HD and
eliminate the virus? That would be much easier than trying to save
the currently installed OS.
Click to expand...

Yes, formatting the drive will get rid of it but I wouldn't say it's
easier. It's easier to either empty their Virus Vault, where it should be
quarantined, or, if for some reason AVG didn't quarantine it, boot to safe
mode, search the hard drive for it, and delete the thing(s).

You can't delete a file that is in use, which is probably why AVG couldn't
delete it, but safe mode doesn't run anything so it should be dormant and
removable.

The run a full virus scan in safe mode. I think AVG will allow a safe mode
scan but if not then run one first thing on a normal bootup.

From the skimpy information I could find that one doesn't look unusually
tenacious but if it 'comes back' on a reboot write down the reported file
names and repeat the safe mode delete process but add...

Run "regedit" (without the quotes), search for the file names you wrote
down and delete any entries with those names.

Then continue on like the first time through. I.E. Another virus scan.

If that doesn't do it then consider the format solution.
 
search for files according to date, current date only. Anything that is an
..EXE or a .DLL or odd .htmls are suspect.

When downloaders are 'healed' they become benign, but still can cause
problems.
 
I have a virus, somewhere in my Win2000 PC, called mshtml3.exe. I
can't find the file to remove it. My virus software, AVG, identifies
the virus as a "trojanhorsedownloader.generic.EVK, but can't delete
it. I have found some very involved instructions for removing the
virus.

Question:

Can I just reformat the partition, or zero out the entire HD and
eliminate the virus? That would be much easier than trying to save
the currently installed OS.

Thanks for helpful suggestions.

BG
Click to expand...

Try A-Squared as an addition to AVG.See if it helps.
http://www.emsisoft.com/en/software/free/
 
Thanks to all for your helpful suggestions.

I'm not very experienced with viruses, since I had never had one for
10 years. But, with kids going to these download sites, I've had
three in the past month.

I appreciate your help.

DG
 
Bob M said:
I second this suggestion. A-Squared is a great program.

Bob
Click to expand...

There's one thing that I can say about that software, do not use it until
its updated, or you'll be deleting driver and system files as viruses or
spyware. Then if you don't like it, get ready for the third degree about WHY
you don't like it, then they will give you permission to remove it from YOUR
system. It works well (too well sometimes). but I'll pass.
 
I tried downloading A-Squared, but can't find it. Does it
automatically install?

BTW, I found the mshtml3.exe worm installer in the Registry.

BG
 
I tried downloading A-Squared, but can't find it. Does it
automatically install?

BTW, I found the mshtml3.exe worm installer in the Registry.
Click to expand...

You found the place where it was being called from. hkey local machine
/software/microsoft/windows/run (run service) runonce etc? Where did that
say the actual files resides?
 
I tried downloading A-Squared, but can't find it. Does it
automatically install?

BTW, I found the mshtml3.exe worm installer in the Registry.

BG
Click to expand...

copy and past this into your Find,

a2freesetup.exe

Then double click on it from there and go online when it asks and
register and update.

HTH :)
 
There's one thing that I can say about that software, do not use it until
its updated, or you'll be deleting driver and system files as viruses or
spyware. Then if you don't like it, get ready for the third degree about WHY
you don't like it, then they will give you permission to remove it from YOUR
system. It works well (too well sometimes). but I'll pass.
Click to expand...

I've re-tested the latest version Jad with updates and had no
problems.I had more problems with the Pro-demo than the free version.
 
Sorry for slow response. Been away from newsgroup for a while.

Afraid I didn't notice. I just deleted everything with mshtml3.exe in
it in the Registry.

AVG virus software originally indicated it was in Document and
Settings\........\local settings\temp\mshtml3.exe, but it was
invisible in the temp folder.

After deleting the Registry files, AVG no longer detects the file.

Is it still lurking somewhere on my computer?
 
FOLLOWUP TO PREVIOUS POST

Just looked back in the Registry, hkey local machine
/software/microsoft/windows/run, runonce, as you suggested. and
mshtml3.exe was not shown.
 
Sorry for slow response. Been away from newsgroup for a while.

Afraid I didn't notice. I just deleted everything with mshtml3.exe in
it in the Registry.

AVG virus software originally indicated it was in Document and
Settings\........\local settings\temp\mshtml3.exe, but it was
invisible in the temp folder.
Click to expand...

Windows Explorer - Tools - Folder Options - View. Change to show hidden
files and folders. Uncheck Hide protected operating system files.
After deleting the Registry files, AVG no longer detects the file.

Is it still lurking somewhere on my computer?
Click to expand...

Do a file search and see.
 
Back
Top