Scrat
New Member
EVERYONE PLEASE READ THIS
Hi all, have just descovered a new virus on one of our Laptops at work.
The Laptop was originaly running WindowsXP Prof. SP1. I have now upgraded it to SP2 in attemtp to stop virus.
So far Symantec's Norton Antivirus Corp. Ed. does not detect it. And Trend Micro detects it as a Trojan but cant remove it.
The originaly displays a message box on the screen that mimics one exactly the same as Windows XP's "Windows Security Centre" however the 'close window cross' in top right corner is disabled. I haven't written down the message it displays yet, but it says something like "your computer might be at risk... do you want to install" and it has an 'Yes' & 'No' button.
If you Open Taskmanager and endtask this message under the aplications tab, you get a message saying that "nettm32.exe" has stoped responding do you want to endtask it.
Also, found that it later displayed an icon in the system tray the same as windows firewall (A red shield with white border and white cross in middle). If you endtask "nettm32.exe" then refresh, the icon disapears.
Task Manager shows it as "nettm32.exe" and also "crhj32.exe". These are in the Run entry in the registry and attempts by 'Microsoft's Antispyware" & "Spybot" fail to stop the virus from re-adding to registry and starting after you delete it.
The virus creates a directory in "C:\WINDOWS\" called "Prefetch" and copies vurtualy every setting on your PC into this folder and names them all with the extension .PF
It also sets the IE home page to "about:about" and attempts by Microsoft Antispyware & Spybot fail to stop it reaplying itself after i change it to google.
It keeps installing its files once you delete them... so far i've found the following virus files in C:\WINDOWS
nettm32.exe
javadb.exe
msmm32.exe
crea32.exe
crhj32.exe
There are many others and it also puts these in the SYSTEM32 folder.
If anyone knows how to fix this please let me know.... other that reinstalling windows.
Hi all, have just descovered a new virus on one of our Laptops at work.
The Laptop was originaly running WindowsXP Prof. SP1. I have now upgraded it to SP2 in attemtp to stop virus.
So far Symantec's Norton Antivirus Corp. Ed. does not detect it. And Trend Micro detects it as a Trojan but cant remove it.
The originaly displays a message box on the screen that mimics one exactly the same as Windows XP's "Windows Security Centre" however the 'close window cross' in top right corner is disabled. I haven't written down the message it displays yet, but it says something like "your computer might be at risk... do you want to install" and it has an 'Yes' & 'No' button.
If you Open Taskmanager and endtask this message under the aplications tab, you get a message saying that "nettm32.exe" has stoped responding do you want to endtask it.
Also, found that it later displayed an icon in the system tray the same as windows firewall (A red shield with white border and white cross in middle). If you endtask "nettm32.exe" then refresh, the icon disapears.
Task Manager shows it as "nettm32.exe" and also "crhj32.exe". These are in the Run entry in the registry and attempts by 'Microsoft's Antispyware" & "Spybot" fail to stop the virus from re-adding to registry and starting after you delete it.
The virus creates a directory in "C:\WINDOWS\" called "Prefetch" and copies vurtualy every setting on your PC into this folder and names them all with the extension .PF
It also sets the IE home page to "about:about" and attempts by Microsoft Antispyware & Spybot fail to stop it reaplying itself after i change it to google.
It keeps installing its files once you delete them... so far i've found the following virus files in C:\WINDOWS
nettm32.exe
javadb.exe
msmm32.exe
crea32.exe
crhj32.exe
There are many others and it also puts these in the SYSTEM32 folder.
If anyone knows how to fix this please let me know.... other that reinstalling windows.
Last edited:
