alexsabree
Fully Optimized
- Messages
- 1,845
- Location
- United States
Well i got vista ultimate up and running and it turns out i have a virus.
"PE_TENGA.A could not be cleaned or quaruntined" Trend Micro says.
Heres what trend micro's descriptions are:
PE_TENGA.A
This virus spreads via network shares. It retrieves the first three octets of a host machine's IP address. It then generates the fourth octet from 1 to 255 and scans the whole network for writable shared folders using port 139. Once found, it searches for executable (.EXE) files and infects them.
Upon execution, it downloads the malicious file DL.EXE from the Web site utenti.lycos.it/vx9. Trend Micro detects the said file as TROJ_TENGADL.A. This downloaded Trojan, in turn, downloads the file GAELICUM.EXE, which Trend Micro detects as PE_TENGA.A-O.
The file detected as PE_TENGA.A-O is the mother file infector of this virus. It attempts to connect to the site vx9.users.freebsd.at. While doing this, it also spawns a remote command prompt.
This file infector, PE_TENGA.A, uses either the appending type or cavity type of infection to infect files. It checks the last section of the host file for unused space. If the said space is greater than this virus' file size, it uses cavity infection. Otherwise, it simply appends its viral code at the end of the host file.
Some files contain extra codes at the end of their last section. This virus overwrites the said section with its codes. As a result, the files become corrupted.
It infects all .EXE files it finds in all of the system's folders. However, it avoids infecting the file NTOSKRNL.EXE. This file infector can execute at every system startup if the file it infects has autostart capabilities.
This virus also checks for its infection marker "V" to avoid reinfecting a file. It also makes sure that only one instance of itself is running on the infected system's memory by creating the mutex gaelicum.
It runs on Windows 95, 98, ME, NT, 2000, and XP.
TROJ_TENGADL.A
This memory-resident Trojan searches for an Internet connection on the system. If a connection exists it then accesses the Web site, utenti.{BLOCKED}lycos.it/vx9/, and proceeds to download the following files:
* CBACK.EXE - detected by Trend Micro as BKDR_CALLBACK.B
* GAELICUM.EXE - detected by Trend Micro as PE_TENGA.A
It then executes these malware after the download process.
This Trojan creates the following registry entries to ensure the automatic execution of the downloaded malware at every system startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\
Then, after a while it infected my sound drivers... which obviously can not be cleaned or quaruntied because they are currently being used. So i cant open my sound control panel.
I am doing a full system scan in the morning... and in the meantime im trying to get Windows xp working.
I AM COMPLETELY FU***D WTF CAN I DO???
"PE_TENGA.A could not be cleaned or quaruntined" Trend Micro says.
Heres what trend micro's descriptions are:
PE_TENGA.A
This virus spreads via network shares. It retrieves the first three octets of a host machine's IP address. It then generates the fourth octet from 1 to 255 and scans the whole network for writable shared folders using port 139. Once found, it searches for executable (.EXE) files and infects them.
Upon execution, it downloads the malicious file DL.EXE from the Web site utenti.lycos.it/vx9. Trend Micro detects the said file as TROJ_TENGADL.A. This downloaded Trojan, in turn, downloads the file GAELICUM.EXE, which Trend Micro detects as PE_TENGA.A-O.
The file detected as PE_TENGA.A-O is the mother file infector of this virus. It attempts to connect to the site vx9.users.freebsd.at. While doing this, it also spawns a remote command prompt.
This file infector, PE_TENGA.A, uses either the appending type or cavity type of infection to infect files. It checks the last section of the host file for unused space. If the said space is greater than this virus' file size, it uses cavity infection. Otherwise, it simply appends its viral code at the end of the host file.
Some files contain extra codes at the end of their last section. This virus overwrites the said section with its codes. As a result, the files become corrupted.
It infects all .EXE files it finds in all of the system's folders. However, it avoids infecting the file NTOSKRNL.EXE. This file infector can execute at every system startup if the file it infects has autostart capabilities.
This virus also checks for its infection marker "V" to avoid reinfecting a file. It also makes sure that only one instance of itself is running on the infected system's memory by creating the mutex gaelicum.
It runs on Windows 95, 98, ME, NT, 2000, and XP.
TROJ_TENGADL.A
This memory-resident Trojan searches for an Internet connection on the system. If a connection exists it then accesses the Web site, utenti.{BLOCKED}lycos.it/vx9/, and proceeds to download the following files:
* CBACK.EXE - detected by Trend Micro as BKDR_CALLBACK.B
* GAELICUM.EXE - detected by Trend Micro as PE_TENGA.A
It then executes these malware after the download process.
This Trojan creates the following registry entries to ensure the automatic execution of the downloaded malware at every system startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\
Then, after a while it infected my sound drivers... which obviously can not be cleaned or quaruntied because they are currently being used. So i cant open my sound control panel.
I am doing a full system scan in the morning... and in the meantime im trying to get Windows xp working.
I AM COMPLETELY FU***D WTF CAN I DO???
