Hello,

Just got a pop up message from my anti virus program informing me that it has detected a virus on my system and that it has attempted but failed to repair it.

It gave the location as C:\Documents and Settings\Abcn\Temporary internet files\..index[2].htm and the virus name as Vbs.something

My anti virus software is up to date and in fact did a full system scan yesterday and everyday I log onto the net the automatic update runs on my system.

Any help in removing this unwelcome guest is welcome.

I suspect what happened was that you opened a web page in the browser that contained a virus. Select Tools..Internet Options..Temporary Internet Files..Delete Files to get rid of it, and don't visit that page again.

Maintainece - Dumping your internet cache in Windows XP

-Close all Programs
-Run Disk Cleanup: Start> All Programs> Accessories> System Tools> Disk Cleanup

That doesn't clean them all out though. To do so:

-Close all Programs
-Run Disk Cleanup: Start> All Programs> Accessories> System Tools> Disk Cleanup
-Click once to highlight 'Temporary Internet Files'
-Click 'View Files'
-Delete all the files and folders you see there.

Note: new 'clean' files and folders will be generated the next time you open Internet Explorer. If you cannot delete the index.dat file that's ok.

You may also search for and delete the contents of these folders:

/prefetch
/cookies
/temp
/my recent documents
/recent
/jpi_cache/file/1.0
/jpi_cache/jar/1.0
/minidump

While we're at it let's flush the DNS cache:

-Start> Run> type in: ipconfig /flushdns
-Click OK

After performing the above I recommend you defragment your drive and create a restore point:

-Start> All Programs> Accessories> System Tools> Disk Defragmenter
-Start> All Programs> Accessories> System Tools> System Restore

Repeat Monthly

I hate to delete all the temp internet files due to cache and cookies. I prefer to take the name of the virus, go in the folder and delete it myself. Works perfectly as well.

Hello Stevel, Croc Hunter, NMS,

Thanks a lot for responding to this.

I quickly deleted the cookies contents immediately I sent this post. I am still waiting to see the pop up message again after that but have not seen it.

I guess I will take the steps outlined once I see the message again.

Thank you so very much.

Hello Stevel, Croc Hunter, NMS,

Thanks a lot for responding to this.

I quickly deleted the cookies contents immediately I sent this post. I am still waiting to see the pop up message again after that but have not seen it.

I guess I will take the steps outlined once I see the message again.

Thank you so very much.
Rather than wait for the message, once you've 'cleaned up' as outlined above do a full system scan with your anit-virus program as soon as is practicable either now or maybe set it off overnight if you've multiple large hard disks in your machine.

Steve,

Thanks a lot. I have done a complete scan and no threats were reported by the anti virus program.

Thanks once again.

Lots of responses, and I appologize, as I don't monitor these forums as much as I used to. The best advice, is update, your anti-virus, and do a full system scan. However, from the information you've provided, it sounds like you did NOT get a virus on your machine, rather a website attempted to pass you an infected file, and your anti-virus did it's job, of prevention. You do not need to delete all yoru cookies, or internet temp files. The reason it can not be cleaned, is most probably the file was a Trojan, and there was nothing to clean, so the file was deleted.

Should you have the name of the virus or Trojan, I'd be happy to post an analysis of it. Questions like this are not best answered on a general board, but look for specialists. Just as you don't take your car to the lawn mower repair shop (both internal combustion engines right) neither should you rely on a generalist for advice about Malware, or other security issues.

Thanks. Can't remember exactly what the name was but the first 3 letters were Vbs......

About where to post or report such problems if and when they arise I am sure that you wouldn't have heard about this if I didn't post here on a forum like this. So while I appreciate your response I still think that an online forum is perfect for sharing info, asking questions or discussions.

And the responses I got thus far confirms generally what action(s) according to you needed to be taken to handle the threat.

All the best.

Thanks. Can't remember exactly what the name was but the first 3 letters were Vbs......

That's just it's infection class (Visual Basic Script), shows what' it's vector is, just like W32 is a win32 infector, and W97 is a Word 97 Macro Virus.

About where to post or report such problems if and when they arise I am sure that you wouldn't have heard about this if I didn't post here on a forum like this. So while I appreciate your response I still think that an online forum is perfect for sharing info, asking questions or discussions.

There are several on-line forums devoted to the subject, as well as several subject matter experts who make themselves available. On-line forums are great (been using them since the mid 80's (course then they were BBS'). I wasn't trying to 'dis' anyone or discount the advice, just trying to make sure that folks are aware, when you need specialist advice, use the right resources. I'm sure, since this is a web hosting site, I'd be much better served asking about CGI and Java, or other web development questions, than I would about tuning up a car. Likewise, Computer Security and Malware is such a specialized career track, asking generalists for advice can often result in hearbreak (I spend as much time 'fixing' other peoples advice, as I do analyzing source code). I'd like to refer you to a document from a friend of mine, called False Authority Syndrom, Written by Rob Rosenberger, at http://www.vmyths.com, http://kumite.com/myths/download/fas.doc, also linked off our website http://www.teamanti-virus.org/edu.html

Thanks a lot. I really do appreciate your response.

Your position is correct on why experts should be consulted on issues like this. Maybe I didn't know of any forum for such issues, that's why I came here and I didn't regret the step one bit.

Henceforth, virus threats will be reported on the links you provided.

Many, many thanks for your help once again.

Hello,

Saw the same message from Norton Anti Virus today, was able to copy the complete message.

Object Name: C:\Documents and Settings\Abcn\Local Settings\Temporary Internet Files\Content.IE5\4KJBRH2J\index[1].htm
Virus Name: VBS.Redlof.A
Action Taken: Access to the file was denied.

The virus name appears as a link which I wouldn't click on even for all the money in the world.

I am really sorry for bringing this up again and maybe wasting your time but I need help and urgently before my system goes down.

Apart from this forum and startups.co.uk I hardly visit sites other than news sites in Nigeria like www.dailyindependentng.com, www.guardiannewsngr.com and www.sunnewsonline.com.

I wonder which of these websites this files comes from.

You can go into the folder, find the file, click ONCE on it and then press delete .. that should not be a problem

I didn't find the file when I accessed the folder. I simply deleted similar files found on other folders within the Content.IE5\ folder.

Thanks for your help.

http://housecall.trendmicro.com

*good site for virus/worm scanning

Thanks. I am actually having the site scan my machine right now.

If the antivirus program picked it up, that means the file is in the Quarantine and can't affect your system. If you want the file deleted though, open up your antivirus program and find the Quarantine. From the Quarantine you can delete the file totally from your system.

Sometimes Norton or whichever anti-virus you use can't quarantine the virus. As it doesn't have administrator priviledges. Same can happen with boot sector virii.

No problem. Follow the steps I gave above (will work for all MS versions). And delete that sucker for good!.

Sometimes Norton or whichever anti-virus you use can't quarantine the virus. As it doesn't have administrator priviledges. Same can happen with boot sector virii.

No problem. Follow the steps I gave above (will work for all MS versions). And delete that sucker for good!.

Your advice above missed several compenents of his disctiption. Although I will agree with you there are several reasons Malware can not be 'cleaned' and get deleted instead oc cleaned, please see my earlier post for some of them.

Additionally, if it was a boot sector infector, it may nnot have been cleaned by Norton's, as boot sector infectors are best cleaned in ALL situations by a clean boot, regardless of the claims by AV Vendors, it's the only way to give the Anti-Virus Scanner 100 % control of the system.

I would also sugest you study your English a bit, as the plural of Virus is Viruses, virii, is an attempt by the '31337' to latinize the word, which even Latin experts insist the blural would be Viruses, but that's another tirade, that can take too lengthy of a post.

All in all, not to insult you, but these are the exact type of posts the Rob was refering to with the False Authority Syndrom paper.

Afamative

Here is a webpage i found that may or may not be helpful to you

http://securityresponse.symantec.com/avcenter/venc/data/vbs.redlof.a.html

I really appreciate all the help I have been receiving on this.

Charon, the link actually was very very helpful. I am on the site now and hope to handle this once and for all, although I have not seen the virus alert since the last time I posted on the issue.

The changes it makes on the registry makes the virus dangerous (I guess that's what they all want to be - dangerous).

Many thanks to all of you.

I have cleaned my system following the instructions given at http://securityresponse.symantec.co...s.redlof.a.html.

The full scan found no virus and no single file was infected in the system registry so couldn't delete files the virus was supposed to have created.

Thanks a lot.

I have cleaned my system following the instructions given at http://securityresponse.symantec.co...s.redlof.a.html.

The full scan found no virus and no single file was infected in the system registry so couldn't delete files the virus was supposed to have created.

Thanks a lot.


That information doesn't surprise me, as previously stated your anti-virus did the job it was supposed to and deleted the infected object when it tried to write to the temporary internet directory, preventing any spread/ infection.

I am really glad to hear that. I have really learnt a lot within a short time.

Thanks a lot.