AVG recently removed a virus infection:

........My Documents\Attachments\Jingle.zip: \Jingle.exe";"Trojan horse Generic16.CMDZ";"Moved to Virus Vault"

Since then, the computer restarts every 45 minutes or so, which is pretty annoying.

Microsoft directs the computer to a site after the initial error report, but as usual not a lot of help.

Any ideas?

Cant find anything about "Trojan horse Generic16.CMDZ" anywhere sorry, I'm assuming that it was attached to 'Jingle.zip rather than called 'Jungle.exe' but to be on the safe side un- install jungle exe and then manually go through the registry and remove any entries that refer to it. Or do a roll back to before you installed it.

Hi Arkroyal

AVG scans ZIP files. The Jingle.zip:\ Jingle.exe just means that jingle.exe inside jingle.zip is infected.

1. What do you mean by Microsoft directed you to a site after the initial error? Do you mean the AVG warning? What site did it take you to?

2. It's unlikely that the trojan is causing a reboot. What happens when it restarts? Do you get any messages or just a totally unexpected restart?

3. It's in your attachments folder. Did you download this from a trusted source? If not, then advice snippet #1. Ignore all emails, especially attachments, from unknown sources. If so, let the sender know they might have a problem.

4. It might be a "false positive". AVG is sadly a shadow of it's former self and is known for false positives. Download another AV program, e.g. Avast, and scan the same file. If you are prevented from download an AV program, this could well be a symptom of a trojan.

5. Generic16 is a well known trojan. The various letters that come after it indicate variants. In general, it will change your desktop image to imply that your PC is infected. It will also redirect your browser to various websites, some of which will try to trick you into buying "scareware", others will try to download additional malware.

Scareware - Wikipedia, the free encyclopedia (http://en.wikipedia.org/wiki/Scareware)

6. Advice snippet #2. If you keep Windows patched and don't do your everyday stuff as an administrator, you will have little to fear in the future. I have had one virus/trojan/other nasty in 4 years, and that was because I didn't follow my own advice. Truth is, keep patched, run as a plain old user and Windows is very secure (I'm assuming you're running XP SP3 or later).

If you are able to install another AV and it confirms the trojan, then you're going to need expert help to remove it. This link may help with identifying a false positive.

AVG Forums - How To Handle Suspicious False Positive Detection? (http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=395)

What's your geek level from 1 (normal person) to 5 (true geek)?

Hope this helps

Cheers

From a geek level of -1, may I add to Simonta's comprehensive post?

I thoroughly endorse Avast, and in particular its 'boot scan' function which will trap infected Windows system files before any virus/trojan can pick up its skirts and hide itself. NB IF it removes any infected W files you will need to replace them using 'sfc' from your install disc (we are assuming XP?)

Do not attempt to run 2 AV programmes together - they do not normally socialise. Remember that if you simply 'close' one (?AVG?) it will start up again on reboot.

Thanks, guys.

I used to think I was Geek level 3, but now languish below zero with BOAC!

After the spontaneous reboots, which were random and sudden I was given the window telling me that the computer was recovering froma serious error. Filing the error report automatically started up a microsoft help site, which wasn't much help.

I don't recall ever downloading anything called Jingle.zip, but may have done some time ago. A long time ago.

By co-incidence, I was recommended to download a security software called 'Rapport' by HSBC online banking last week, which I did. It has caused such a slow down of my computer, that yesterday, I uninstalled it. Voila! the reboots have stopped, so there is suspect number one. I also did a disc cleanup and general go through of stuff I have which isn't used.

It might mean this old boiler (XP SP3) Some pedestrian Athlon chip, can't remember what speed, can soldier on a bit longer.

Thanks again

Very interesting about "rapport" (the C is silent, it would seem... :})

See this earlier thread:

http://www.pprune.org/computer-internet-issues-troubleshooting/394494-caution-free-online-banking-security-software.html

SD

Arkroyal See this thread:

http://www.pprune.org/computer-internet-issues-troubleshooting/394494-caution-free-online-banking-security-software.html

Great minds Saab. :cool:

Wow. How do they get away with this kind of vandalism?

Thanks everyone. Seems the virus warning was a red herring, and it was Rapport all along. Posted this on the other thread:

Oh how I wish I'd seen this thread a couple of weeks ago.

On a thread started by me Virus problemI thought I that was my snag.

HSBC continually nagged me to install this software, and in a moment of madness, I did. I have removed it using Control Panel, but will now follow up with the removal tool.

I'm afraid that if either of my banks, Alliance & Leicester or HSBC insist on using this software, I'll be off to someone else.

Thanks, VB for your detective work. I won't be touching Rapport with a barge pole.

Spyware Terminator has just flagged-up Worm.VB-740 on my Vista Home Premium laptop.

A search using Worm.VB-740 suggests that this is probably a 'false positive' and this is a part of Microsoft update - in fact the file address is given as being within the SP2 folder on the recovery partition of the hard drive (under 'Tools').

Is it safe to ignore this? Would quarantining it do any good or any harm?

G-CPTN,
What is the actual file name and location that SpywareTerminator is providing for this possible worm, rather than the result of a (Google?) search?

Start your PC in safe-mode and remove it from your add-remove programs, also clear all temp files and cookies.

This is great advice.

Hi Arkroyal

AVG scans ZIP files. The Jingle.zip:\ Jingle.exe just means that jingle.exe inside jingle.zip is infected.

1. What do you mean by Microsoft directed you to a site after the initial error? Do you mean the AVG warning? What site did it take you to?

2. It's unlikely that the trojan is causing a reboot. What happens when it restarts? Do you get any messages or just a totally unexpected restart?

3. It's in your attachments folder. Did you download this from a trusted source? If not, then advice snippet #1. Ignore all emails, especially attachments, from unknown sources. If so, let the sender know they might have a problem.

4. It might be a "false positive". AVG is sadly a shadow of it's former self and is known for false positives. Download another AV program, e.g. Avast, and scan the same file. If you are prevented from download an AV program, this could well be a symptom of a trojan.

5. Generic16 is a well known trojan. The various letters that come after it indicate variants. In general, it will change your desktop image to imply that your PC is infected. It will also redirect your browser to various websites, some of which will try to trick you into buying "scareware", others will try to download additional malware.

Scareware - Wikipedia, the free encyclopedia (http://en.wikipedia.org/wiki/Scareware)

6. Advice snippet #2. If you keep Windows patched and don't do your everyday stuff as an administrator, you will have little to fear in the future. I have had one virus/trojan/other nasty in 4 years, and that was because I didn't follow my own advice. Truth is, keep patched, run as a plain old user and Windows is very secure (I'm assuming you're running XP SP3 or later).

If you are able to install another AV and it confirms the trojan, then you're going to need expert help to remove it. This link may help with identifying a false positive.

AVG Forums - How To Handle Suspicious False Positive Detection? (http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=395)

What's your geek level from 1 (normal person) to 5 (true geek)?

Hope this helps

Cheers
costa rica hotels (http://bookit.com/central-america/costa-rica/)

What is the actual file name and location that SpywareTerminator is providing for this possible worm
d: \TOOLS\Vista SP2\Windows6.0-KB948465-X86.exe

This is a Microsoft self-extracting stub (it says).

Google says:-
Download details: Windows Server 2008 Service Pack 2 and Windows Vista Service Pack 2 - Five Language Standalone (KB948465) (http://www.microsoft.com/downloads/details.aspx?FamilyID=a4dd31d5-f907-4406-9012-a5c3199ea2b3&displaylang=en)

As it isn't part of the boot partition, I presume (?) it can have no effect?

It's almost certainly a false positive, and you can ignore it. If you want to be certain, you could do an MD5 hash of the file and compare it with the MD5 hash on Microsoft's website. If you don't know how to do a hash, then I wouldn't bother with it.

Agree with bushfiva.
You could also submit the file to virustotal for several second opinions.VirusTotal - Free Online Virus and Malware Scan (http://www.virustotal.com/)
[edit]
Don't bother doing this.
Useful site to check smaller files, though.

Yes, I'm sure they'd love to receive all 340MB of Vista SP2 :}. It's probably easier/faster to check the hash with a utility such as MD5 Checker.

Doh
:O:O:O