Virus problem
Thread Starter
Just a numbered other
Joined: Feb 2000
Posts: 1,170
Likes: 2
From: Earth
Virus problem
AVG recently removed a virus infection:
........My Documents\Attachments\Jingle.zip: \Jingle.exe";"Trojan horse Generic16.CMDZ";"Moved to Virus Vault"
Since then, the computer restarts every 45 minutes or so, which is pretty annoying.
Microsoft directs the computer to a site after the initial error report, but as usual not a lot of help.
Any ideas?
........My Documents\Attachments\Jingle.zip: \Jingle.exe";"Trojan horse Generic16.CMDZ";"Moved to Virus Vault"
Since then, the computer restarts every 45 minutes or so, which is pretty annoying.
Microsoft directs the computer to a site after the initial error report, but as usual not a lot of help.
Any ideas?
More bang for your buck
Joined: Nov 2005
Posts: 3,513
Likes: 1
From: land of the clanger
Cant find anything about "Trojan horse Generic16.CMDZ" anywhere sorry, I'm assuming that it was attached to 'Jingle.zip rather than called 'Jungle.exe' but to be on the safe side un- install jungle exe and then manually go through the registry and remove any entries that refer to it. Or do a roll back to before you installed it.
Joined: Jan 2006
Posts: 130
Likes: 0
From: UK
Hi Arkroyal
AVG scans ZIP files. The Jingle.zip:\ Jingle.exe just means that jingle.exe inside jingle.zip is infected.
1. What do you mean by Microsoft directed you to a site after the initial error? Do you mean the AVG warning? What site did it take you to?
2. It's unlikely that the trojan is causing a reboot. What happens when it restarts? Do you get any messages or just a totally unexpected restart?
3. It's in your attachments folder. Did you download this from a trusted source? If not, then advice snippet #1. Ignore all emails, especially attachments, from unknown sources. If so, let the sender know they might have a problem.
4. It might be a "false positive". AVG is sadly a shadow of it's former self and is known for false positives. Download another AV program, e.g. Avast, and scan the same file. If you are prevented from download an AV program, this could well be a symptom of a trojan.
5. Generic16 is a well known trojan. The various letters that come after it indicate variants. In general, it will change your desktop image to imply that your PC is infected. It will also redirect your browser to various websites, some of which will try to trick you into buying "scareware", others will try to download additional malware.
Scareware - Wikipedia, the free encyclopedia
6. Advice snippet #2. If you keep Windows patched and don't do your everyday stuff as an administrator, you will have little to fear in the future. I have had one virus/trojan/other nasty in 4 years, and that was because I didn't follow my own advice. Truth is, keep patched, run as a plain old user and Windows is very secure (I'm assuming you're running XP SP3 or later).
If you are able to install another AV and it confirms the trojan, then you're going to need expert help to remove it. This link may help with identifying a false positive.
AVG Forums - How To Handle Suspicious False Positive Detection?
What's your geek level from 1 (normal person) to 5 (true geek)?
Hope this helps
Cheers
AVG scans ZIP files. The Jingle.zip:\ Jingle.exe just means that jingle.exe inside jingle.zip is infected.
1. What do you mean by Microsoft directed you to a site after the initial error? Do you mean the AVG warning? What site did it take you to?
2. It's unlikely that the trojan is causing a reboot. What happens when it restarts? Do you get any messages or just a totally unexpected restart?
3. It's in your attachments folder. Did you download this from a trusted source? If not, then advice snippet #1. Ignore all emails, especially attachments, from unknown sources. If so, let the sender know they might have a problem.
4. It might be a "false positive". AVG is sadly a shadow of it's former self and is known for false positives. Download another AV program, e.g. Avast, and scan the same file. If you are prevented from download an AV program, this could well be a symptom of a trojan.
5. Generic16 is a well known trojan. The various letters that come after it indicate variants. In general, it will change your desktop image to imply that your PC is infected. It will also redirect your browser to various websites, some of which will try to trick you into buying "scareware", others will try to download additional malware.
Scareware - Wikipedia, the free encyclopedia
6. Advice snippet #2. If you keep Windows patched and don't do your everyday stuff as an administrator, you will have little to fear in the future. I have had one virus/trojan/other nasty in 4 years, and that was because I didn't follow my own advice. Truth is, keep patched, run as a plain old user and Windows is very secure (I'm assuming you're running XP SP3 or later).
If you are able to install another AV and it confirms the trojan, then you're going to need expert help to remove it. This link may help with identifying a false positive.
AVG Forums - How To Handle Suspicious False Positive Detection?
What's your geek level from 1 (normal person) to 5 (true geek)?
Hope this helps
Cheers
Per Ardua ad Astraeus
Joined: Mar 2000
Posts: 18,575
Likes: 4
From: UK
From a geek level of -1, may I add to Simonta's comprehensive post?
I thoroughly endorse Avast, and in particular its 'boot scan' function which will trap infected Windows system files before any virus/trojan can pick up its skirts and hide itself. NB IF it removes any infected W files you will need to replace them using 'sfc' from your install disc (we are assuming XP?)
Do not attempt to run 2 AV programmes together - they do not normally socialise. Remember that if you simply 'close' one (?AVG?) it will start up again on reboot.
I thoroughly endorse Avast, and in particular its 'boot scan' function which will trap infected Windows system files before any virus/trojan can pick up its skirts and hide itself. NB IF it removes any infected W files you will need to replace them using 'sfc' from your install disc (we are assuming XP?)
Do not attempt to run 2 AV programmes together - they do not normally socialise. Remember that if you simply 'close' one (?AVG?) it will start up again on reboot.
Thread Starter
Just a numbered other
Joined: Feb 2000
Posts: 1,170
Likes: 2
From: Earth
Thanks, guys.
I used to think I was Geek level 3, but now languish below zero with BOAC!
After the spontaneous reboots, which were random and sudden I was given the window telling me that the computer was recovering froma serious error. Filing the error report automatically started up a microsoft help site, which wasn't much help.
I don't recall ever downloading anything called Jingle.zip, but may have done some time ago. A long time ago.
By co-incidence, I was recommended to download a security software called 'Rapport' by HSBC online banking last week, which I did. It has caused such a slow down of my computer, that yesterday, I uninstalled it. Voila! the reboots have stopped, so there is suspect number one. I also did a disc cleanup and general go through of stuff I have which isn't used.
It might mean this old boiler (XP SP3) Some pedestrian Athlon chip, can't remember what speed, can soldier on a bit longer.
Thanks again
I used to think I was Geek level 3, but now languish below zero with BOAC!
After the spontaneous reboots, which were random and sudden I was given the window telling me that the computer was recovering froma serious error. Filing the error report automatically started up a microsoft help site, which wasn't much help.
I don't recall ever downloading anything called Jingle.zip, but may have done some time ago. A long time ago.
By co-incidence, I was recommended to download a security software called 'Rapport' by HSBC online banking last week, which I did. It has caused such a slow down of my computer, that yesterday, I uninstalled it. Voila! the reboots have stopped, so there is suspect number one. I also did a disc cleanup and general go through of stuff I have which isn't used.
It might mean this old boiler (XP SP3) Some pedestrian Athlon chip, can't remember what speed, can soldier on a bit longer.
Thanks again
Administrator
Joined: Mar 2001
Aviation Qualifications: PPL
Posts: 8,121
Likes: 686
From: Twickenham, home of rugby
Very interesting about "rapport" (the C is silent, it would seem... 
)
See this earlier thread:
http://www.pprune.org/computer-inter...-software.html
SD
)See this earlier thread:
http://www.pprune.org/computer-inter...-software.html
SD
More bang for your buck
Joined: Nov 2005
Posts: 3,513
Likes: 1
From: land of the clanger
Thread Starter
Just a numbered other
Joined: Feb 2000
Posts: 1,170
Likes: 2
From: Earth
Wow. How do they get away with this kind of vandalism?
Thanks everyone. Seems the virus warning was a red herring, and it was Rapport all along. Posted this on the other thread:
Thanks everyone. Seems the virus warning was a red herring, and it was Rapport all along. Posted this on the other thread:
Oh how I wish I'd seen this thread a couple of weeks ago.
On a thread started by me Virus problemI thought I that was my snag.
HSBC continually nagged me to install this software, and in a moment of madness, I did. I have removed it using Control Panel, but will now follow up with the removal tool.
I'm afraid that if either of my banks, Alliance & Leicester or HSBC insist on using this software, I'll be off to someone else.
Thanks, VB for your detective work. I won't be touching Rapport with a barge pole.
On a thread started by me Virus problemI thought I that was my snag.
HSBC continually nagged me to install this software, and in a moment of madness, I did. I have removed it using Control Panel, but will now follow up with the removal tool.
I'm afraid that if either of my banks, Alliance & Leicester or HSBC insist on using this software, I'll be off to someone else.
Thanks, VB for your detective work. I won't be touching Rapport with a barge pole.
Resident insomniac
Joined: Aug 2005
Posts: 1,878
Likes: 1
From: N54 58 34 W02 01 21
Second opinion required - Worm.VB-740
Spyware Terminator has just flagged-up Worm.VB-740 on my Vista Home Premium laptop.
A search using Worm.VB-740 suggests that this is probably a 'false positive' and this is a part of Microsoft update - in fact the file address is given as being within the SP2 folder on the recovery partition of the hard drive (under 'Tools').
Is it safe to ignore this? Would quarantining it do any good or any harm?
A search using Worm.VB-740 suggests that this is probably a 'false positive' and this is a part of Microsoft update - in fact the file address is given as being within the SP2 folder on the recovery partition of the hard drive (under 'Tools').
Is it safe to ignore this? Would quarantining it do any good or any harm?
Joined: Apr 2010
Posts: 6
Likes: 0
From: Somerset
Start your PC in safe-mode and remove it from your add-remove programs, also clear all temp files and cookies.
This is great advice.
This is great advice.
Hi Arkroyal
AVG scans ZIP files. The Jingle.zip
Jingle.exe just means that jingle.exe inside jingle.zip is infected.
1. What do you mean by Microsoft directed you to a site after the initial error? Do you mean the AVG warning? What site did it take you to?
2. It's unlikely that the trojan is causing a reboot. What happens when it restarts? Do you get any messages or just a totally unexpected restart?
3. It's in your attachments folder. Did you download this from a trusted source? If not, then advice snippet #1. Ignore all emails, especially attachments, from unknown sources. If so, let the sender know they might have a problem.
4. It might be a "false positive". AVG is sadly a shadow of it's former self and is known for false positives. Download another AV program, e.g. Avast, and scan the same file. If you are prevented from download an AV program, this could well be a symptom of a trojan.
5. Generic16 is a well known trojan. The various letters that come after it indicate variants. In general, it will change your desktop image to imply that your PC is infected. It will also redirect your browser to various websites, some of which will try to trick you into buying "scareware", others will try to download additional malware.
Scareware - Wikipedia, the free encyclopedia
6. Advice snippet #2. If you keep Windows patched and don't do your everyday stuff as an administrator, you will have little to fear in the future. I have had one virus/trojan/other nasty in 4 years, and that was because I didn't follow my own advice. Truth is, keep patched, run as a plain old user and Windows is very secure (I'm assuming you're running XP SP3 or later).
If you are able to install another AV and it confirms the trojan, then you're going to need expert help to remove it. This link may help with identifying a false positive.
AVG Forums - How To Handle Suspicious False Positive Detection?
What's your geek level from 1 (normal person) to 5 (true geek)?
Hope this helps
Cheers
costa rica hotels
AVG scans ZIP files. The Jingle.zip
Jingle.exe just means that jingle.exe inside jingle.zip is infected. 1. What do you mean by Microsoft directed you to a site after the initial error? Do you mean the AVG warning? What site did it take you to?
2. It's unlikely that the trojan is causing a reboot. What happens when it restarts? Do you get any messages or just a totally unexpected restart?
3. It's in your attachments folder. Did you download this from a trusted source? If not, then advice snippet #1. Ignore all emails, especially attachments, from unknown sources. If so, let the sender know they might have a problem.
4. It might be a "false positive". AVG is sadly a shadow of it's former self and is known for false positives. Download another AV program, e.g. Avast, and scan the same file. If you are prevented from download an AV program, this could well be a symptom of a trojan.
5. Generic16 is a well known trojan. The various letters that come after it indicate variants. In general, it will change your desktop image to imply that your PC is infected. It will also redirect your browser to various websites, some of which will try to trick you into buying "scareware", others will try to download additional malware.
Scareware - Wikipedia, the free encyclopedia
6. Advice snippet #2. If you keep Windows patched and don't do your everyday stuff as an administrator, you will have little to fear in the future. I have had one virus/trojan/other nasty in 4 years, and that was because I didn't follow my own advice. Truth is, keep patched, run as a plain old user and Windows is very secure (I'm assuming you're running XP SP3 or later).
If you are able to install another AV and it confirms the trojan, then you're going to need expert help to remove it. This link may help with identifying a false positive.
AVG Forums - How To Handle Suspicious False Positive Detection?
What's your geek level from 1 (normal person) to 5 (true geek)?
Hope this helps
Cheers
costa rica hotels
Resident insomniac
Joined: Aug 2005
Posts: 1,878
Likes: 1
From: N54 58 34 W02 01 21
What is the actual file name and location that SpywareTerminator is providing for this possible worm
This is a Microsoft self-extracting stub (it says).
Google says:-
Download details: Windows Server 2008 Service Pack 2 and Windows Vista Service Pack 2 - Five Language Standalone (KB948465)
As it isn't part of the boot partition, I presume (?) it can have no effect?
Hippopotomonstrosesquipidelian title
Joined: Oct 2006
Posts: 1,825
Likes: 1
From: is everything
It's almost certainly a false positive, and you can ignore it. If you want to be certain, you could do an MD5 hash of the file and compare it with the MD5 hash on Microsoft's website. If you don't know how to do a hash, then I wouldn't bother with it.
Joined: Dec 2005
Posts: 1,694
Likes: 15
From: Wellington,NZ
Agree with bushfiva.
You could also submit the file to virustotal for several second opinions.VirusTotal - Free Online Virus and Malware Scan
[edit]
Don't bother doing this.
Useful site to check smaller files, though.
You could also submit the file to virustotal for several second opinions.VirusTotal - Free Online Virus and Malware Scan
[edit]
Don't bother doing this.
Useful site to check smaller files, though.
Last edited by Tarq57; 16th April 2010 at 06:49.
