~~~My box has its 1st virus!!! A new one "Win32/Hantaner" not hantanter as I originally posted??~~~

[EXman]

This window box pops up from AVG antivirus.

Virus identified Win32/Hantaner NOT HANTANTER as I recently spelled

is found in C:\SystemVolume Information\_restore{98298xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}xxx.exe

to remove this virus please run AVG for windows

that is the prompt I keep getting. I have run the AVG twice and still keep getting it. Also when I look at the AVG log it says something like it cannot open alot of files including win32/system/log somthingrather

and a few files in my F:\WINDOWS\system32\config (My main HD is F don't ask why

)

the Files were modified are:
SysEvent.Evt
AppEvent.Evt
Default
Sam
Security
Software
system

Am I FUBARED So far I have had just a few pop ups about the virus but benign (sp) so far.

There is nothing for Hantanter virus on Yahoo? wazzup with that?

 

[InlineFive]

Where is that quote from?

 

[EXman]

from the AVG grey window that pops up evey once and awhile.

 

[Macro2]

"Hantanter"
T
hat doesn't even show up on the AVG website. You sure you spelled it right?

 

[Macro2]

You could always turn off your system restore and then clean it. It may be reifecting you somehow.

 

[EXman]

yup "win32/hantanter" virus what is the easiest way to do that turn off that so it stops reinfecting? never heard of that happening.

 

[Macro2]

What Operating system are you using?

 

[EXman]

xp pro

 

[InlineFive]

Originally posted by: EXman
yup "win32/hantanter" virus what is the easiest way to do that turn off that so it stops reinfecting? never heard of that happening.

System Restore may make a backup of the virus unknowingly. So when it restores it will put the virus (alive and well) back on your machine. This is why he said to stop System Restore and delete all of it's backups.

-Por

 

[EXman]

ok is there a way to delete everything in system restore after Nov 7th the infection started on the 8th?

If so what is the procedeur to do so? Thanks BTW

 

[EXman]

Ok it came up HANTANER not what I spelled it before. It was late. going to look now see what I can find. my pop ups that I have the virus are coming more frequently now...

 

[Mitzi]

Originally posted by: EXman
This window box pops up from AVG antivirus.
There is nothing for Hantanter virus on Yahoo? wazzup with that?

Use a real search engine

 

[Megatomic]

Delete all the restore points that are possibly infected
Turn off system restore
Clean up your system
Turn on system restore
Make a new restore point

I think that should work.

 

[EXman]

I'll see what I can do I have not messed with restore much at all....

found some more info on the virus to... trying to see how I can disinfect this box

should I try and disinfect first

or it probably makes more sence to play with the restore stuff taking Everything dated Nov 8th and deleting it or however you do that.

 

[EXman]

still efforting on this

 

[Ionizer86]

Check your Kazaa shared folder's exe's. kazaa is the only way for it to spread It's not damaging so don't reformat...yet.

 

[EXman]

I totally deleted all Kazaa folders. Watch out for a 12mb ACDSee files. I was trying for that as I lost my back up burnt disc and blammo me screwed no more kazaa 4 me.

 

[waitman]

I believe Trend Micro has something that will clean that file up. It is very common to Kazaa, but you can get it from other file sharing sites also. Their was also another site, don't quite recall, that had some information about it.

 

[EXman]

still efforting thanks trend huh

 

[oldfart]

Symantec info if it helps

 

[waitman]

Here is a direct link if this is what you are looking for, hope it helps.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_HANTANER.A

 

[EXman]

Scan your system with Trend Micro antivirus and clean all files detected as PE_HANTANER.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

the House Call does nothing for me at Trend Micro

ok here is some more instructions...
For Windows XP

Log on as Administrator.
Right-click the My Computer icon on the desktop and click Properties.
Click the System Restore tab.
Select Turn off System Restore.
Click Apply > Yes > OK.
Continue with the scan/clean process. Files under the _Restore folder can now be deleted.
Re-enable System Restore by clearing Turn off System Restore.