WIN.EXE

[Guest]

Since my last posting, I have made some progress. I've disovered that a
program named WIN.EXE was installed on my computer on Fed 25th using
TrojanDownloader.Win32.Aphex. EXACTLY how this came to be I don't know.
Since the date of installation corresponds with when my problems with IE6
begain (i.e. having the browswer repeatedly redirected to the site
alffliatedtarget.com) I am reasonably confident that is is this program that
is responsible.
OK, that said, please give me the SIMPLEST way of removing this nuisance
from my computer. I am running WIN 98 SE. Thank

 

[Jan Il]

Hi Jim

Sorry to say, there is no 1, 2, 3 quick fix for this sort or nastyware. Go
here and read the removal information. Follow the instructions carefully.
http://www.symantec.com/avcenter/venc/data/trojan.downloader.aphe.html

These types of malware draw other scumware like a magnet, so where there is
one, there are likley many more.

Also download and install HiJackThis. This is one of the most important
steps. Follow all instructions carefully. This program should be run in
Normal mode.

How to download and install HiJackThis: Win 98-XP
http://www.download.com/HijackThis/3000-8022_4-10227353.html

Please.. DO NOT post your log HiJackThis log to this newsgroup. DO NOT
delete anything from the list yourself unless you are an experienced user of
this program. It is important that you post your log on one of the
HiJackThis Support Forums below and allow the experts there to analyze it
for you:
AumHa HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30
to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.
(Note: You will have to Register before posting on these Forums. Please
follow all pre- posting instructions below carefully to avoid having your
log deleted or ignored.
http://forum.aumha.org/viewtopic.ph...ghlight=&sid=b59f8de4de1850003b79b74558a4b58b
All responders are volunteers and they are very busy, so please be patient.)

Please post a link back here to your log at Aumha so that we can follow your
progress.

Hope this helps.

Jan
MS MVP - Windows IE/OE [DTS/AumHa]
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Vanguard]

Since my last posting, I have made some progress. I've disovered that a
program named WIN.EXE was installed on my computer on Fed 25th using
TrojanDownloader.Win32.Aphex. EXACTLY how this came to be I don't know.

You got nailed by the WMF vulnerability in the graphics rendering programs
in Windows (that IE uses); see
http://www.microsoft.com/technet/security/Bulletin/MS06-004.mspx.
Apparently your anti-virus software was slow to update to catch this, you
don't have an anti-virus program, it was disabled, and you visited a site
that employed the trick (so stop visiting those porn or other nasty sites).
The downloader was one of the payloads which could then download any nasty
into your system. See
http://www.google.com/search?q=+metafile++"Internet+Explorer"+vulnerability.

Since the date of installation corresponds with when my problems with
IE6
begain (i.e. having the browswer repeatedly redirected to the site
alffliatedtarget.com) I am reasonably confident that is is this program
that
is responsible.
OK, that said, please give me the SIMPLEST way of removing this nuisance
from my computer. I am running WIN 98 SE. Thank

There are SEVERAL nasties that employ a file named win.exe. Update your
anti-virus program and do a full scan (while in Safe Mode for Windows). You
don't mention if you used any anti-malware programs, like Ad-Aware, Spybot,
ewido, a-squared, MS Antispyware, or whatever yet you indicate enough
knowledge that you should already know about them.