There are a lot of times when even we, who call ourselves 'Advanced Computer users', find ourselves upto our eye-balls in, not muck, but embarrassment! Embarrassment coz of the small problem we could not 'fix'. This is for all those then, who want to avoid that funny feeling of being a misfit in the computer fiefdom.
The first issue i'd be addressing is the worm called the I-Worm Generic/CJR.
The I-Worm Generic/CJR copies itself into the \Windows\System32 folder as a dll. Your Anti-virus also catches the worm and refers it to a dll file. Now, this worm tries to send mass mails from your system. It sometimes blocks the browser from connecting to the Internet and Anti-virus websites. This also does an irritating thing : it disables you to view 'hidden' files. Try as many times as you want to, but you just cannot view the hidden files even after several attempts to un-hide them from the Tools>Folder Options>View menu.
This worm can be normally removed by a majority of the Anti-virus programs. But it leaves the above anomaly behind.
Here's the solution then :
1. Use any antivirus to remove the virus first.
2. go to Run menu (winkey+R).
3. type regedit.
4. go the path : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Advanced\Folder\Hidden\SHOWALL
5. Look at the CheckedValue key (on right side). This should be a DWORD key. If it isn’t, delete the key. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1. Also most of the times it leaves the 'CheckedValue' as it is but it changes the value to 2. So all you have to do is change its value back to 1.
You can now make the Tools>Folder Options>View>show Hidden files and folders function normally.
Hi Rajesh! Many thanks for your description and solution.
ReplyDeleteMy Anti-Virus detected the I-Worm Generic/CJR and told me it was a dll in the System32 Folder, which was then deleted after my ok.
I had the problems you describe: The internet-connection stopped sometimes and some Anti-Virus pages couldn't be loaded in the browser. Now these things run properly again.
But I didn't have the third thing with the hidden files and folders. I'm able to open them. I looked after the Registry key, you describe: The CheckedValue key is a REG_DWORD and has the value of 1. But there's also a DefaultValue key with a value of 2. Is This ok? And is the Worm deleted from my System now?
Greetings from Austria!
Martin
Hey Martin.
ReplyDeleteyes the virus has been deleted! And yes there's nothing amiss with the Registry keys. They are alright.
Welcome aboard!
regards
Rajesh Pandharpurkar
Hey Rajesh,
ReplyDeletemany thanks for your answer, your blog (which helped me identifying the virus and gave me information on the behaviour of it) and your welcome.
You know, the worst thing about having a virus on your computer is not to know, what it actually does, which files it creates, which registry keys it creates/changes, how it harms your system and how you can get it off your computer.
Another funny thing, this virus did to my system: It blocked my internet-connection after a while, not the moment when it was launched. This happened sometimes after about five minutes, sometimes after ten. At the same time, it deactivated my soundcard. So I had to restart the system again to get back sound and the possibility to launch a new internet-connection. I thought, there's something wrong with my system but I didn't think it's a virus.
I don't know how I got it and why my Anti-Virus didn't warn me earlier. It was always activated and up to date. But I'm happy that I got rid of it.
It's the first blog, I'm following. You wrote, everyone will get addicted to blogging after a while. Well, let's see ;). Maybe I'll start my own someday.
Finally a privat question: Is this your little daughter on the photo? She looks so sweet. You must be very proud of her, aren't you?
regards
Martin Wimmer
Hey Martin,
ReplyDeletefirstly lemme thank you for following my blog. Hope you have a good time here.
Yea it is indeed my little daughter, Riddhi. She's an absolute beauty this tiny tot. Thanks for your comments on her picture. Yes, i am a very proud father....and i have been lucky!
Martin there's another Virus called 'Conficker'. It blocks all the websites which have to do about security. For e.g., Symantec and Microsoft. I am going to post an write up on the same too. Do look up and pass the information. My idea is, the virus can block the security websites, but it can do nothing about blogs, right?
regards
Rajesh Pandharpurkar
Hey Rajesh,
ReplyDeletesure, I'm having a good time here and I'm looking forward to your description of the Conficker virus. I've heard of it. I scanned my machine with three different Anti-Virus programs (AVG, Kaspersky, Bitdefender) and no other virus was found (only a few tracking cookies).
Connection to Anti-Virus-websites and Microsoft is possible again and my internet connection doesn't stop anymore. So I think I haven't got the Conficker. But if I know, which files or registy entries he creates, I'm able to search for it.
Yeah, I guess such a sweet and beautiful little princess makes her father proud. So all the best wishes for Riddhi and her proud parents.
regards
Martin
Hey Rajesh,
ReplyDeleteI had this virus too,my Norton Internet Security found it and deleted it,but the 'symptom' (frequent internet connection fail,reboot is the only solution) persisted. I modified the registry key,nothing happened. I then installed NOD32 (great version,up-to-date) and it didn't find anything. I even reinstalled Windows XP,and that also didn't work.
What on earth should i do ?
Hello oblivion,
ReplyDeleteLet me answer your queries by questioning you!
1. Are you able to visit all the popular Anti-Virus websites?
2. Now, modifying the registry keys is supposed to be solution for correcting the 'Hidden' files problem. So when you say "nothing happened..", did you mean the 'Hidden' files problem or the frequent Internet disconnections?
If answer the above questions, i will be in a better position to help you. Also i need your system configuration as well + Anti-Virus used + Spyware used + Malware used.
regards
Rajesh Pandharpurkar
Hello,
ReplyDeleteFirst of all,thanks for the reply. I can visit popular Anti-Virus websites like Norton,Nod32 or Avast. And I meant the internet disconnections,they are becoming very annoying..
This morning i started a smart scan with my Nod32 and it found like 4 another infections,but no generic worm. I cleared the other infections not 10 minutes ago,i will see how it worked.
I am running Windows XP Professional on a AMD Athlon Dual Core Processor 5050e 2.61 GHz with 3.0 GB of RAM. As Anti-Virus/Spyware/Malware i am using ESET NOD32,I installed it just yesterday and seems to work very well.
I will come with further notices and eventually ask for your help once again if the problem persists.
thank you very much,
Radu from Romania
Hello,
ReplyDeleteFirst of all,thanks for the reply. I can visit popular Anti-Virus websites like Norton,Nod32 or Avast. And I meant the internet disconnections,they are becoming very annoying..
This morning i started a smart scan with my Nod32 and it found like 4 another infections,but no generic worm. I cleared the other infections not 10 minutes ago,i will see how it worked.
I am running Windows XP Professional on a AMD Athlon Dual Core Processor 5050e 2.61 GHz with 3.0 GB of RAM. As Anti-Virus/Spyware/Malware i am using ESET NOD32,I installed it just yesterday and seems to work very well.
I will come with further notices and eventually ask for your help once again if the problem persists.
thank you very much,
Radu from Romania
Oh wait I thought that NOD32 has a Spyware program incorporated but it doesn't. I installed Spyware Doctor and voila - he's still there,all over my files. SD describes it as : 'Trojan.RiskTool.generic!ct'. Pretty much sounds like the original worm to me. He installed himself into some dll files and even hidden files! That's why it changes that key in the registry,so that it can burrow himself into the hidden files so that you can't find it. But I think it's an advanced state of the infection,since I had it for 2 weeks now. Cocky little freak,this one ! Hope this information can help others,too.
ReplyDeleteMan,i feel so bad about bothering you..but I'm desperate ! I formatted my hard drive,reinstalled windows..and guess what : whenever i access my torrent engine and i am downloading at high speeds,my internet connection fails (the tray icon appears with a red X on it),and i can't even shut down,it stops at the 'Saving your settings..' phase. I have to restart from the button.
ReplyDeletePlease..if you have any idea of what's going on,help me..nobody can tell me what's happening,i searched all the internet and there is no one with such an issue..and it's not a virus matter anymore,because I erased my hard drive.
Sorry again for the bother..thank you.
Man,i feel so bad about bothering you..but I'm desperate ! I formatted my hard drive,reinstalled windows..and guess what : whenever i access my torrent engine and i am downloading at high speeds,my internet connection fails (the tray icon appears with a red X on it),and i can't even shut down,it stops at the 'Saving your settings..' phase. I have to restart from the button.
ReplyDeletePlease..if you have any idea of what's going on,help me..nobody can tell me what's happening,i searched all the internet and there is no one with such an issue..and it's not a virus matter anymore,because I erased my hard drive.
Sorry again for the bother..thank you.
Hey Radu,
ReplyDeleteI have gone over your past queries. And do not feel bad about bothering me at all. It's not a bother, in the first place. So rest easy. I feel good if i am able to help a fellow human in any way i can.
Now on to your problem. Let's go step-by-step.
1). Right then, you uninstalled your O/s. May i ask what was the problem that forced you to uninstall.
2). I pored over your previous queries. It seems that you use a lot of Torrent Engines. Please i ask you to use a safe torrent download manager. I recommend you to use " µTorrent ", pronounced 'U'torrent. Its the safest i know i in the business.'FDM' also does a dual job of being a download manager as well as a Torrent download manager.
3)And do not be downloading just about each and every torrent that you come across on the Internet. Please use a safe sites like 'www.mininova.org'.
4).Also i assume that you use a P2P software like Limewire. Please make sure that you always scan any file downloaded by the software, before opening it.A lot of movie files also contain a trojan/virus/backdoor. So beware.
Lastly the most likely solution. Please stop using the current torrent manager. Uninstall it and then check whether you are able to use your comp. normally. Use a good Anti-virus and scan every file, specially zip files, doc files, exe etc.. About the shutdown problem, that must be the result of an incorrect Windows installation. Do this :
>Press 'Start'>click 'Run'>in the box type 'sfc' without braces. > click ok or press 'Enter'. SFC (System File Checker) is a Windows application which checks for if any system files are missing. Make sure before running this program, have your Windows XP O/s disk in the CD/DVD drive.
Please get back to me with the result.
It's not a bother at all.
regards
Rajesh Pandharpurkar
India
Hi,
ReplyDeleteThe best information i have found exactly here. Keep going. Thank you.
ddr
Hi Shawn,
ReplyDeletethanks. I am happy you found this information helpful in getting rid of a major headache!
Rajesh G Pandharpurkar
hi i my avg is detecting the following virsus
ReplyDelete1. generic12.ahxy.
2. worm/downadup
3. generic/cjr
4. generic_c.yh
what do i do to get rid of them .
i have two desktop computers and now they keep showing some errors or tthe other and i cant share my data on them like i previously did.
can u pls help me with this
Hello Kunal,
ReplyDeleteas for the the list of viruses/worms that you mentioned above, the fact that your anti-virus was able to catch them is sufficient proof that AVG is up to date.
To remove the infections take these steps :
1. Open your main AVG Console by double-clicking on the AVG icon on your desktop.
2. Click on 'History'. Click on 'Scan results'.
3. It will open up a window called "Scan results overview". Here you can see the history of the Scans.
4. Now click on the row where the scan history shows the date you found out abut the infections. (You can check the "Infections" column where it shows how many infections your Anti-virus has found. For e.g : '4/4')
5. Double-click the row to be taken to the "Scan results" window. You will find two tabs namely : "Results Overview" and "Warnings". Click on the Warnings tab. Here you will find the list of viruses that your anti-virus caught. While in the same window, click on the 'Remove all unhealed infections" button on the bottom right hand corner. That is it!
In case, your anti-virus was not able to heal the infections, then it send them to the 'Virus Vault'. To access the Virus Vault follow these steps :
1. Go to the AVG main console. Click on History and again click on 'Virus Vault'.
2. This window shows the infections the anti-virus was not able to heal. All you have to do remove such infected files is to simply click on the 'Empty Vault' button on the bottom right hand corner. Well, that is all one do about this menace!
Hope you find this information useful.
Thanks for visiting my blog.
Regards
Rajesh G Pandharpurkar
Dear Kunal,
ReplyDeletecontinuing from the above, alternatively you can also visit the following Norton website :
http://www.symantec.com/norton/security_response/removaltools.jsp
While here, you can get whatever information you need.
regards
Rajesh G Pandharpurkar
dear rajesh,
ReplyDeletei tried all the steps you told me but the dam thing keeps coming back and keeps showing up when ever i scan my comp. is there any other way to get rid of these virses
regards,
kunal
Hey Kunal,
ReplyDeleteI am sorry, you have not been able to get rid of the problem.
Although i've tried my best, it is obvious that my efforts did not help you find a solution. However, may i ask you to send me a screen-shot of the viruses that your AVG catches to me at this email : raj15aug@gmail.com . Also your Sys. configuration.
Let me see if i can help you further.
regards
Rajesh G Pandharpurkar
ok ill do the needful
ReplyDeletethanks