Hi,
Nod32 always finds some intected files.
I often see them in this path:
Documents and Settings/Mio Nome/Impostazioni locali/Temp
I have to delete them manually.
The infected files are:

17exhmunmlclr10
48exhmunmlclr10
67exhmunmlclr10
74exhmunmlclr10

Today I have just found these but I often find many other infected
files. Every week they are 20 files.
Are they virus? How could I solve this problem?
Thanks

<> wrote in message news:
Submit the file(s) to www.virustotal.com and report
back what it says.

File 9exhmunmlclr10.exe ricevuto il 2008.04.22 20:37:03 (CET)
Stato corrente: finito
Risultato: 7/32 (21.88%)
Formattato Formattato
Stampa risultati Stampa risultati
Antivirus Versione Ultimo aggiornamento Risultato
AhnLab-V3 - - -
AntiVir - - TR/Agent.245760.7
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Win32.Womble
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - Virus.Win32.Virut.as
Kaspersky - - -
McAfee - - BackDoor-CMQ
Microsoft - - Trojan:Win32/Horst.gen!B
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious File With Mass Email
Capabilities
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Agent.245760.7
Informazioni addizionali
MD5: b9db8d599e8f405004f33c5e53df9741
SHA1: 5137fabee81d3cdf261ab85002f7b7693dfdd8ba
SHA256:
9b3f35b9beed321cfedeeed9285dfa760e681fc6d78f43b2c0 9a8b9e2969ea8c
SHA512:
08a977c90fb4fda6ac4095ceff2043557594e0dff3ebbc430b 115e37cc6db875b3baa97fdb0d8e05fbc588cb19b97894c819 a345511bf9fa33fc0326f7135527

<> wrote in message news:
you had several. Seems to get several hits, but
not all the same. I'm sure someone will be better
able to help you now.


8e05fbc588cb19b97894c819a345511bf9fa33fc0326f71355 27

From: <ijones@TOGLIinterfree.it>

| Hi,
| Nod32 always finds some intected files.
| I often see them in this path:
| Documents and Settings/Mio Nome/Impostazioni locali/Temp
| I have to delete them manually.
| The infected files are:

| 17exhmunmlclr10
| 48exhmunmlclr10
| 67exhmunmlclr10
| 74exhmunmlclr10

| Today I have just found these but I often find many other infected
| files. Every week they are 20 files.
| Are they virus? How could I solve this problem?
| Thanks

Yes. According to Virus Total you have a Virut infection.


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

http://www.pctipp.ch/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/...irus-for-free/

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

THANKS a lot for your advice.

In article <rU3Rj.394$lc6.135@trnddc04>, DLipman~nospam~@Verizon.Net
says...
If they're always in that Temp folder but nowhere else it seems likely
that NOD32 is doing its job and stopping them doing any damage.
The bigger question is why they keep on coming back.
"Impostazioni locali" is "Local Settings" in English, I think, so that
Temp folder isn't the browser's. Do mail clients use it?
--
Snob? Were I a snob, I wouldn't be talking to you.

"Dave Budd" <dave.budd@manchester.ac.ku> wrote in message
news:MPG.227fa9a0ee8900669899dc@news.individual.ne t...
/Local Settings/Temp is Firefoxe's temp folder

-jen

"David H. Lipman" <> wrote in message news
ple-anti-virus-for-free/
show anything, and McAfee shows something
and Trend isn't in Virus Total, what are the chances
that Multi-AV won't be able to clean?

From: "Russg" <russgilb@MUNGEsbcglobal.net>



| Since Virus Total Sophos and Kaspersky don't
| show anything, and McAfee shows something
| and Trend isn't in Virus Total, what are the chances
| that Multi-AV won't be able to clean?


Chances are good that McAfee will be good but we saw but one VT report. The others in the
Multi-AV aersenal may catch what was NOT reported.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

In article <gxmRj.68090$Er2.42724@bignews6.bellsouth.net>,
jen@example.com says...
C:\Documents and Settings\[username]\Local Settings\Application Data
\Mozilla\Firefox\Profiles\[name]\Cache
?

You learn something new every day!

It's not IE's temp folder though. Or does IE use it for something as
well as using Temporary Internet Files?


--
Snob? Were I a snob, I wouldn't be talking to you.