I got a PC virus! :(

[Colin]

My computer has been infected with the Trojan.ByteVerify Virus. My Norton picked it up but it cannot be repaired. The file that is infected is C:/WINDOWS/Temporary Internet

Do you think I should quarantine it? Because I'm not sure if Temporary Internet is my internet I use to get on. Any ideas?

[blizzard]

Temporary Internet is the folder that stores internet activity files such as pics, recently visited sites and the such. Quarantining it should be alright.

Good luck with this.

[Stephanie]

DEFINATELY quarantine it.

I believe that the temporary internet files come from your activity on the internet. I don't know what will happen once you quarantine that virus and how it will affect your PC's use of that file.

We have alot of 'puter experts on this board, so I'm sure that someone can give more information. I remember that Coriolis (Ed) is pretty knowledgable. Maybe you can PM him?

[Colin]

OK...I'm not going to quarantine it just yet...I'll wait for a little bit more input, not that I don't trust you guys.

[Stephanie]

That's okay Colin. Good luck with it!

[Colin]

I'm talking with CHAD right now about it!

[Colin]

I asked my mom about it...she told me to quarantine it, delete it, and then I finished the rest. I think that worked!

[StormCrazyIowan]

Glad to hear it!!

[coriolis]

It seems a little odd that a folder would be infected, rather than a file. Maybe it means that there's a suspicious file in that folder. There are no program files in that folder. You can delete EVERYTHING in it. It's just a place where windows stores information about sites you've visited, so they load faster the next time. Try emptying that folder and see if it still comes up as infected.

You can even delete that folder in its entirety, (or temporarily rename it if you're cautious) Then create a new folder with the same name.
That might clear out the infection. After you're comfortable you can go back and delete the renamed one.

Any objections to that, anyone?

[Lindaloo]

Don't worry Colin, it happens to the best of us.

[stormchazer]

I asked my mom about it...she told me to quarantine it, delete it, and then I finished the rest. I think that worked!

Here is what Symantec Recommends:



The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.


Disable System Restore (Windows Me/XP).
Update the virus definitions.
Restart the computer in Safe mode or VGA mode.
Run a full system scan and delete all the files detected as Trojan.ByteVerify.

For specific details on each of these steps, read the following instructions.

1. Disabling System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:
"How to disable or enable Windows Me System Restore"
"How to turn off or turn on Windows XP System Restore"
For additional information, and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article, "Antivirus Tools Cannot Clean Infected Files in the _Restore Folder," Article ID: Q263455.

2. Updating the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:

Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.

3. Restarting the computer in Safe mode or VGA mode
Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode or VGA mode.
For Windows 95, 98, Me, 2000, or XP users, restart the computer in Safe mode. For instructions, read the document, "How to start the computer in Safe Mode."
For Windows NT 4 users, restart the computer in VGA mode.

4. Scanning for and deleting the infected files
Start your Symantec antivirus program and make sure that it is configured to scan all the files.
For Norton AntiVirus consumer products: Read the document, "How to configure Norton AntiVirus to scan all files."
For Symantec AntiVirus Enterprise products: Read the document, "How to verify that a Symantec Corporate antivirus product is set to scan all files."
Run a full system scan.
If any files are detected as infected with Trojan.ByteVerify, click Delete.





Write-up by: Douglas Knowles

[Colin]

I think it worked...I'm not sure how to see if it's still infected. I'll run the scan before I go to bed and let it run for the night...I'll let you know in the morning.

Thanks for all the help guys!

[Lindaloo]

I agree Ed. He could have picked up a virus and infected pics and stuff did not get deleted in that folder. It happened to me. When I reformatted, I did not delete some pics in a folder. I sent one of them to a friend and WHAM "virus detected" So, it makes sense to me.

[Rainband]

Hope it worked!! I have AVG virus scan..it is awesome and free. I had a virus and Mcafee just quarentined it..AVG erased it. It scans all the time..not only when I run it and updates often..Good luck colin

[Stephanie]

Sounds good to me Ed! Like I said, I knew you were one of the computer experts here!

Glad to hear that your PC seems okay Colin!

[Colin]

Yup..it's working fine

[Josephine96]

I have Norton for my virus scanner

[VanceWxMan]

it was just a file that you got downloaded to your puter while surfing on the net that was infected...Your ENTIRE Temp Internet Files folder will not be infected and all you had to do (looks like you have) is quarenteen the file/s causing the problem and once quatenteened you can then safely delete them.

Besides that was a weak back door virus and only gave peeps access to your puter if they activated it.. nothing to worry about and I am glad that you have a good AV program onboard.

Aaron