August 21, 2008

I’ve been invaded

This is what appeared in my computer last night (click the photo to view large enough to read.) I was in a search engine and found an entry that was exactly the phrase I had entered. I clicked on it and a video box came up, but with a notice that I needed to install a new software upgrade in order to view the video. I wanted to see the video, so I installed the stupid thing. As you can see from my scan log above, I opened up Pandora’s box.

I guess my AV protection is pretty good. It deleted the Win32/Puper!generic trojan right away. Here’s the problem, though: it keeps coming back. Literally every thirty second or so I get the above pop-up telling me that it’s back but my AV protection has deleted it.

This has happened hundreds of times since it started last night. If I’m typing when the infection alert pops-up (like right now) I have to stop what I’m doing and close it before I can continue. On the info page for this monster I find that:

The file “intmonp.exe” is usually accompanied by the file “popuper.exe”. Both files are used to re-launch the other in-case any of them are terminated. “popuper.exe” also drops “intmonp.exe” if it is not found on the system. It also sets the following registry value in order to execute itself when “explorer.exe” is started:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\explorer\notepad2.exe = “popuper.exe”

This registry value is also monitored by the trojan. If it is modified in any way, the trojan sets it again.

So, that explains what’s going on, but doesn’t tell me anything about how to fix it. I’ve found nothing on the CA site that tells me how to block the blasted thing so it will quit coming back. According to what I’m understanding, it won’t even do any good to open my registry and delete it there because it will continue to re-install itself. Isn’t that what it’s saying? I should tell you the idea of opening my registry and deleting anything scares me to death. I’ve don’t even know how to open my registry, much less how to find the right stuff when I’m in there. I greatly fear that I would do the wrong thing and end up erasing myself from the universe.

If you know what I’m supposed to do, could you help me out here, please?

Technorati Tags: computer virus, trojan, pupur trojan

RSS feed for comments on this post.
TrackBack URI

4 Responses to “I’ve been invaded”

1. August 21st, 2008 at 9:16 am, denise Says:

   did you turn off system restore when you ran the virus scan? According to trend, XP and ME users must disable system restore while cleaning up the virus

2. August 21st, 2008 at 9:51 am, skeet Says:

   I didn’t, but I will now. Mahalo!

3. August 22nd, 2008 at 9:18 am, skeet’s stuff » Four Foods on Friday #43 Says:

   […] no picture this time. I’m still struggling with the Win32/Puper!generic trojan and my computer is running so slow I keep timing out. Editing photos is not going to […]

4. August 24th, 2008 at 2:56 pm, skeet’s stuff » The dragon is slain! Says:

   […] problems started Wednesday night when my CA Anti-Virus alerted me to an intruder. Only a Trojan virus, one of the more innocuous […]

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website