VIRUS!?! Need Help Please!!

Narket

Okay, everytime I open internet explorer, my anti virus pops up with this,

"A virus or unwanted program was found!"

C:\WINDOWS\System32\dx7.dll

TR/Crypt.Morphine.Gen



I delete it, but it pops up everytime I open I E again. Is it not being deleted or am I just doing something wrong. Is there a way to get rid of it that I don't know about. Please help me PA!!!! Oh, and I have Avira AntiVirus if that tells you anything.

amateurhour

Is that the only thing the message says?

Also, does it just pop up in the messenger service, with an OK button?

Arikado

First of all, you might want to limit using IE and use less-targeted browser (like Mozilla Firefox or Opera) unless it's restricted at work.

Secondly, that looks to be a trojan. I can recommend using the free tool from Trend Micro as a quick fix. After that, you will want to have a virus scanner that is constantly updated. I personally use AVG but there are a few others that can crack down on these things. I'm not too familiar with Avira or it's inner workings but it sounds like it's not a total virus/trojan/worm killer.

Arikado

One more thing, open up your Task Manager (Alt + Ctrl + Del) and look under processes for something called a.exe. Go ahead and End Task it before you do anything to kill it.

amateurhour

a little google-fu shows that it's indeed a trojan, and a data miner, to record similarities in keystrokes, looking for passwords.

agreeing with above poster

1) Stop using IE
2) I noticed in google that the virus had a lot of popups relating to avira. It's what avira has termed it, apparently. Try using AVG or another virus scan to see if it will remove it. Trend Micro (as mentioned above) is also great. We use the corporate edition at work and it does an outstanding job.

Narket

Arikado wrote: »

One more thing, open up your Task Manager (Alt + Ctrl + Del) and look under processes for something called a.exe. Go ahead and End Task it before you do anything to kill it.

There is no a.exe. I have avgnt.exe alg.exe and avguard.exe. that's all the exe's that start with an a.

Edit: And this is a work comp so a no go on mozilla (God I wish i could though)

Narket

amateurhour wrote: »

Is that the only thing the message says?

Also, does it just pop up in the messenger service, with an OK button?

It asks what to do

Quarantine
Delete
Rename
Access Deny
Ignore

I have tried delete, and move to quarantine, but nothing. It still pops up evertime I open IE


Edit:For Arikado, the antivirus we have here checks for updates daily. It was actually updated yesterday, and I did a manual update just a few minutes ago, and it says we are at optimal performance. I want to try that tool that you linked but until I get a replay about the exe question I had, I don't want to.

Fort1tude

If you are wireless disregard this whole section.

Boot to safe mode with networking (Tap F8 while booting till you see options)
Go to www.bitdefender.com
Click on the button that says "Scan Now"
Follow the prompts in the new window.
Come back in 2 hours.

If you are on wireless you can attempt to scan in normal mode but good luck.

Arikado

If a.exe isn't running, the trojan is probably not running. Or it could be under a different .exe name. Either way, use the Trend Micro tool and get rid of it. If you have an IT dept. at work, you'll want to have a chat with them regarding how to safeguard the computers there.