variant of Win32/injector.BQ trojan >> HELP!

I'm running Vista Ultimate 32 Service Pack-1 with all the
Windows updates, also Windows Defender and
NOD32 antivirus, all up to date and always running. Even so
I got a variant of Win32/injector.BQ Trojan.
Now every time I try to browse a web site or even when
opening a folder a warning pops up that reads:

" you machine is infected with a virus and you should perform
a free virus scan.then a NOD32 warning appears saying:

----------------------------------------------------------------------------------
http://free-viruscan.com/00/00/00/error.php

Description:

Access to the web page was blocked by ESET NOD32 Antivirus.
The web page is on the list of websites with potentially dangerous
content.
---------------------------------------------------------------------------

It seems that NOD32 caught this, but my machine is already infected
as no matter what I do I can't get rid of the problem.

I have performed a full Antivirus and Windows defender scan, also
I installed Search and Destroy and Adaware, and after running these
there were some problems detected and apparently cleaned.but
still the problem.

All mi programs, my e-mail and others are working OK, but I cant
browse the web or open some folders.

Is there a tool to remove this?

I'll appreciate any help regarding this.

Thanks in advance.
Willy

PS: How I got infected when running NOD32, Windows Defender, and
my Windows firewall up and running, should I install a different antivirus?

Update your NOD32 and/or try some of the free online virus scanners.

"Willy" <WilliamNoSpamB137@adelphia.net> wrote in message news:evkHcVW6IHA.3856@TK2MSFTNGP06.phx.gbl...
> I'm running Vista Ultimate 32 Service Pack-1 with all the
> Windows updates, also Windows Defender and
> NOD32 antivirus, all up to date and always running. Even so
> I got a variant of Win32/injector.BQ Trojan.
> Now every time I try to browse a web site or even when
> opening a folder a warning pops up that reads:
>
> " you machine is infected with a virus and you should perform
> a free virus scan.then a NOD32 warning appears saying:
>
> ----------------------------------------------------------------------------------
> http://free-viruscan.com/00/00/00/error.php
>
> Description:
>
> Access to the web page was blocked by ESET NOD32 Antivirus.
> The web page is on the list of websites with potentially dangerous
> content.
> ---------------------------------------------------------------------------
>
> It seems that NOD32 caught this, but my machine is already infected
> as no matter what I do I can't get rid of the problem.
>
> I have performed a full Antivirus and Windows defender scan, also
> I installed Search and Destroy and Adaware, and after running these
> there were some problems detected and apparently cleaned.but
> still the problem.
>
> All mi programs, my e-mail and others are working OK, but I cant
> browse the web or open some folders.
>
> Is there a tool to remove this?
>
> I'll appreciate any help regarding this.
>
> Thanks in advance.
> Willy
>
> PS: How I got infected when running NOD32, Windows Defender, and
> my Windows firewall up and running, should I install a different antivirus?
>

You might want to also turn off "System Restore", let NOD32 find and delete
the trojans, reboot and then restart "System Restore". Of course, you will
have lost all your previous restore points, but system restore is a favored
hiding place for malware.


"Spirit" <noone@notthere.net> wrote in message
news:%23odVulW6IHA.3684@TK2MSFTNGP05.phx.gbl...
Update your NOD32 and/or try some of the free online virus scanners.

"Willy" <WilliamNoSpamB137@adelphia.net> wrote in message
news:evkHcVW6IHA.3856@TK2MSFTNGP06.phx.gbl...
> I'm running Vista Ultimate 32 Service Pack-1 with all the
> Windows updates, also Windows Defender and
> NOD32 antivirus, all up to date and always running. Even so
> I got a variant of Win32/injector.BQ Trojan.
> Now every time I try to browse a web site or even when
> opening a folder a warning pops up that reads:
>
> " you machine is infected with a virus and you should perform
> a free virus scan.then a NOD32 warning appears saying:
>
> ----------------------------------------------------------------------------------
> http://free-viruscan.com/00/00/00/error.php
>
> Description:
>
> Access to the web page was blocked by ESET NOD32 Antivirus.
> The web page is on the list of websites with potentially dangerous
> content.
> ---------------------------------------------------------------------------
>
> It seems that NOD32 caught this, but my machine is already infected
> as no matter what I do I can't get rid of the problem.
>
> I have performed a full Antivirus and Windows defender scan, also
> I installed Search and Destroy and Adaware, and after running these
> there were some problems detected and apparently cleaned.but
> still the problem.
>
> All mi programs, my e-mail and others are working OK, but I cant
> browse the web or open some folders.
>
> Is there a tool to remove this?
>
> I'll appreciate any help regarding this.
>
> Thanks in advance.
> Willy
>
> PS: How I got infected when running NOD32, Windows Defender, and
> my Windows firewall up and running, should I install a different
> antivirus?
>

The only way to get rid of it, is to run a Virus Scan in Safe Mode!

Tap F8 right at Startup, and when a list of options is presented, use the UP
arrow to navigate to Safe Mode, then hit ENTER

Run your Anti-virus, and Defender while there.
--
Mick Murphy - Qld - Australia


"Willy" wrote:

> I'm running Vista Ultimate 32 Service Pack-1 with all the
> Windows updates, also Windows Defender and
> NOD32 antivirus, all up to date and always running. Even so
> I got a variant of Win32/injector.BQ Trojan.
> Now every time I try to browse a web site or even when
> opening a folder a warning pops up that reads:
>
> " you machine is infected with a virus and you should perform
> a free virus scan.then a NOD32 warning appears saying:
>
> ----------------------------------------------------------------------------------
> http://free-viruscan.com/00/00/00/error.php
>
> Description:
>
> Access to the web page was blocked by ESET NOD32 Antivirus.
> The web page is on the list of websites with potentially dangerous
> content.
> ---------------------------------------------------------------------------
>
> It seems that NOD32 caught this, but my machine is already infected
> as no matter what I do I can't get rid of the problem.
>
> I have performed a full Antivirus and Windows defender scan, also
> I installed Search and Destroy and Adaware, and after running these
> there were some problems detected and apparently cleaned.but
> still the problem.
>
> All mi programs, my e-mail and others are working OK, but I cant
> browse the web or open some folders.
>
> Is there a tool to remove this?
>
> I'll appreciate any help regarding this.
>
> Thanks in advance.
> Willy
>
> PS: How I got infected when running NOD32, Windows Defender, and
> my Windows firewall up and running, should I install a different antivirus?
>
>

Willy wrote:

> I'm running Vista Ultimate 32 Service Pack-1 with all the
> Windows updates, also Windows Defender and
> NOD32 antivirus, all up to date and always running. Even so
> I got a variant of Win32/injector.BQ Trojan.
> Now every time I try to browse a web site or even when
> opening a folder a warning pops up that reads:
>
> " you machine is infected with a virus and you should perform
> a free virus scan.then a NOD32 warning appears saying:
>
>
----------------------------------------------------------------------------------
> http://free-viruscan.com/00/00/00/error.php
>
> Description:
>
> Access to the web page was blocked by ESET NOD32 Antivirus.
> The web page is on the list of websites with potentially dangerous
> content.
>
---------------------------------------------------------------------------
>
> It seems that NOD32 caught this, but my machine is already infected
> as no matter what I do I can't get rid of the problem.
>
> I have performed a full Antivirus and Windows defender scan, also
> I installed Search and Destroy and Adaware, and after running these
> there were some problems detected and apparently cleaned.but
> still the problem.
>
> All mi programs, my e-mail and others are working OK, but I cant
> browse the web or open some folders.
>
> Is there a tool to remove this?
>
> I'll appreciate any help regarding this.
>
> Thanks in advance.
> Willy
>
> PS: How I got infected when running NOD32, Windows Defender, and
> my Windows firewall up and running, should I install a different
> antivirus?

NOD32 is excellent. However, from your description of the issue you have
picked up some non-viral malware. Use a malware removal tool to get rid of
it.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/...moving_Malware

You obviously don't need to run the antivirus scan unless you haven't done
so in Safe Mode yet. I see that you've already installed Spybot S&D, but I
don't know if you've scanned in Safe Mode, which is important. And
definitely try Malwarebytes' Antimalware program (details at above link).

When all else fails, get guided help. Choose one of the specialty forums
listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
POST LOGS IN THE MS NEWSGROUPS.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

Hi
just a comment
I clicked on the link
Free-viruscan.com/00/00/00/error.php
just to see what it was, and it started downloading and wanted to run an Exe
the only way to break the link was by Start and restart
the other bottons did not respond
wonder if I'll see something in the days to come
just a comment
Fritz

--
lucky me I guess


"Malke" wrote:

> Willy wrote:
>
> > I'm running Vista Ultimate 32 Service Pack-1 with all the
> > Windows updates, also Windows Defender and
> > NOD32 antivirus, all up to date and always running. Even so
> > I got a variant of Win32/injector.BQ Trojan.
> > Now every time I try to browse a web site or even when
> > opening a folder a warning pops up that reads:
> >
> > " you machine is infected with a virus and you should perform
> > a free virus scan.then a NOD32 warning appears saying:
> >
> >
> ----------------------------------------------------------------------------------
> > http://free-viruscan.com/00/00/00/error.php
> >
> > Description:
> >
> > Access to the web page was blocked by ESET NOD32 Antivirus.
> > The web page is on the list of websites with potentially dangerous
> > content.
> >
> ---------------------------------------------------------------------------
> >
> > It seems that NOD32 caught this, but my machine is already infected
> > as no matter what I do I can't get rid of the problem.
> >
> > I have performed a full Antivirus and Windows defender scan, also
> > I installed Search and Destroy and Adaware, and after running these
> > there were some problems detected and apparently cleaned.but
> > still the problem.
> >
> > All mi programs, my e-mail and others are working OK, but I cant
> > browse the web or open some folders.
> >
> > Is there a tool to remove this?
> >
> > I'll appreciate any help regarding this.
> >
> > Thanks in advance.
> > Willy
> >
> > PS: How I got infected when running NOD32, Windows Defender, and
> > my Windows firewall up and running, should I install a different
> > antivirus?
>
> NOD32 is excellent. However, from your description of the issue you have
> picked up some non-viral malware. Use a malware removal tool to get rid of
> it.
>
> Go through these general malware removal steps systematically -
> http://www.elephantboycomputers.com/...moving_Malware
>
> You obviously don't need to run the antivirus scan unless you haven't done
> so in Safe Mode yet. I see that you've already installed Spybot S&D, but I
> don't know if you've scanned in Safe Mode, which is important. And
> definitely try Malwarebytes' Antimalware program (details at above link).
>
> When all else fails, get guided help. Choose one of the specialty forums
> listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
> POST LOGS IN THE MS NEWSGROUPS.
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers - Don't Panic!
> FAQ - http://www.elephantboycomputers.com/#FAQ
>
>

silver hair wrote:

> Hi
> just a comment
> I clicked on the link
> Free-viruscan.xxx/00/00/00/error.xxx
> just to see what it was, and it started downloading and wanted to run an
> Exe the only way to break the link was by Start and restart
> the other bottons did not respond
> wonder if I'll see something in the days to come
> just a comment
> Fritz
>

A good illustration of why "curiosity killed the cat" (poor kitty!) and also
why posting possibly malicious URLs without munging (ex.
hxxp://www.badsite.xxx and as I've done to your post above) is A Bad Thing.

Now you shouldn't just wait around passively to be sure your computer is
clean. Do some active scanning instead! Everything I suggest at this link
is free so all it will cost you is some time:

http://www.elephantboycomputers.com/...moving_Malware

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

Thanks
I got the patience!
? skill ?
Elephantboy has already given me plenty

--
lucky me I guess


"Malke" wrote:

> silver hair wrote:
>
> > Hi
> > just a comment
> > I clicked on the link
> > Free-viruscan.xxx/00/00/00/error.xxx
> > just to see what it was, and it started downloading and wanted to run an
> > Exe the only way to break the link was by Start and restart
> > the other bottons did not respond
> > wonder if I'll see something in the days to come
> > just a comment
> > Fritz
> >
>
> A good illustration of why "curiosity killed the cat" (poor kitty!) and also
> why posting possibly malicious URLs without munging (ex.
> hxxp://www.badsite.xxx and as I've done to your post above) is A Bad Thing.
>
> Now you shouldn't just wait around passively to be sure your computer is
> clean. Do some active scanning instead! Everything I suggest at this link
> is free so all it will cost you is some time:
>
> http://www.elephantboycomputers.com/...moving_Malware
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers - Don't Panic!
> FAQ - http://www.elephantboycomputers.com/#FAQ
>
>

Hi
I downloaded SuperAntispy Free
It found an removed 20 tracking cookies that my AVG 8 free did not
--
lucky me I guess


"Malke" wrote:

> silver hair wrote:
>
> > Hi
> > just a comment
> > I clicked on the link
> > Free-viruscan.xxx/00/00/00/error.xxx
> > just to see what it was, and it started downloading and wanted to run an
> > Exe the only way to break the link was by Start and restart
> > the other bottons did not respond
> > wonder if I'll see something in the days to come
> > just a comment
> > Fritz
> >
>
> A good illustration of why "curiosity killed the cat" (poor kitty!) and also
> why posting possibly malicious URLs without munging (ex.
> hxxp://www.badsite.xxx and as I've done to your post above) is A Bad Thing.
>
> Now you shouldn't just wait around passively to be sure your computer is
> clean. Do some active scanning instead! Everything I suggest at this link
> is free so all it will cost you is some time:
>
> http://www.elephantboycomputers.com/...moving_Malware
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers - Don't Panic!
> FAQ - http://www.elephantboycomputers.com/#FAQ
>
>

On Sat, 19 Jul 2008 18:39:00 -0700, silver hair
<silverhair@discussions.microsoft.com> wrote:

>Hi
>I downloaded SuperAntispy Free
>It found an removed 20 tracking cookies that my AVG 8 free did not

Tracking cookies are the least "mal" of "malware". I keep EVERY
cookie for many sites I visit (mostly e-commerce sites) and a lot of
those cookies appear as tracking cookies in malware scans.