Well today that was something I didn't want to go
So I decided to do a THOROUGH scan for viruses in
ALL files on my hard disk.
I started with a "Google Search
" for "virus scan
". The first Site
is: "Trend Micro - Free
online virus Scan
... A security vulnerability may
have impacted prior versions of
the Housecall online
virus scanning service. ... Scan Now. It's Free!
Description: Free online virus scanner. By
Trend Micro, Incorporated.
http://housecall.antivirus.com/ - 41k
- Cached - Similar pages
So I clicked it, and that Web Page
"HouseCall ... Scan Now.
"... (anyone) may use
Housecall, Trend Micro’s free online virus scanner."
I clicked on the "Scan Now" link, and
on the next page I had to select "USA" (so they know what
viruses to expect),
and the Scan download started!
This "HouseCall" Virus-Scanning Program downloaded on my
standard 56K modem in ~10 minutes.
Then this "HouseCall" Virus-Scan Program found the
following Viruses on my Hard
For these Viruses, I've Summarized and Listed the
following Descriptions and Solutions
from Trend Micro's Web Site.
with Copying & Posting "their" info because:
SERIOUSLY RECOMMEND THAT YOU (EVERYONE WHO READS THIS
SHOULD GO TODAY TO THEIR SITE AND RUN THEIR FREE
And of course support them by buying their
virus-removal services / programs if you find any viruses!
PLEASE - DO THIS TODAY! Even -
It only takes 15 minutes, and you may have a virus
program RIGHT NOW on your disk that you don't know about, that's IN YOUR BEST
INTEREST to find out about right away!
Unless you want to do like me, and wait until your system crashes...
JS NOCLOSE.E (on my disk: C:\Windows\Local
Virus type: Trojan
Destructive: No Payload:
Opens several invisible browser windows
Size of virus: 7,630 - 7,650 Bytes
Date of origin: May. 1, 2002
Place of origin: Philippines
opens and hides one or more Internet browser windows and prevents users
from controlling these browser windows.
This script malware, which is usually embedded in certain Web
sites, opens browser windows to connect to a pre-defined list of URLs contained
in its body. Infected users may encounter difficulties in viewing, maximizing,
and closing these windows while unknowingly running this malware's hidden
Similar to earlier variants, this non-destructive and
opens browser windows to perform its hidden functions.
Upon execution, it opens several Internet browser
windows to pre-defined URLs that are listed in its body. The URL can be
executed in a separate browser window or inside its own window. This way,
it could execute several malicious script files in a user’s system
without the user's knowledge.
It is not dangerous and destructive by itself, but its
behavior can causes delays and can become annoying to users because of the
traffic it produces. It also performs certain hidden functions and
makes opened browser windows difficult to control or close.
window by resizing it to 1 pixel, and moving its location on the display at
coordinates 10000, 10000. This is already beyond visible screen
resolutions, which is usually set at lower values. In HTML form, this
malware minimizes its browser windows and prevents users from easily maximizing
and closing them.
While active, some variants of this malware could send
cookies to remote users who can then monitor for browsing behavior. It gathers
information such as frequently visited Web sites or how often a user visits
Close each of its browser windows
found at the taskbar to terminate HTML files infected with this malware.
Scan your system with Trend Micro antivirus and delete all
files detected as JS_NOCLOSE.E. T
(on my disk: C:\Windows\gypgtjfo.exe)
Virus type: Trojan Destructive: No
Aliases: Downloader.MSCache, Trojan.Win32.TalkStocks
This Trojan attempts to connect to a
Web site (usually http://www2.sko<BLOCKED>idoo.com/softwares/)
to download its components. It can also download other applications from the
Internet that may be malicious, and affect the system settings of an infected
Typical are the following components:
RANDOMISER.EXE (7,680 bytes)
This is the main
downloader program, which downloads the files, MSCACHE2.EXE and MSCACHE2.DLL,
and saves them in the Windows directory using random file names.
MSCACHE2.DLL (12,2880 bytes)
This component is
installed as a browser helper object that is used to download and install
updates of the malware or its components.
The malware can download other applications from the Internet that
may be malicious and affect the system settings.
Scan your system with Trend Micro antivirus
and delete all files detected as TROJ_MSCACHE.
(on my disk: C:\Windows\winfavorites.exe,
Virus type: Trojan
Destructive: No Aliases:
This memory-resident Trojan creates a folder named WINFAVORITES in
the Program files folder of a target system. It also downloads a file from a
specific URL, and drops the said file in the root directory of the infected
To remove this malware, first identify
the malware program:
Scan your system with your
Trend Micro antivirus product; NOTE all files detected as
Search the ENTIRE hard disk for the following Files, and Delete
it won't delete, it's still running - use Task Manager (ctrl+alt+delete) &
Terminate any TROJ WINFAVS.A processes)
Run Regedit, and Delete the following:
(or equiv. - delete only this Entry)
(delete this entire
For Full Information on
Detection and Removal of the Above Viruses
- and Many Many Others
Please Do go to the Trend Micro Web
Again, I STRONGLY recommend that you do visit this
site - today!
"The Best Way to Fix a Problem, Is to
Stop It Before It Happens!"
- Philip C. Dybel
Philip C. Dybel
December 23, 2003