Infection with tenga.a virus

[Monroe]

Thanks Prozactive and dencorso for the info on the version numbers. Learn something new everyday.

[Multibooter]

Tenga hasn't come back up to now, after a thorough house-cleaning. Eventually I'll list here all the steps I have taken.

With the "Unofficial Windows 98 SE 256 Colors Icons Explorer EXPLORER 4.72.3612.1710 Fix" by mdgx I am having a little problem with the installer under Win98SE: the Uninstall doesn't work for me. Although the installer Explor98.exe by mdgx updates Ok from the explorer.exe version of nusb, no entry is made in the Add/Remove list.

I do like the new My Computer icon of the mdgx-installer better than the previous icon, but how could I get the old icons back?

Also, the context menu entries for Quick View v10, which seems to be deeply integrated with Windows explorer, have disappeared after the installation of the mdgx-explorer.exe, but this may also have been caused by my test-installation of Internet Explorer 6 SP1. All other context menu entries, like that of Kaspersky Anti-Virus, are Ok. Previously I had installed the mdgx-explorer.exe by just replacing explorer.exe while in another operating system.

CORRECTION: The context menu entries of Quick View did not disappear because of a different explorer.exe or IE SP1. See posting #79

Edited April 14, 2010 by Multibooter

[dencorso]

That installer just replaces Explorer.EXE, AFAIK. It should work just like when you did it manually. There's no uninstall, but that can be done manually also. The registry need not be touched.

[Multibooter]

That installer just replaces Explorer.EXE... There's no uninstall

You're right. I guess mdgx never got around to do it. "Each Fix above copies... into %windir% ...and renames (backs up) your original file from %windir% (if any) to EXPLORER.ORI , used by Uninstall (see below) to restore original file." http://www.mdgx.com/files/EXPLOR9X.TXT

I have to correct my preceding posting #77, the disappearance of the context menu entries of Quick View Plus 10 was caused by my restoring some wrong files after the Tenga infection, not by installing IE6 SP1 or a different version of explorer.exe. I re-installed Quick View Plus 10 under Win98 and the context menu entries for Quick View were back again, Quick View works fine now.

BTW, Quick View Plus 10 is a great tool for Win98. I have it integrated under Win98 with WinRAR, UltraISO, Total Commander and Beyond Compare. To view a .docx file, or many other file types, inside a .rar archive, I just double-click on the .rar, and then double-click on the .docx file in the opened WinRAR window, and a Quick View window opens up, displaying the .docx (or .pdf, .ppt etc) file. When I double-click on a .htm file inside the .rar archive, the .htm file gets displayed inside a Quick View Plus window - inside Firefox. Just amazing, under Win98.

Under Beyond Compare I have created 2 context menu entries, Quick View and Quick Print, so that I can print, for example, a .docx file in the Beyond Compare window. In my particular setup, Quick View doesn't print directly to the printer, but first to FinePrint, where I can preview and select the pages to be printed. Under Quick Print I could also send it to the Acrobat PDFWriter and convert the .docx to .pdf, under Win98 ...

By using Quick View instead of MS Office to view documents, one is much less vulnerable to malware. The acute phase of my Tenga infection started 6 weeks ago when I was in a rush and double-clicked on a .doc file instead of opening it with Quick View. The Tenga-infected file was sleeping inside of Office for about 8 months, and it woke up when I used MS Office by mistake.

I wasn't able to get Quick View 10 to work with WinImage v8.1. When I double-click on a file in the WinImage window, only a blank Quick View window opens up, apparently the file name is not passed thru to Quick View. What parameters should I add under WinImage to the Viewer path specified in -> Settings -> General? With Beyond Compare I use for example H:\QuickView\PROGRAM\qvp32.exe %f

Edited April 14, 2010 by Multibooter

[dencorso]

I do like the new My Computer icon of the mdgx-installer better than the previous icon, but how could I get the old icons back?

The easiest way to do it is this: keep the old version of explorer.exe renamed to any other extension (.ori will do OK) in any convenient folder of your liking or even in c:\windows. Then right-click the desktop and find the tab that shows the especial icons. Select the icon you want to change and point it to the old icon in the old explorer file. If this generic explanation is too vague, I can give you a step-by-step one as soon as I'm using 98SE (but, at the moment I'm on XP).

[LoneCrusader]

I do like the new My Computer icon of the mdgx-installer better than the previous icon, but how could I get the old icons back?

The easiest way to do it is this: keep the old version of explorer.exe renamed to any other extension (.ori will do OK) in any convenient folder of your liking or even in c:\windows. Then right-click the desktop and find the tab that shows the especial icons. Select the icon you want to change and point it to the old icon in the old explorer file. If this generic explanation is too vague, I can give you a step-by-step one as soon as I'm using 98SE (but, at the moment I'm on XP).

While we're on this subject, I have a question.

I have been trying out some of the various "updates" that are available here on a test 98SE system (USP, 98SE2ME, etc) in preparation for the new system I'm building. While I love the idea of adding new functionality, I (in most cases) do not care for changing how my system looks. I might be able to get used to some of the Windows ME desktop icons, but there's one specific thing that really irks me... I do not like the Windows ME Recycle Bin icon. I know how to change the ones on the desktop with the same method described here, but that does not change the one on the tree view inside Windows Explorer. Is it possible to change this?

[dencorso]

Yes. But you'll need Resource Hacker and some patience... Get the version of Explorer that has the icon you like. Save all resolutions of it to .ico files and then import them to the most updated (the one you intend to use) version of explorer. Resource editing is the best and most definitive way of doing it.

@Multibooter: Now that you've got things under control, you might give your machine a once-over with the latest version of the great freeware AVG Rescue CD, just to be on the safe side.

[victorhugo289]

Aaargh, I'm sorry I cound't read all of your posts because this thing happened to me!

I got infected by the Tenga virus.

Actually I have the file that carried the virus, you want it??

No, it doesn't affect Windows 98, Windows 98 is not vulnerable to Tenga, at least not in my case, it affects Windows XP, totally.

The virus came in a game that I downloaded from the Internet, an .exe file for the game Quake2, it installed perfectly on Windows 98 and I can play the game every day perfectly.

But recently I wanted to install that game on an XP machine and BANG!!!!

Yes, it came to life!

It is there, in the .exe file, virus Tenga.

The virus is old enough to be successfully dealt with by todays free Antiviruses but I had no antivirus, silly me, haha, Avast resident scanner would have detected it immediately and quanrantee it.

Now I will search for the file again and I will upload it so you can check it out and maybe...test it, idk.

Just search for an .executable for the game Quake2.

Mind you: you can install that game on Windows 98 no problem, but please don't click it under Windows XP, you'll be dead unless you have an antivirus. Ok.

[dencorso]

Do *not* upload a file known to be infected to MSFN, please!

In case anyone wishes to test it, they should contact you by PM, and arrange for the transfer, but *outside* MSFN.

Thank you for your cooperation and understanding.

[victorhugo289]

Do *not* upload a file known to be infected to MSFN, please!

In case anyone wishes to test it, they should contact you by PM, and arrange for the transfer, but *outside* MSFN.

Thank you for your cooperation and understanding.

Actually I spoke too fast, I really don't know how I got this virus, I'm not uploading anything, don't worry.

[Guest wsxedcrfv]

I got infected by the Tenga virus.

Actually I have the file that carried the virus, you want it??

Upload that file to virustotal.com and tell us which AV products detect it as malicious.

[submix8c]

Actually I spoke too fast, I really don't know how I got this virus

I got infected by the Tenga virus.Actually I have the file that carried the virus, you want it??

Upload that file to virustotal.com and tell us which AV products detect it as malicious.

Hmmm.... "File Unknown"...

[Multibooter]

No, it doesn't affect Windows 98, Windows 98 is not vulnerable to Tenga, at least not in my case, it affects Windows XP, totally.

The virus came in a game that I downloaded from the Internet, an .exe file for the game Quake2, it installed perfectly on Windows 98 and I can play the game every day perfectly.

But recently I wanted to install that game on an XP machine and BANG!!!!

I suspect that the Tenga virus works via the indexer of MS Office. Tenga infects .exe files regardless of the specific MS Windows operating system.

I would speculate that on the Win98 computer you did not have MS Office installed, so Tenga didn't work, while on the WinXP machine you did.have MS Office installed.