[ QUOTE ]
Sigman said:
This virus "crept up" on me a couple days ago...same scenario. My Antivirus ware immediately caught it and in the AV window that "popped up"...it looked like the file had placed itself 3 times in my "Documents/Owner/Local settings (a hidden directory)/and on into a couple more folders deep in that path", the final directory ended up being a temp internet file folder.
The first instance of the file had been "deleted" by my AV wares. The second two appeared to still be there.
I immediately disconnected from the web, closed everything down, deleted everything in that folder, then ran a complete scan on my system with my updated AV wares.
Sometimes a virus will also get to your "backup" files (XP roll back) and one needs to delete those backup files as well.
My system appears clean at this time. It was listed as a "trojan" as you have said and "hopefully" nothing activated it in the time it took me to get rid of it.
It appeared as I was surfing and don't know which website it came from..one thing I know though, as soon as I am aware of such an "infiltrator" - I shut down and clean up the system!
[/ QUOTE ]
Interesting. This trojan might be more prevelant than Mcaffee made it sound. Two of us in three days getting the same virus that post on the same board seems like this virus is common. I only had one instance of it listed after running the manual scan.
It was called Exploit-mhtdedir.gen when Mcaffee first detected it (as soon as I entered the site). Then, after running the virus scan the name was "Exploit-byteverify". I quaranting the byteverify one and then deleted it, and then turned off system restore as Mcaffee suggested. I think (and hope that the Exploit-mhtdedir.gen) was autocleaned/deleted by Mcaffee Activeshield. This is really frustrating, I am always careful about going to legit sites and don't open up strange emails. Yet, I still get a trojan despite being at a site that I recall being to in the past.