Spyware, Viruses, & Security forum

General discussion

My first virus

by michhala / May 24, 2005 5:59 PM PDT

A friend and I simultaneously did a Google Search for the lyrics to "Summertime" We were both on a George Gershwin website when we both received this Virus Alert popup from NAV 2005:

"Virus Alert -- High Risk -- Norton has detected a virus on your computer -- TrojanAlwayUp -- Object name: C:\Documents and Settings\aun_0015[1].exe --Norton could not repair file"

I did a full system virus scan and nothing showed up.

I have never had a virus and although I read this forum diligently, I am not sure what to do first. My defs are up-to-date.

Dell Dimension 8250
Pentium 4 2.66 GHZ
Windows XP (SP2)
80 GB 7200 Ultra ATA
AOL/DSL 9.0 Optimized
NIS 2005

Discussion is locked
You are posting a reply to: My first virus
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: My first virus
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Hi Miki
by roddy32 / May 24, 2005 9:29 PM PDT
In reply to: My first virus

Depending on how you have the options set up, NAV MIGHT have deleted the virus when it couldn't get repair it and not notified you. I have mine set to do that. I would check the activity log under threat alerts. If it does not tell you that it deleted it, I would do a scan at Housecall for a second opinion to make sure you are OK.

Housecall (using IE with Active-X)

Housecall (all browsers using java)

Collapse -
by michhala / May 25, 2005 4:01 AM PDT
In reply to: Hi Miki

Roddy -- There is a general outage with my DSL on the West Coast, so I am using dial-up and everything is slowed up.

I tried the first Housecall using Active-X but the page would not fully load.

I tried the second and was told I needed to download the latest Java VM. I checked off the box to try using what I have and nothing happened. I hesitate to download the VM until I checkout Windows Update.

Need to get outta here now -- I am in the throes of a selling my house and moving and all is a mess Happy


Collapse -
OK Miki, Good luck with
by roddy32 / May 25, 2005 4:25 AM PDT
In reply to: Housecall

the moving, don't get lost on us and like I said in my last post, I think you are OK anyway. Grin

Collapse -
Roddy -- Housecall
by michhala / May 25, 2005 7:29 PM PDT
In reply to: Housecall

HI Roddy -- Finally able to use my DSL and Housecall. Housecall scanned my entire computer and nothing showed. I also scanned my friend's computer with Housecall, and that computer was O.K., too.

I hope this means all is well in Miki's computer. Can I stop worrying now or is there more to do?


Collapse -
Hi Miki, I think you are fine and
by roddy32 / May 25, 2005 7:54 PM PDT
In reply to: Roddy -- Housecall
Collapse -
Hi again, Roddy
by michhala / May 25, 2005 10:20 PM PDT

I forgot to mention to you in my reply to your yesterday post that my temp internet files are cleaned out so many times a day that I am embarrassed to give a number Happy -- it is done when I log on and off to AOL/DSL.....

Thanks for your help......Miki

Collapse -
(NT) (NT) You are welcome Miki. :D
by roddy32 / May 25, 2005 10:33 PM PDT
In reply to: Hi again, Roddy
Collapse -
picked up something similar yesterday
by dawillie / May 24, 2005 11:43 PM PDT
In reply to: My first virus

from of all places a Nat King Cole website.

MSAS detected it and allegedly deleted it.

then SpyBot also picked it up and I was able to clean it.

it was located in c:\documents and settings\my name\local settings\ temp\name of malware.

to confirm you do no thave it, please scroll to where your O/S is and the file path as above.

It can be deleted from there.

david williams

Collapse -
Thank you Roddy and dawillie
by michhala / May 25, 2005 3:44 AM PDT

My NAV Threat Alerts Log Viewer recorded two separate entries -- Access Denied and Repair Failed.

Reported as C:\Documents and Settings\Miki\Local Settings\Temporary Internet Files\Content.IE5\SDUVKLMR\aun_0015[1].exe

I did a Search for all Content EI5 folders (3) and could not find anything in the SDUVKLMR folder. I will do the Housecall scan and get back here this evening.


Collapse -
From what your log says Miki, it looks
by roddy32 / May 25, 2005 3:50 AM PDT

like the repair failed so NAV denied access which would explain why you can't find it on the computer. I would still do the housecall scan but I think you are probably OK. I would also delete temporary internet files.

Collapse -
C:\Documents and Settings\Miki\Local Settings\
by dawillie / May 25, 2005 4:34 AM PDT
C:\Documents and Settings\Miki\Local Settings\Temporary Internet Files\Content.IE5\SDUVKLMR\aun_0015[1].exe

Use either your search function or what I suggested in my previous post to delete ALL files in this setting.

then re-scan.

you should be clean.

Collapse -
C:\Documents and Settings\Miki\Local Settings\
by michhala / May 25, 2005 7:36 PM PDT

Hi, David -- I had already checked all three Content.IE5 folders and the one that NAV reported (SDUVKLMR\aun_0015[1].exe). The latter, and all others contained original single desktop.ini files only.

C:\Documents and Settings\Miki\Local Settings\Temporary Internet Files\Content.IE5\SDUVKLMR\aun_0015[1].exe.

Since Housecall gave me an all-clear, I am hoping I can rest easy for now........but if you think I need to do anything more, please let me know.


Collapse -
(NT) (NT) if you are clear, no worries.
by dawillie / May 26, 2005 12:36 AM PDT
Collapse -
dawillie -- if you are clear, no worries.
by michhala / May 26, 2005 5:48 AM PDT

I appreciate your words.....thank you....miki

Collapse -
aun_0015 trojan and housecall
by shumiron / June 3, 2005 12:59 AM PDT

I read your posts about housecall detecting this trojan. I encountered a similar issue with a music website and an immediate warning from McAfee. I ran Stinger which said I was clear, but then ran housecall after reading these posts, and aun_0015 was found in the similar directory as Miki. Housecall said the file was uncleanable. I chose the delete option and rescanned 2 times and housecall failed to find any more infections. I also deleted all files in temp internet folder. Should I consider myself clear?


Collapse -
aun_0015 what were you doing on music site?
by michhala / June 3, 2005 4:30 AM PDT

For my own information:

Were you downloading music? I was searching for lyrics on Google. When the search brought me to the proper website and before the page loaded and lyrics appeared is when I saw Norton's Trojan warning popup. (I am probably the only member of a huge dance comunity who will not download music).

What entries were in your AV log? My NAV 2005 had two entries re the Trojan -- first entry was file could not be repaired; second was access denied.

I am thinking I am clear and hope the same for you.


Collapse -
You both are clear.
by dawillie / June 3, 2005 4:35 AM PDT

pity Gershwin had to be infected, 'it's wonderful, it's marvellous'.

Collapse -
I like the Eagles too.
by shumiron / June 3, 2005 5:36 AM PDT
In reply to: You both are clear.

I was unaware that just opening a Googled link can cause a file to be immediately sent to my computer. I guess since I failed to run the .exe I was able to delete it without any harm.

Collapse -
You both are clear.
by michhala / June 3, 2005 6:57 AM PDT
In reply to: You both are clear.

>>pity Gershwin had to be infected, 'it's wonderful, it's marvellous'.

's'wonderful.......that you should care for me'............ da da dum da dum. Happy It is indeed unfortunate that Googling George is not a safe practice.


Collapse -
Googled The Eagles
by shumiron / June 3, 2005 5:31 AM PDT

I Googled the Eagles to see about Joe Walsh. When we opened one of the links we got the McAfee warning. Never actually did anything else on the site. No downloads either.

Collapse -
(NT) (NT) shumiron -- we were both fortunate....miki
by michhala / June 3, 2005 6:59 AM PDT
In reply to: Googled The Eagles
Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?