Is there any way to clean the dengue virus from a machine without reformatting the hard drive?? Any help will be greatly appreciated.

------------------

Is it still on your machine now? From reading a little about it, it looks like it messes with your current AV files. I saw no removal procedures though.

If you still have it, here is a link to a free online virus scan by Trend. This should detect it, and hopefully remove it.
http://housecall.antivirus.com/

------------------
Moderator at Help from Techs Support Forums (http://www.helpfromtechs.com)

Hi Manunkind,
A different machine than this one. The infected machine went through housecall.antivirus.com but the problem is that the virus now moves faster than the scan...page fault errors come up and stop all progress. Thanks for your good advice, all the same. I think Trend is a real boon to users.



------------------

Trend virus profile:

PE_DENGUE
Risk rating: low
Virus type: File Infector
Destructive: Y

Aliases:
DENGUE, W32.Dengue, Win32.CTX.10853, Win32.CTX.6886 ,

Description:
This is memory resident polymorphic Win32 virus infects EXE, SCR, and CPL in the subdirectories of all local hard drives. It also deletes several antivirus checksum files.

Tech Details:
PE_DENGUE

In the wild: No
Trigger condition 1: Upon execution
Payload 1: Delete Files (deletes antivirus checksum files)
Detected by pattern file#: 786
Detected by scan engine#: 5.17
Language:
English
Platform: Windows
Encrypted: Yes
Size of virus: 12, 322 Bytes

Details:
Upon execution, this virus invokes its decryption algorithm. Since the virus employs multiple-layer polymorphic engine, it makes detection difficult. The number of decryption layers as well as the routine varies randomly.

The virus then locates the Windows application, EXPLORER.EXE, in the system memory and patches some of its code to it. Then the virus goes resident by placing its code in the system memory.

Once the infected EXPLORER.EXE is loaded into memory and the patched code is invoked, the virus gets control. At this time it scans all local drives and infects all EXE, SCR and CPL executables. The virus also deletes the following antivirus checksum files: AVP.CRC, ANTI-VIR.DAT, CHKLIST.CPS, CHKLIST.MS, and IVP.NTZ.

This virus implements Entry-point Obscuring technique to make detection by antivirus difficult. In this method, when the infected file is executed, the virus does not immediately get control; it gets control only when the patched code is executed. It also has several anti-debugged routines, which are capable of detecting both the application level as well as the system level debugger such as Soft-Ice.

The following text is part of the encrypted virus code:

<Dengue Hemorrhagic Fever BioCoded by Griyo / 29A> Disclaimer: This software has been designed for research purposes only.
The author is not responsibly for any problems caused due to improper or illegal usage of it



Try disabling yourt antivirus and running Housecall...

------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.