Apple Event as it happened | Apple October Event live blog: Apple unveils new MacBook Pro at…
I have a virus which I clean with AVG free edition. The report says that the file has been cleaned. Without connecting to my e-mail or web it re-appears almost immediately. It appears in C:\program files\EHC\hc2\printers\troubles.hoo\images\epl.bmp.shs. Has anyone any ideas how to get rid of it.
Thank you Alcudia. I am using XP. I disabled S/R and cleaned. The virus came back immediately. I have re-enabled S/R. What else can I do.
What is the virus name please, then I may be able to forward instructions for manual removal.
Remember to delete the infected e-mail.
After sending this mail to someone I know here is what he said: (I didnt notice)
Nice to hear from you!
epl.bmp.shs is a dual extension, look, the name of the file is epl, then the .bmp.shs is the extensions.
However I believe he is using AVG by what it says on the e-mail you sent me, it includes hidden (dual extension) detection, which most common viruses using this to probe you to open the file AVG has decided to detect the file.
However the .bmp, tricks you to think it is a Bitmap file (image) however the file is a .shs
This at first sight makes it harder to think it is a virus. Here is information on the .shs extension: click here
The .shs extension is used by a few viruses in the wild, here is the methord being used as a .txt.shs to disguise a virus: click here
Gareth, I hope I have been of help to you,
Flamewall Security Virus Response Lab
The scrap file can be named with most any extension to make it look like a benign file (e.g., .GIF, .JPG, .TXT, etc.) and then Windows adds the .SHS extension to that. In most cases, even if you have Windows set to show all file extensions, the .SHS extension will not show up after you've saved the file to disk (it should be visible as an attachment to an E-mail message). This can make scrap files more dangerous as they can easily appear to be something they are not just by giving the file a benign name.
Windows assigns "RUNDLL32.EXE SHSCRAP.DLL, OPENSCRAP_RUNDLL %1" to the .SHS extension by default and, when opened, Windows will unpack the scrap file and open or execute whatever is in the file. You will have no control over this once you attempt to open the scrap file.
There is really never any reason for anyone to send you a scrap file. If you ever receive one via E-mail you should delete it without attempting to open it. Tell the sender to send you the actual object instead if you think there was something useful involved. The main reason is that scrap files can easily hide code without any indication of what that code really represents so there is no guarantee the scrap file will be what you think it is.
Run your computer over with click here - Active scan,
If it finds anything it will remove it.
Ensure Unknown virus detection is enabled!
Hi Gaz 25
thanks a lot. I can't pretend that I understand it all. I still have a problem. In your final missive you ask me to ru a "click here". When I click nothing happens. Also how do I enable 'unknown virus detection.
Ok type excluding the spaces: http :// pandasoftware .com/activescan
Once you go there a page will load, click 'Scan your PC'
Once the box Opens, click next >
Then it prompts for an e-mail address, enter: [email protected]
Then click next>
Wait while it downloads the files, click yes if it asks, THESE ARE SAFE.
Then once you have the main Panda Active scan interface, there is a list with ticks in, one which hasnt: Detect Unknown Viruses, Put a tick in that Box.
Once done so, click 'All my computer'
This will scan your PC for viruses, once it has finished you can then chose to send the file to panda for a test via the lab or you might be able to remove it.
This thread is now locked and can not be replied to.