Trojan:Win32/Boaxxe.C

All Replies

• Tuesday, 25 December, 2007 9:18 PM

  Moderator

   

   
  

  0

   

  Are you getting a Quarantine failed message? If so, see this post - 

  See this post for information about Quarantine Failed - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=1548384&SiteID=2

   

  You may be able to remove the infected file in Safe Mode. http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=1215336&SiteID=2

   

  And, if you are unable to remove the infection, please contact OneCare support for assistance.

   

  How to reach support - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

  If it fails to validate your subscription, select the option that you are using a trial or beta copy and you can proceed to email support without validation once you've signed in.

   

  -steve

   
• Thursday, 27 December, 2007 5:32 PM

   

   
  

  0

   

  I am getting a 'quarantine failed' message.  The corrupted file's location  is Win32/Boaxxe.C/browseui(3.dll.  It is thus a system file.  I can't delete it and and I can't restore it without re-installing windows??  That is the evil I am trying to avoid as I don't want to have to download the tons of data on the computer. 

   

  I have tried deleting it in the safe mode and I get the same result as with a full boot -  a prompt saying it can't be removed.  Apparently, the file is being booted with the windows system and it can't  be removed or deleted while it is running. 

   

  I have updated OneCare several times and re-run the scan each time.  I still get the same result. 

   

  The prompt is coming up every time I click to go to a new web site. 

   
• Thursday, 27 December, 2007 6:19 PM

  Moderator

   

   
  

  0

  Pattypye wrote:

  I am getting a 'quarantine failed' message.  The corrupted file's location  is Win32/Boaxxe.C/browseui(3.dll.  It is thus a system file.  I can't delete it and and I can't restore it without re-installing windows??  That is the evil I am trying to avoid as I don't want to have to download the tons of data on the computer.    I have tried deleting it in the safe mode and I get the same result as with a full boot -  a prompt saying it can't be removed.  Apparently, the file is being booted with the windows system and it can't  be removed or deleted while it is running.    I have updated OneCare several times and re-run the scan each time.  I still get the same result.    The prompt is coming up every time I click to go to a new web site.

  You should contact support to get help with removing that file. OneCare is blocking it, but you'll want it off. You will not need to reinstall Windows as the trojan has simply placed a file where it is protected from casual removal.

  -steve

   
• Thursday, 27 December, 2007 7:22 PM

   

   
  

  0

   

  Will you please post a link to the proper site to get help? I have perused every link on this web site and contrary to the use of the word 'live' I have found no place to talk a tech.  To be sure, I am new to this site but I do not find it user-friendly.
   
• Thursday, 27 December, 2007 7:38 PM

  Moderator

   

   
  

  0

  How to reach support - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

   

  As described in that FAQ post, you reach support by clicking Help in OneCare. In the first window that appears, click

  "Show me more topics"

  That opens Instant Help in your browser.

  Click "Get More help" in the lower right hand corner.

  Then click "Get support" on the next page.

  The page refreshes with a "wizard" that you fill out. It will attempt to validate your subscription status and if it is successful, you are presented with phone, chat and email support options. If it cannot validate your subscription status, you need to select that you are a trial user and proceed with email support.

  -steve

   
• Thursday, 27 December, 2007 11:55 PM

   

   
  

  0

   

  Thank you.  By using your explicit instructions I was able to send an email describing my problem.  I must comment that this is a circuitous route.  Why not just put the "get support" on the first page without putting your customer through that maze?
   
• Friday, 28 December, 2007 2:50 PM

  Moderator

   

   
  

  0

  Pattypye wrote:

  Thank you.  By using your explicit instructions I was able to send an email describing my problem.  I must comment that this is a circuitous route.  Why not just put the "get support" on the first page without putting your customer through that maze?

  "Circuitous" is kind, Pattypye. I *abhor* the support flow. I used to be able to refer people directly to a link for email support validation and I was also able to direct people to a link where, once signed in with the LiveID for an active subscription, all available support options were immediately displayed without having to go through any further validation. For some misguided reason, these avenues have been closed and the current flow is the only valid way to proceed.

  I say misguided, though I understand that the reason for this was to prevent trial users from gaining access to phone support and to guide paid users to the Help information to prevent the call in the first place if the answer could be gleaned from the Help information.

  Thanks for reporting that the steps I listed in my previous reply got you there. I'll use them to edit the FAQ post as it will likely help some frustrated customers.

  -steve

   
• Saturday, 29 December, 2007 12:34 AM

   

   
  

  0

  Patty,

   have the same boaxxe.c  did you finally solve the issue please post when you do

   

  thanks

   
• Sunday, 10 February, 2008 9:14 PM

   

   
  

  0

  Hi.

   

  Lots of usefull information here. I am getting the exact same behavior, but OneCare is calling it Trojan:Win32/Boaxxe.B
  and not Trojan:Win32/Boaxxe.C.

   

  When I click for more information, I get taken to the following link  http://onecare.live.com/standard/en-ie/virusenc/virusencinfo.htm?keyword=avencyclopedia&name=Trojan%3aWin32%2fBoaxxe.B but it does not give me any information about the filename or the location. So, I haven't even tried to delete it manually. I have no idea where the file might be, or what it's name is. Perhaps you could tell me.

   

  Everything is identical to what I have been reading in this Forum. And you are absolutely correct about the support flow. Not exactly intuitive!

   

  Anyway, I have posted my email to Microsoft Support according to the the instructions you gave. Hopefully, they will help me with the issue. It seems enough people are having this issue, they they would have a correction available in their Virus and Spyware Definitions or in the algorithm used to clean it.

   

  Thanks very much!

   

  ps. Is there a difference between the Win32/Boaxxe.B and Win32/Boaxxe.C?

   
• Monday, 11 February, 2008 2:04 AM

  Moderator

   

   
  

  0

  The different name would indicate a variant of the threat.

  Open OneCare, click on Change Settings, click on the logging tab, and then click on Create Support log. Scroll down to the Virus and Spyware section and you should find details on the infection and location.

  -steve

   

   
• Wednesday, 13 February, 2008 3:51 AM

   

   
  

  0

  So, is there any way to remove this item? If windows Live OneCare can't remove this then it is useless to me. I just need to know if Windows Live OneCare can remove it or not. A simple yes with the associated instruction or no is all that is required.

   

  Thanks!

   
• Wednesday, 13 February, 2008 3:32 PM

  Moderator

   

   
  

  0

  Joseph_USArmy wrote:

  So, is there any way to remove this item? If windows Live OneCare can't remove this then it is useless to me. I just need to know if Windows Live OneCare can remove it or not. A simple yes with the associated instruction or no is all that is required.   Thanks!

  I can't give you an explicit yes or no answer.

   

  If OneCare reports Quarantine Failed, then you will need to follow the instructions above to determine where the infection is located. You can then try to remove the infected file manually (if it resides inside a zip archive or email attachment, for example) or boot to safe mode and scan that location to see if it can be removed. http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=1215336&SiteID=2

   

  If not, then you'll want to follow the instructions in this post, http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=662566&SiteID=2, to report a virus that is not cleaned by OneCare and to get help in removal.

   

  -steve

   
• Saturday, 16 February, 2008 5:06 AM

   

   
  

  0

   

  You can try to run OneCare Safemode AntiVirus Scan

   

  To use this tool, follow these steps:

  1.	Restart the computer in safe mode.
  2.	Click Start, click Run, type cmd, and then press ENTER.
  3.	Type the following command, and then press ENTER: cd %PROGRAMFILES%\Microsoft Windows OneCare Live
  4.	Type SafeModeAVScanner - s and then press ENTER