-
August 18th, 2004, 06:49 AM
#1
Senior Member
Trojan Horse
im using AVG as my anitivirus
and it detected a TROJAN but it seems not it couldnt delete it or MOVE TO VAULT or HEAL it.
and here are the following detected TROJANs
Trojan Horse Downloader.Agent.2.V
Trojan Horse Downlaoder.Agent.2.S
Trojan Horse Downloader.Agent.2.U
Trojan Horse Dropper.Delf.3.L
Trojan Horse Cliker.AJ
Trojan Horse Downloader.Rameh.E
Trojan Horse.1stbar.3.BN
Trojan Horse Downloader.VB.4.B
Trojan Horse Dropper.Exebundle.Ah
Trojan Horse.Keenval.N
I also tried the online scan MICRO TREND
it didn't detect any of this trojans
POST PLS.
-
August 18th, 2004, 07:00 AM
#2
I think its most likley in the drive:/System Volume Information folder, which is not accessable, i had the same problem..
boot to safe mode...open a folder, go to tools->options and enable viewing Protected SYstem Files....Right-click the System Volume Information folder in the root folder, and then click Sharing and Security...clikthe Security tab.
then click add, and then type the name of the user to who you wanna to give access to the folder(your username is usually good enough, and click find or search when u enter ur username, it will add the correct location of the username) . Click OK, and then click OK.
And now you're able to access the folder, you can see which files AVG found and remove them manually or let AVG remove them....if this doesnt help, post again !
Im assuming your running XP from your profile info !
-
August 18th, 2004, 07:08 AM
#3
As Wav has suggested is one way of doing it.
My self, I am lazy and would rather let a good tool do all the hard work. And for a good tool, I would suggest either SwatIt (Freeware) @ http://swatit.org/ or The Cleaner (which has a 30 free trial) @ http://www.moosoft.com/
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
August 18th, 2004, 07:15 AM
#4
Actually, the simple fix would be to turn off system restore and run AVG again in safe mode logged in as the administrator.
Wav (Memory, Nemory, Encrypt_This, Sysadmin1984) you need to take the vacation that the mods told you to take. I realize that you're trying to help with this post, but the community as a whole is pretty well fed up with you....take a hint and take a hike.
Al
It isn't paranoia when you KNOW they're out to get you...
-
August 18th, 2004, 08:05 AM
#5
Junior Member
If they are in the Restore volume, follow the suggestion from allenb1963. He is right on the mark.
If not......
Sometimes AVG, or other AV scanners, can't remove viruses even if they don't reside in the Restore volume. They are a running process with system attributes. Trying to delete them manually will often times fail in the Windows GUI. Here is something I found that works well.
Get the free tool called Process Explorer from Systernals.
Process Explorer
It comes in 3 flavors: NT, 9X/ME, and 64 bit. Get the one that matches your system.
This tool will give you more info on the running processes on your computer. Make note of the suspicious processes and their locations. Also note other processes below it in the process tree, if they exist. You will need to eradicate all of them to rid yourself of the infection. Also note any known needed system files that are below the offending file in it's process tree. Chances are the legit file is corrupted and will need to be reinstalled from a clean source, such as your install CD. If you aren't sure if it is a needed file of not, ask Google. He is your friend.
Then, uncheck the boxes for all instances of these files in MSCONFIG in the Startup tab.
Then, start REGEDIT and delete ALL entries for these files in ALL the registry Run keys in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
and in
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
Next, with list in hand, boot to a command prompt. Boot with a floopy or restart to "command prompt only" in 9x or ME. Boot with your CD in XP and go to Recovery Console. Navigate to the unruly files' directories. Change the file attributes with:
ATTRIB filename -R -A -S -H
This clears the files protected attributes.
then
DEL filename
This deletes the file.
Bye bye virus files.
Best of luck. Hope this helps you.
-
August 18th, 2004, 10:52 AM
#6
Symantec's Virus Encyclopaedia (http://www.symantec.com/avcenter/vinfodb.html) has a wide range of viruses, and explains how to remove them. If you can't find it there, try AVG's own Virus list at: http://www.grisoft.com/virbase/virba...earch&type=web . If not, you can just search in google.com for removal instructions, and it's done! No more viruses!
EDIT
As some1 above said, make sure to take off System Restore first!
-
August 18th, 2004, 12:38 PM
#7
As some1 above said, make sure to take off System Restore first!
Yes we say this not because our health improves by doing so.. but because it Works just because many help forums seem tto get off with drivel and never advise to disable system restore OR Clear the PreFetch Folder (win xp) when removing Malware.. The clearence rate is very low.. re-infection is high, why? because the restore files were not cleared correctly/completly/at all..
Be sure to check the Registry entries for these buggers as well.. Do a manual search of the Registry on the file names identified.. some Av's and Cleaners may miss some reg entries.. Some of this crap relies on reinfection by placing key's in the reg.. cool huh..
Hey Guys.. Had a machine that had been laced with Adware trojans, CWS and friends.. the customer had only signed on with an ISP 3 days earlier. the machine had become slow and some sites wouldn't come up when on the net. A "friend" advised that the hdd was full and to clean the HDD.. Well that they did.. they got rid of ALL the un-needed files.. the TMP, the CAB.. and what the F are these DLL's yep deleted..
trouble is they didn't remove any of the CWS, and misc downloader trojans, and porn dialers..
they musta deleted a lot.. the 10g Hdd (with win 98se) had 94% free space.. Good advice huh?
hey Wav.. have a play with BartPe.. very handy.. very..(very dangerous if you don't know what you are doing too)
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 19th, 2004, 12:07 PM
#8
Senior Member
I decided to run AVG at safemode and logged as a administrator
but my problem is i couldnot enter safemode.
after pressing F8 at choose safemode with networking and then logged as administrator but when configures its personal settings it suddenly restarts.
I tried many times guys to enter safemode but im not luckly enough to enter it.
could anyone help in this problem. its giving a hardtime entering at safemode.
POST PLS.
-
August 19th, 2004, 03:13 PM
#9
Did you try regular safe mode (without networking)? You have no need for networking to do the task you are wanting to do. If all else fails, log on as a normal user and turn off your system resore and run AVG. Go download AdAware and Spybot and run both of them. Those 3 programs should be able to clean your system out.
Al
It isn't paranoia when you KNOW they're out to get you...
-
August 23rd, 2004, 07:22 AM
#10
Senior Member
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|