Trojan detected : how to remove?

[GoldenChild]

Im running avast 4.5 Home Edition, resident scanner is on HIGH.  Windows XP Home Edition SP1.


My resident scanner found two trojans.  I tried to repair/delete but was unsucessful and moved them both to the virus chest.  My comp began to receive errors in the kernal and I got the blue screen of death multiple times, before finally windows would freeze on restart once I got to the desktop.  To solve this problem I decided just to reformat.  I deleted the partion and reinstalled windows, thus I thought solved this issue.  I reinstalled avast, zonealarm, trillian, americas army, nvidia graphic drivers, adaware, spybot s&d and registry mechanic 4.  And then the resident scanner caught the same two trojans once again;
1.  Win32:Trojan-gen.{other}, located in c:\system volume information\_restore-{2b023cc7-b9cb-4a5c-bc2e-501231c84641}\rp4\a0001518.exe

2.Win32:Trojan-gen.{other}, located in c:\windows\system32\vgcard.exe

Is there anyway I can rid my system of these two infections?

Thanks for all the help, great product!

[vmcfabrice]

I have just failed to remove the trojan-gen with ad-aware and other softs to run.
With low knowledge of IT (as I do not understand the long forum messages advising the whole procedure) I am stuck and believe the previous forum writer is in similar difficulty.

I have to live with ads and "about-blank" start page of internet explorer.

What soft would enable me to remove the worm/virus?
I am running on windows Xp, SP2.
thanks for your advises to a non experienced computer user.

cheers

[vmcfabrice]

I have just been running hijackthis..

Attach is the log file for experienced IT specialists to read.

Thanks for reading it and for your advises to remove my trojan-gen virus.

Again, as i connect to internet via IE, avast 4.5 detects this virus on .dll files. Aboutablank is my IE start page! and I get some ads..that are really enoying me.

thanks a lot for your help.

[techie101]

Goldenchild,
Your System Restore is "protecting" the infected files.
Shut off the System Restore and run Avast again, but remember that when you shut off the Restore, you loose all your "restore points" should anything further go wrong.  You will not be able to go back to a "good" point in time.

 

[techie101]

VMC,

Your Hijack This shows a bunch of nasty stuff.
It is simple to correct.  The report gives you the "line reference" such as R1, 016 etc.

With Hijack This running, run the scan and look for the lines mentioned in the Analyzer.  Then click on them.  After you have highlighted the ones you want fixed, tell Hijack This to FIX.  It will ask you to confirm before it fixes the errors.

This is all you need to do.

 

[GoldenChild]

Thanks for the help techie;
one question before I take off the system restore and run avast, do I restore the files to thier original state from the virus chest first?

Thanks again!

[Lisandro]

One question before I take off the system restore and run avast, do I restore the files to thier original state from the virus chest first?

Do you mean the system ones (backup)? I think it won't be necessary.
But if they're infected, then, probably it will be better restore than first. If you can, because they could be in use by the system itself.
My suggestion, don't restore from Chest before disabling the system restore.

[GoldenChild]

I meant restore the infected files, should i restore the infected files before turning the system restore off.

I moved the infected files to the virus chest, and now it doesnt find them when I scan with avast.  I thought I would have to restore them to detect them again for proper deletion.

[Lisandro]

I meant restore the infected files, should i restore the infected files before turning the system restore off.

Of course not... Why would you restore infected files? Am I understanding you correctly? You are going to restore infected files (not the system ones) from avast Chest and then disable system restore? Why?
You can disable the system restore, all restoring points will be lost, clean your system.
Why do you need to restore the infected files from Chest?
I'm only asking to not give you the wrong answer...

I moved the infected files to the virus chest, and now it doesnt find them when I scan with avast.  I thought I would have to restore them to detect them again for proper deletion.

No, it's not the file on the Chest which is 'coming back', but the ones into System Restore folder  

[GoldenChild]

Thanks for all the help!

1. First I took off the system restore, and then restarted.

2. I deleted the trojans and then restarted.

3. I ran the virus scan indepth, which did not catch anything, and restarted to run the boot time scan, which also did not detect anything.

4. Turned back on system restore.
------------------------------------------------------

I hope this took care of the problem, ill book mark this thread just incase it didnt.

Thanks for all the help, avast is awsome. Keep up the great work!

[Lisandro]

GoldenChild, you did it pretty well...  

[harri]

Avast found Win 32-Trojan-gen (other)
File Name C:\WINDOWS\SYSTEM 32\msshed32.exe
I was advised to put it in the chest which I did.  Then went looking as to how to rid my computer of it.  My knowledge and understanding is little.  I came to the forum and found this post, with someone with a similar problem having Trojan-gen.  I followed what was said to do as far as tuning off the restore and restarting.  Then then Golden Child said they "2. I deleted the Trojans and then restarted."   I have 2 questions...
One I am now not sure if turning off the system restore and restarting was the correct thing to do since I have now noticed Golden Child's was in the restore and it looks as if mine is in msshed32.exe....what ever that is.  So first question is..did I follow the correct thing to do?
Second is as far as deleting the trojans...are you talking about deleting that that is listed in the chest, by right clicking and delete?
Hope you can help.
harri

[Eddy]

Delete it from the chest. That file is added by the DELF.EP downloader TROJAN!
I suggest you follow the instructions in the malware removel section on the site in my signature.

[vmcfabrice]

To Techie101,

thanks for your support, I believe I got rid of my trojan by running hijackThis + avast sanning at machine boot. I had to reload one soft after removing a suspicous file that hijack had highlighted.

Also I have lost the blue ball of avast on the windows XP bottom menu which was always indicating the active services. Could you please advise how to configure this back?

Thanks again for your quick support that enabled me to remove the trojan.

[Eddy]

Give a repair of Avast a try.