Avast WEBforum

Other => Viruses and worms => Topic started by: Calafalas on March 13, 2004, 09:22:23 AM

Title: Win32:Trojan-gen {VB} - can't get rid of it
Post by: Calafalas on March 13, 2004, 09:22:23 AM

So, apparently I got this from entering a website

the file regnxch1.exe located at the system folder is infected - I've tried the disabling restore system thing, but I dunno what to do next, I still can't get rid of it!

When I try to delete or repair via avast it says it can't process - and that the file is being used.

I don't know what to do.

Calafalas

Title: Re:Win32:Trojan-gen {VB} - can't get rid of it
Post by: Eddy on March 13, 2004, 09:25:29 AM

Several options to deal with it:

1) Close the prog/process that is using that file, then let Avast take care of it.

2) Boot in safe mode then run Avast

3) When Avast detects it, enable "remove on next boot when needed"

Title: Re:Win32:Trojan-gen {VB} - can't get rid of it
Post by: Calafalas on March 13, 2004, 04:56:16 PM

Quote from: Artras on March 13, 2004, 09:25:29 AM

Several options to deal with it:

1) Close the prog/process that is using that file, then let Avast take care of it.

2) Boot in safe mode then run Avast

3) When Avast detects it, enable "remove on next boot when needed"

Thank you - I don't know which program is using that file, but I'll try number 3.

Title: Re:Win32:Trojan-gen {VB} - can't get rid of it
Post by: Calafalas on March 14, 2004, 04:28:16 PM

okay - I tried number tree - didn't work!  :(

How do I disable the program that is using the file? How do I know which program it is?

Title: Re:Win32:Trojan-gen {VB} - can't get rid of it
Post by: Eddy on March 14, 2004, 04:48:46 PM

You can get a free process viewer from here > http://www.teamcti.com/pview/prcview.htm That might show you the process you need to kill.

Title: Re:Win32:Trojan-gen {VB} - can't get rid of it
Post by: whocares on March 14, 2004, 06:07:27 PM

Hi,

what WIN do you have ?
Where exactly was the infected File found  (full pathname and filename) ?

test the file with OnlineScanners e.g. from Trend & KAV (see below) to get a more specific name
(you need to temporarily disable AV-Resident Shields/Monitors to be able to scan the file online)


-remove the Virus/Malware and it's system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky;
you might also try searching for the virus name or filename with google

general removal procedure:
- disable system restore on Win ME/XP
- best reboot in SafeMode (F8-Boot)
- kill respective Backdoor/Trojan process with task manager (if it still exists in safe Mode)
- search for the file/process names in the registry; remove the malware's startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot
 

-Secure your system (change passwords, secure shares, install patches/updates for WIN, IE etc..)
-scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro to check whether your PC is clean ;)
- reenable system restore on Win ME/XP


if it's of the trojan-gen kind: spybot, ad-aware and cwshredder might also help
if you still can't remove it, you could post a logfile of Hijackthis here

see www.lurkhere.com ->nicefiles and www.lavasoft.de

Further Details and Links via the board search above ;)

Title: Re:Win32:Trojan-gen {VB} - can't get rid of it
Post by: Calafalas on March 16, 2004, 09:34:14 PM

oh dear! it all looks so complicated! :o

I'll keep u updated