Avast WEBforum
Other => Viruses and worms => Topic started by: yustinus on April 11, 2008, 04:18:41 AM
-
Trojandownloader.XS attach my PC. Avast can handed it?
-
There are numerous trojandownloaders, the problem the names are meaningless as there is no standard naming convention for naming malware, so it could have many different names for different AV companies.
avast can detect trojans but there is no guarantee that it has this ones signature for detection. How do you know you have this trojan downloader, e.g. what detected it and what was its file name and location ?
If something detected it why couldn't it deal with it ?
If you have another AV installed (which is ?) you can't just install another AV as they could conflict, you should only have one resident AV installed, though you could also try an anti-spyware program.
If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode.
1. If using winXP or Vista SUPERantispyware (http://www.superantispyware.com) On-Demand only in free version. Or Spyware Terminator (http://www.spywareterminator.com/) Resident scanner (if you use this don't install the toolbar or crawler or the anti-virus module). Or a-Squared free (http://www.emsisoft.com/en/software/free/) On-Demand only with free version(if using win98/ME).
-
If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:
1. Disable System Restore on Windows ME (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887), XP (http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405) or Vista (http://support.microsoft.com/?scid=kb%3Ben-us%3B936212&x=6&y=13). System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3. To use System Restoration it's necessary to disable avast! self-protection: avast! settings > Troubleshooting > Disable avast! self-defence module then start a System Restore.
2. Clean your temporary files. You can use CleanUp (http://www.stevengould.org/downloads/cleanup/) or the Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features for that.
3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (http://support.microsoft.com/default.aspx?scid=kb;en-us;315222) (repeatedly press F8 while booting).
4. It will be good if you download, install, update and run SUPERantispyware (http://www.superantispyware.com) or Spyware Terminator (http://www.spywareterminator.com/).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
About legit antispyware applications or the bad ones: http://www.spywarewarrior.com/rogue_anti-spyware.htm#sites
5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp) for XP/Vista. For XP only: Panda (http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx).
6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here and, specially, scan and submit to on-line analysis the RunScanner (http://www.runscanner.net/) log would help to identify the problem and the solution.
7. After you're clean, use the immunization of SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or, which is better, the Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features of spyware/adware cleaning and removal.
8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/) to update insecure applications and avoid reinfection.