Avast WEBforum
Other => Viruses and worms => Topic started by: Virusprone on December 20, 2004, 05:07:24 PM
-
Anything I do on the internet after I delete this trojan will cause it to come back. Almost as soon as I delete it, it'll come back. It's called:
polall1r.exe
It invades my C:\\Windows\TEMP\ folder and there it creates a folder that looks something like this
....\TEMP\THI737A\
In that folder will be the application, a cabinet file and a small notepad document. Just to try things out, I left it there and didn't delete it. A few moments later, in the same TEMP folder, another folder was created with the same exact stuff in it. Just with a differnet name that looked similar to THI737A. It was a slightly different folder name but with the same executable file, cabinet file and notepad file. I left it again and lo and behold, I got the same trojan but in another folder in the TEMP folder.
I deleted them all just a few minutes ago. It won't be long before it comes back. Can somebody please help me, here?
-
Do you have Windows 2000/XP ? If you do,try using avast! Boot-time scan (Simple interface and right click on it)
-
No, I still use Windows 98. Anything I can use for that? I have the Virus Removal software that is specific for virus removal but it still didn't solve anything.
-
No, I still use Windows 98. Anything I can use for that? I have the Virus Removal software that is specific for virus removal but it still didn't solve anything.
Do you mean you just use the avast! Virus Cleaner?
Don't you have avast! antivirus as resident scanner?
-
Yeah, I got that. I have the residency scanner on high. I've done several virus scans, they don't find anything UNTIL this trojan comes back. I have no idea how to combat this.....
-
It would be good to submit the whole folder in a password protected file to virus(at)avast.com, so that they identify the virus.
Also, try submiting it to Jotti.
Exept from on-line scanners, you could also download 2 very good & free anti-trojans: ewido & a2. For the links, check my web-page.
-
Virusprone, I don't know if it will help but you can try scan and delete it booting in Safe Mode (F8 while booting), try to clean the temporary files (Internet cache, etc.).
I don't understand if you really download avast Cleaner or not...
avast Cleaner is a standalone application that could correct (and clean) some kind of viruses. See avast webpage.
The link 'Cleaning' on my signature brings some other information.
Hope this helps.
-
If this keeps coming back, there must be something bringing it back. So I thing that you need to run HiJackThis and see if you can find anything that will be in the registry.
HiJackThis - Eddy's Website (http://members.home.nl/edeijl/) and click the "HiJackThis Section" also the "Malware removal instructions and applications" section.
You can use Eddy's hijackthis log file analyser, or if you want to try an on-line scan of your Hijackthis log file try here http://hijackthis.de/index.php (http://hijackthis.de/index.php)
-
You can use Eddy's hijackthis log file analyser, or if you want to try an on-line scan of your Hijackthis log file try here http://hijackthis.de/index.php
Use both. What one doesn't know the other may know.