« previous next »
Pages: [1]   Go Down

Author Topic: Win32:Trojano-2481 [Trj]  (Read 3875 times)

0 Members and 1 Guest are viewing this topic.

carontes

  • Guest
Win32:Trojano-2481 [Trj]
« on: November 08, 2005, 04:09:08 PM »
Hi there!
Can anyone tell me how I can terminate this trojan????
I have got Avast home version, Spyboot and Destroy and I have just installed Ewido, Ad-aware and Synate firewalls.
In my computer I have got Windows 2000 professional!
So for I haven`t had much luck  with all these programmes and trojan is stille there!
Thanks a lot!
Bye
C
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89686
  • No support PMs thanks
Re: Win32:Trojano-2481 [Trj]
« Reply #1 on: November 08, 2005, 04:14:33 PM »
- What was the virus name, what was the filename, where was it found
  example (C:\windows\system32\infected-filename.xxx)?

For files in use that may be being protected by windows, try the schedule boot-time scan in avast's menu (or try the 'Schedule Boot-Time Scan' using RejZoR's AEC avast! External Control Tool
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

carontes

  • Guest
Re: Win32:Trojano-2481 [Trj]
« Reply #2 on: November 08, 2005, 04:56:16 PM »
Hi!
The virus create a temporary file in the following folder C:/winnt/system32/. Even I destroy it, every time I switch on the computer it seems the virus create a new temporary file with a very similar name to the prevoius one. The name of this tempoarary file is dle_ _ _.tmp where the three last characters can change and can be numbers (most of the time) or sometimes letters.
Anyway thank you very much for the suggestion! As soon as I get home I will try to use schedule boot-time scan in avast's menu!
I hope it will work!
Thanks
C
Logged

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4871
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Win32:Trojano-2481 [Trj]
« Reply #3 on: November 08, 2005, 06:00:27 PM »
I suspect this may be a rbot worm variant: hard to tell, but a HijackThis! on another forum with the same avast! virus name seemed to be an infection by this worm.

It would be worth running the rdriv.sys removal tool just to be sure the worm isn't hiding itself with a rootkit, which it sometimes does.

Running the rootkit removal tool won't hurt. I can't say for sure that you have the rootkit, but it is a possibility.

http://forum.avast.com/index.php?topic=16788.msg142660#msg142660

Run the tool before the avast! scan and then try another scan with ewido which might now see something.
Logged
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

carontes

  • Guest
Re: Win32:Trojano-2481 [Trj]
« Reply #4 on: November 09, 2005, 02:07:33 PM »
hi there!
It seems I have eliminated this virus with the schedule boot scan of Avast in collaboration with Ewido and Ad-aware (both programmes have found some malware). Anyway I will keep on eye on it in case it will be back.
Thank you very much for your help!
Bye
C
Logged
Pages: [1]   Go Up
« previous next »