trojano attack-- cant remove

[ika]

Win32:Hoaxalarm-H [Adw]
Win32:Trojano-1581 [Trj]
Win32:Trojano-1487 [Trj]
Win32:Trojano-1371 [Trj]

this viruses i have on my PC, and each time i go online avast  alarm me and i try "delete" and "move to chest", and when in restar my computer, zhe virus in still there.

what to do??

[Lisandro]

Can you post the 'path' of the infected files?

I can make some suggestions (hope they can help in anyway...):

1. Have you tried to delete the temporary Internet files? To do this go to Internet explorer >Tools > Internet options > Delete files > Click delete all offline content (just to be sure) > click ok. It might take some time to delete them.

2. Disable (and enable it after) System Restore: Start > Control Panel > System > System restore > Disable > Click Apply > Enable it again > Click Ok

3. Schedule a boot-time scanning: Start avast! > Right click the skin > Schedule a boot-time scanning > Select for scanning archives > Boot

[ika]

and my task manager in unavailible,...

i have tryed, but its the same

path in in temporaly internet files, and in temp......

[WinAntiVirus_Guy]

Hi!

http://download.winantivirus.com/files/Trial/1019/WinAntiVirus2005ProTrialSetup.exe here is trial of antivirus, download it, than press "Update" button. After it make a scan and remove all that files.
 Of course better to make scan in a Safe Mode.

[Lisandro]

http://download.winantivirus.com/files/Trial/1019/WinAntiVirus2005ProTrialSetup.exe here is trial of antivirus, download it, than press "Update" button. After it make a scan and remove all that files.

Why do you suggest another antivirus program if avast! is detecting the virus?
If the user uses boot time scanning or scan with avast! at Safe Mode, won't it be the same?
Why does he/she need to use WinAntiVirus2005Pro?

[ika]

i try all what was writen here, but trojane is still on my computer. i tryen another virus scan and i get this report:


Scan Settings:
   Scan using the following antivirus database: standard
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - Folders:
   C:\

Scan Statistics:
   Total number of scanned objects: 23839
   Number of viruses found: 3
   Number of infected objects: 9
   Number of suspicious objects: 0
   Duration of the scan process: 1133 sec

Infected Object Name - Virus Name
C:\Documents and Settings\iztok\Local Settings\Temp\1.qtdfmp   Infected: Trojan-Downloader.Win32.Small.bho
C:\Documents and Settings\iztok\Local Settings\Temp\5.qtdfmp   Infected: Trojan-Downloader.Win32.Small.awa
C:\lo-1348106783.exe   Infected: Trojan-Downloader.Win32.Small.bht
C:\lo-816829849.exe   Infected: Trojan-Downloader.Win32.Small.bht
C:\lo1587471485.exe   Infected: Trojan-Downloader.Win32.Small.bht
C:\WINDOWS\system32\kernels32.exe   Infected: Trojan-Downloader.Win32.Small.bht
C:\WINDOWS\system32\vxh8jkdq1.exe   Infected: Trojan-Downloader.Win32.Small.bho
C:\WINDOWS\system32\vxh8jkdq5.exe   Infected: Trojan-Downloader.Win32.Small.awa
C:\WINDOWS\system32\vxh8jkdq8.exe   Infected: Trojan-Downloader.Win32.Small.bho

Scan process completed.

[toadbee]

Hey is that the same winantivirus that finally made the rogue and suspect antispyware list ??
http://www.spywarewarrior.com/rogue_anti-spyware.htm

aggressive advertising (1, 2, 3, 4); false positives work as goad to purchase; inappropriate collection of Personally Identifiable Information [A: 5-21-05 / U: 5-21-05]

Of course it is. Don't use it.

[TurtleWax]

Check out my How2 (sorta brute force malware removal)
http://www.sysinternals.com/Forum/forum_posts.asp?TID=966&PN=1

Then Get this tool !  It is great for stopping autorun programs from reloading.
http://www.sysinternals.com/Utilities/Autoruns.html
TurtleWax

i try all what was writen here, but trojane is still on my computer. i tryen another virus scan and i get this report:


Scan Settings:
   Scan using the following antivirus database: standard
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - Folders:
   C:\

Scan Statistics:
   Total number of scanned objects: 23839
   Number of viruses found: 3
   Number of infected objects: 9
   Number of suspicious objects: 0
   Duration of the scan process: 1133 sec

Infected Object Name - Virus Name
C:\Documents and Settings\iztok\Local Settings\Temp\1.qtdfmp   Infected: Trojan-Downloader.Win32.Small.bho
C:\Documents and Settings\iztok\Local Settings\Temp\5.qtdfmp   Infected: Trojan-Downloader.Win32.Small.awa
C:\lo-1348106783.exe   Infected: Trojan-Downloader.Win32.Small.bht
C:\lo-816829849.exe   Infected: Trojan-Downloader.Win32.Small.bht
C:\lo1587471485.exe   Infected: Trojan-Downloader.Win32.Small.bht
C:\WINDOWS\system32\kernels32.exe   Infected: Trojan-Downloader.Win32.Small.bht
C:\WINDOWS\system32\vxh8jkdq1.exe   Infected: Trojan-Downloader.Win32.Small.bho
C:\WINDOWS\system32\vxh8jkdq5.exe   Infected: Trojan-Downloader.Win32.Small.awa
C:\WINDOWS\system32\vxh8jkdq8.exe   Infected: Trojan-Downloader.Win32.Small.bho

Scan process completed.

[Storzek]

Hello to all!!

I have only Win32:Hoaxalarm-H [Adw] adwere in my copmpetuter, I do'not now what I do, I check a lot thing (registri, scan, rebootscan,....)
Avast do not clear them. whene it delete the *.tmp file from c:/windows/system32/1024/ on reboot is this file there ??

I think this file was genereted from anather file wich one avast not found?

If somebody know how to delete this please write me!

Best regards from Boštjan - Slovenia

[Lisandro]

I think this file was genereted from anather file wich one avast not found?

Are you using Windows XP?
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning
Select for scanning archives.
Boot.

Other option is scanning in SafeMode (repeatedly press F8 while booting): http://support.microsoft.com/default.aspx?scid=kb;en-us;315222

[polonus]

Hi ika,

Does this ring a bell. Look here:
http://www.viruslist.com/en/viruses/encyclopedia?virusid=87179.
A hoax virus is a virus that pops up a hoax and starts up through a change in the registry. The hoax gives the end-user the impression that he is infected.

greets,

polonus

[Lisandro]

A hoax virus is a virus that pops up a hoax and starts up through a change in the registry. The hoax gives the end-user the impression that he is infected.

Do you have a copy of it?
If it's a joke, let's joke... maybe some friend of us could laught at this... 

[DavidR]

A hoax virus is a virus that pops up a hoax and starts up through a change in the registry. The hoax gives the end-user the impression that he is infected.

Do you have a copy of it?
If it's a joke, let's joke... maybe some friend of us could laught at this... 

I think he just has a copy of the image on the link that he gave.

[Lisandro]

I think he just has a copy of the image on the link that he gave.

I see... but it would be nice to have it as a real joke 

[Storzek]

Hello!

Yes I have windows XP but nothing of this do not work I chack anather forums, but nobudy do not know how to delete this addwere.

Best regards from, Bostjan, Slovenia