Author Topic: How to get rid of a Trojan?  (Read 6091 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
How to get rid of a Trojan?
« on: February 25, 2017, 03:46:01 PM »
Hi,

On Wednesday, my USB key got infected by a Trojan (VBS: Downloader-AJV
) in a copy center : when I inserted the key in my computer, avast made a warning and put the infected file in quarantine. After a quickscan which was ok, I ran a complete scan of my computer on Thursday and avast found the same Trojan in the c:\Users\AppData\Local\Temp and put it in quarantine. Just to be sure, I ran another complete scan of my computer yesterday : avast found the same Trojan in the same part of the computer and put it in quarantine as well.
Could anyone tell me what I should do to get rid of this Trojan for good? Thank you!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: How to get rid of a Trojan?
« Reply #1 on: February 25, 2017, 03:54:40 PM »
Follow the instructions in the sticky of this forum.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: How to get rid of a Trojan?
« Reply #2 on: February 25, 2017, 06:47:30 PM »
Follow the instructions in the sticky of this forum.
That means instructions here  >  https://forum.avast.com/index.php?topic=194892.0

attach requested logs
- Malwarebytes
- Farbar Recovery Scan Tool
- MCShield (this log you copy and paste)


REDACTED

  • Guest
Re: How to get rid of a Trojan?
« Reply #3 on: February 25, 2017, 10:40:31 PM »
Hi Eddy and Pondus,

I have attached the logs (sorry for taking so long but the Malwarebytes scan took hours to complete).
The Malwarebytes and FRS Tool were installed in French, so the logs are in French as well, I hope it won't be a problem!
Thank you!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: How to get rid of a Trojan?
« Reply #4 on: February 25, 2017, 10:42:50 PM »
as said above, MCShield log must be copy paste. A forum issue make it look like chinese when attached


Malware expert is notified, he may not be online before tomorrow


REDACTED

  • Guest
Re: How to get rid of a Trojan?
« Reply #5 on: February 25, 2017, 10:47:58 PM »
Hi Pondus,

Thank you!
Sorry, I didn't pay attention about the MCShield log copy/paste. Here its is:



>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<


25/02/2017 22:26:55 > Drive C: - scan started (Acer ~419 GB, NTFS HDD )...



=> The drive is clean.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: How to get rid of a Trojan?
« Reply #6 on: February 25, 2017, 11:00:54 PM »
did you plug in the infected USB key?


REDACTED

  • Guest
Re: How to get rid of a Trojan?
« Reply #7 on: February 25, 2017, 11:21:01 PM »
As you might have guessed, I'm no computer expert, I hadn't plugged the infected USB key :)
Below is the MCShield log with the infected USB key plugged in. During the scanning, AV issued a warning several times, I made a screen capture (see attached file).




>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<


25/02/2017 22:26:55 > Drive C: - scan started (Acer ~419 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<


25/02/2017 23:07:24 > Drive D: - scan started (Lexar ~15259 MB, FAT32 flash drive )...



---> Executing generic S&D routine... Searching for files hidden by malware...


---> Items to process: 23

---> D:\RW-passport-photo.jpg > unhidden.

---> D:\20150930121853269.pdf > unhidden.

---> D:\._.Trashes > unhidden.

---> D:\Spinoza.jpg > unhidden.

---> D:\20150930121902609.pdf > unhidden.

---> D:\20150930121911301.pdf > unhidden.

---> D:\20151208_123407.mp4 > unhidden.

---> D:\._20151208_123407.mp4 > unhidden.

---> D:\Conjugaison.pdf > unhidden.

---> D:\prog-2014-psy2m.pdf > unhidden.

---> D:\Décès Kulcsar Mor - 1941 Eger.jpg > unhidden.

---> D:\Mariage Bajor Marta - 1929 Budapest V.jpg > unhidden.

---> D:\Ancestry.pdf > unhidden.

---> D:\HealingTrauma.pdf > unhidden.

---> D:\Miki.docx > unhidden.

---> D:\VOYELLES HONGROIS.doc > unhidden.

---> D:\Pfeifer (2).rmgc > unhidden.

---> D:\Voyelles.doc > unhidden.

---> D:\Signature Witz Lipot.JPG > unhidden.

---> D:\Testament Delikat Salamon - 1881.JPG > unhidden.

---> D:\Coupon-GO-2.pdf > unhidden.

---> D:\VRAI FAUX PSYCHANALYSE.pdf > unhidden.

---> D:\Scripts xp Pottié_version Homme.pdf > unhidden.



>>> D:\RW-passport-photo.jpg.lnk - Malware > Deleted. (17.02.25. 23.11 RW-passport-photo.jpg.lnk.113522; MD5: 133b11fc070f7b462f220774fd8bb32e)

>>> D:\20150930121853269.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 20150930121853269.pdf.lnk.689384; MD5: 0944fb28616e085e1260fa271376abf8)

>>> D:\._.Trashes.lnk - Malware > Deleted. (17.02.25. 23.11 ._.Trashes.lnk.504674; MD5: b28068f2fc2009de6fd5505defccaeaf)

>>> D:\Spinoza.jpg.lnk - Malware > Deleted. (17.02.25. 23.11 Spinoza.jpg.lnk.994824; MD5: 0fdb6074d0de45067ca98191bc7af474)

>>> D:\20150930121902609.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 20150930121902609.pdf.lnk.411460; MD5: fc5dad4610646db6fb558371c3667492)

>>> D:\20150930121911301.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 20150930121911301.pdf.lnk.754629; MD5: 136ae2fece9840159f1f7785fcc0eabf)

>>> D:\20151208_123407.mp4.lnk - Malware > Deleted. (17.02.25. 23.11 20151208_123407.mp4.lnk.37974; MD5: 833fb9c698ce6524353021343ac235e3)

>>> D:\._20151208_123407.mp4.lnk - Malware > Deleted. (17.02.25. 23.11 ._20151208_123407.mp4.lnk.483212; MD5: cdcffb2ff3dbca9964ef7445fc7535f0)

>>> D:\Conjugaison.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 Conjugaison.pdf.lnk.870200; MD5: 5f99a719e3dcdd51d9e7dda01f695b4c)

>>> D:\prog-2014-psy2m.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 prog-2014-psy2m.pdf.lnk.53444; MD5: 3c7c48214606cae4d39439245e9841a7)

>>> D:\Décès Kulcsar Mor - 1941 Eger.jpg.lnk - Malware > Deleted. (17.02.25. 23.11 Décès Kulcsar Mor - 1941 Eger.jpg.lnk.588199; MD5: 100c9cd21e79390b8f4fee6baaff2678)

>>> D:\Mariage Bajor Marta - 1929 Budapest V.jpg.lnk - Malware > Deleted. (17.02.25. 23.11 Mariage Bajor Marta - 1929 Budapest V.jpg.lnk.707902; MD5: 7b7ba43576c2b98cb4c5c86ee991feae)

>>> D:\Ancestry.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 Ancestry.pdf.lnk.14643; MD5: da6d6a456e22f886202b110461930ddb)

>>> D:\HealingTrauma.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 HealingTrauma.pdf.lnk.224913; MD5: 4daa8e6e25a3909ed574aa08ea891f62)

>>> D:\Miki.docx.lnk - Malware > Deleted. (17.02.25. 23.11 Miki.docx.lnk.60014; MD5: 833603347900480531cea89c50462ffe)

>>> D:\VOYELLES HONGROIS.doc.lnk - Malware > Deleted. (17.02.25. 23.11 VOYELLES HONGROIS.doc.lnk.456841; MD5: f7220f215de51376209cbdc6c4d59eac)

>>> D:\Pfeifer (2).rmgc.lnk - Malware > Deleted. (17.02.25. 23.11 Pfeifer (2).rmgc.lnk.224946; MD5: 4b85264ebe01fa174f54f03eae069868)

>>> D:\Voyelles.doc.lnk - Malware > Deleted. (17.02.25. 23.11 Voyelles.doc.lnk.747063; MD5: c20bb30bde52120b4fe805c23f6b8790)

>>> D:\Signature Witz Lipot.JPG.lnk - Malware > Deleted. (17.02.25. 23.11 Signature Witz Lipot.JPG.lnk.665865; MD5: ec3b9b42e18b8a7fc56d5533e3e9b8fd)

>>> D:\Testament Delikat Salamon - 1881.JPG.lnk - Malware > Deleted. (17.02.25. 23.11 Testament Delikat Salamon - 1881.JPG.lnk.869313; MD5: ac67ca62dfe0233202cedfb5a396bd42)

>>> D:\Coupon-GO-2.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 Coupon-GO-2.pdf.lnk.491925; MD5: dcadccf663e59295e242aa5d55031f20)

>>> D:\VRAI FAUX PSYCHANALYSE.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 VRAI FAUX PSYCHANALYSE.pdf.lnk.388205; MD5: a1cdfc59a1bfeace4b01ba09bb47e1d5)

>>> D:\Scripts xp Pottié_version Homme.pdf.lnk - Malware > Deleted. (17.02.25. 23.11 Scripts xp Pottié_version Homme.pdf.lnk.472267; MD5: fba54e011873aa3979198d3f7c6712e9)

>>> D:\.Trashes.lnk - Malware > Deleted. (17.02.25. 23.11 .Trashes.lnk.479406; MD5: 236137784bd92b7d55712b58b0cc8505)

>>> D:\System Volume Information.lnk - Malware > Deleted. (17.02.25. 23.11 System Volume Information.lnk.956524; MD5: 883539e5f49b9683999ebd356bc7fb1c)

>>> D:\.Spotlight-V100.lnk - Malware > Deleted. (17.02.25. 23.11 .Spotlight-V100.lnk.88952; MD5: 76be02a4b178a0536660d6556569aeab)

>>> D:\Photos à imprimer.lnk - Malware > Deleted. (17.02.25. 23.11 Photos à imprimer.lnk.651521; MD5: 460c7a5bd130fceed44f5d5e03ef0bde)

>>> D:\Articles PT sociale 2015.lnk - Malware > Deleted. (17.02.25. 23.11 Articles PT sociale 2015.lnk.383722; MD5: eb7a024ea28d934cb941d72531a59795)

>>> D:\Pour Patricia.lnk - Malware > Deleted. (17.02.25. 23.11 Pour Patricia.lnk.571471; MD5: 8c62b77092e8d3c2306bbb73f313001c)

>>> D:\Encore.lnk - Malware > Deleted. (17.02.25. 23.11 Encore.lnk.871871; MD5: caabaec8e07a90542cd8baa16b227d25)

>>> D:\Attachments.lnk - Malware > Deleted. (17.02.25. 23.11 Attachments.lnk.921736; MD5: 308f308f682e7249a8c7df064351158c)

>>> D:\Hébreu biblique.lnk - Malware > Deleted. (17.02.25. 23.11 Hébreu biblique.lnk.273607; MD5: db675902550b480b0cf80195c3dae466)

>>> D:\Mindfulness Bell.lnk - Malware > Deleted. (17.02.25. 23.11 Mindfulness Bell.lnk.216330; MD5: 45d24bfc1ca85a6291d0d560886dd8de)

>>> D:\Programme Sambhota.lnk - Malware > Deleted. (17.02.25. 23.11 Programme Sambhota.lnk.628244; MD5: 1c270fac94594867778df039daf954ab)

>>> D:\Tibétain.lnk - Malware > Deleted. (17.02.25. 23.11 Tibétain.lnk.165405; MD5: b7a87175a4df915ffaf91af5d88a1c69)

>>> D:\Photos.lnk - Malware > Deleted. (17.02.25. 23.11 Photos.lnk.786879; MD5: ff4ae4c052cddf05e904641c587485c4)

>>> D:\Buddhism.lnk - Malware > Deleted. (17.02.25. 23.11 Buddhism.lnk.152482; MD5: 085eb0787cd96e7949528553eba1d541)

>>> D:\Open Focus.lnk - Malware > Deleted. (17.02.25. 23.11 Open Focus.lnk.653740; MD5: 2461e87a3b85a6a01816efb4fe4d9fd8)

>>> D:\Pest records.lnk - Malware > Deleted. (17.02.25. 23.11 Pest records.lnk.805760; MD5: 1fbde33697aba38f8d0c9bcc855e024a)

>>> D:\Yad vashem.lnk - Malware > Deleted. (17.02.25. 23.11 Yad vashem.lnk.89980; MD5: 78764cc6c204da95226af8a991efb9c3)

>>> D:\Justice Budapest - demandes.lnk - Malware > Deleted. (17.02.25. 23.11 Justice Budapest - demandes.lnk.516282; MD5: f0ffd05c6eff32e139e1d3246d26125b)

>>> D:\Vienne - demandes.lnk - Malware > Deleted. (17.02.25. 23.11 Vienne - demandes.lnk.885096; MD5: 206e3b413724885f865646f35160f457)

>>> D:\Généalogie - à faire.lnk - Malware > Deleted. (17.02.25. 23.11 Généalogie - à faire.lnk.990324; MD5: 14b16eed0ac6df2211f991a3e3a5dc2d)

>>> D:\Mariages Lowy.lnk - Malware > Deleted. (17.02.25. 23.11 Mariages Lowy.lnk.268115; MD5: 38b5835d99f8f614c3b598b0e67d86b7)

>>> D:\Transferer.lnk - Malware > Deleted. (17.02.25. 23.11 Transferer.lnk.283344; MD5: 3467a301410c35eb6033e209e6f59378)

>>> D:\Nécrologies Vienne - Witz.lnk - Malware > Deleted. (17.02.25. 23.11 Nécrologies Vienne - Witz.lnk.205033; MD5: a3db5dfe5f36e87d99d44c7bbfaa420d)

>>> D:\Brett Lipot.lnk - Malware > Deleted. (17.02.25. 23.11 Brett Lipot.lnk.404414; MD5: 65bc7af87bfe73f5ba9596be5c62438b)

>>> D:\Brett Mor.lnk - Malware > Deleted. (17.02.25. 23.11 Brett Mor.lnk.358333; MD5: 38f2a1865aa858d1e94ae799a9514654)

>>> D:\Inscription UCL.lnk - Malware > Deleted. (17.02.25. 23.11 Inscription UCL.lnk.745845; MD5: ca4cc987d1fc0374f89aedd010ee25dc)

>>> D:\Nouveau.lnk - Malware > Deleted. (17.02.25. 23.11 Nouveau.lnk.431910; MD5: 0c8a856eed26959a9e0662c578ffe457)

>>> D:\Pour le transfert sur laptop.lnk - Malware > Deleted. (17.02.25. 23.11 Pour le transfert sur laptop.lnk.254940; MD5: e815456dff2d2dcb108966bc89701237)

>>> D:\Master UCL.lnk - Malware > Deleted. (17.02.25. 23.11 Master UCL.lnk.560020; MD5: 54952d17601209ddeaf840a91311c396)

>>> D:\Tombes - à imprimer.lnk - Malware > Deleted. (17.02.25. 23.11 Tombes - à imprimer.lnk.143317; MD5: 4b25f14abae71d7aab4e09df8194b7c1)

>>> D:\Imprimer couleur.lnk - Malware > Deleted. (17.02.25. 23.11 Imprimer couleur.lnk.472054; MD5: 4e063210c829a64144164e14446a7420)

>>> D:\Verbes à imprimer.lnk - Malware > Deleted. (17.02.25. 23.11 Verbes à imprimer.lnk.551088; MD5: 948b229e07c3747b49406cb48d22132d)

>>> D:\Partie 2.lnk - Malware > Deleted. (17.02.25. 23.11 Partie 2.lnk.925437; MD5: da54549b99c82850d78815b6c5105ce3)

>>> D:\A imprimer.lnk - Malware > Deleted. (17.02.25. 23.11 A imprimer.lnk.35345; MD5: efcc11126f7372b36ca3f0b78829be60)

>>> D:\A transférer ce soir.lnk - Malware > Deleted. (17.02.25. 23.11 A transférer ce soir.lnk.941508; MD5: fb0e2b058fa1dc4dec402e1f6f5ca28d)

>>> D:\Advanced Tibetan Dialogues.lnk - Malware > Deleted. (17.02.25. 23.11 Advanced Tibetan Dialogues.lnk.730342; MD5: 6619d70e2a6ae35694c9668d42091c77)

>>> D:\Etude de cas.lnk - Malware > Deleted. (17.02.25. 23.11 Etude de cas.lnk.439541; MD5: 561fd4ba51c3827fbb5de9b5f33d3266)

>>> D:\LRZTP.lnk - Malware > Deleted. (17.02.25. 23.11 LRZTP.lnk.130853; MD5: 8c3cafbb1aecafc7dbd6f09848b89f86)

>>> D:\A sauver.lnk - Malware > Deleted. (17.02.25. 23.11 A sauver.lnk.204988; MD5: dfde1f0956ac6af6aba620c1799be1f5)

>>> D:\animheb-cd.lnk - Malware > Deleted. (17.02.25. 23.11 animheb-cd.lnk.622063; MD5: 05c0007f2fe74275b34020eccde5bd19)

>>> D:\Imprimer examens 2017.lnk - Malware > Deleted. (17.02.25. 23.11 Imprimer examens 2017.lnk.731358; MD5: 3994b4f197f3341b8336c5a8c35687a5)

>>> D:\WOLFF.lnk - Malware > Deleted. (17.02.25. 23.11 WOLFF.lnk.815857; MD5: 1b91c01af4cd73fff2823cd1bbc44b1b)

>>> D:\VRAI FAUX Wolff.lnk - Malware > Deleted. (17.02.25. 23.11 VRAI FAUX Wolff.lnk.592052; MD5: e0b677598c729b3a3850f66941dd5129)

>>> D:\Clinique psychanalytique PDF.lnk - Malware > Deleted. (17.02.25. 23.11 Clinique psychanalytique PDF.lnk.290231; MD5: 19cc1d121867d9153ddd92b47170a84f)

>>> D:\IMPRIMER DOCS.lnk - Malware > Deleted. (17.02.25. 23.11 IMPRIMER DOCS.lnk.465866; MD5: 0bd6b48f4e17140f0c83293b0f903e5a)

>>> D:\Manuel.doc.lnk - Malware > Deleted. (17.02.25. 23.11 Manuel.doc.lnk.204540; MD5: c892d32e10e848ea35985e08e49a429a)

> Resetting attributes: D:\.Trashes < Successful.

> Resetting attributes: D:\System Volume Information < Successful.

> Resetting attributes: D:\.Spotlight-V100 < Successful.

> Resetting attributes: D:\Photos à imprimer < Successful.

> Resetting attributes: D:\Articles PT sociale 2015 < Successful.

> Resetting attributes: D:\Pour Patricia < Successful.

> Resetting attributes: D:\Encore < Successful.

> Resetting attributes: D:\Attachments < Successful.

> Resetting attributes: D:\Hébreu biblique < Successful.

> Resetting attributes: D:\Mindfulness Bell < Successful.

> Resetting attributes: D:\Programme Sambhota < Successful.

> Resetting attributes: D:\Tibétain < Successful.

> Resetting attributes: D:\Photos < Successful.

> Resetting attributes: D:\Buddhism < Successful.

> Resetting attributes: D:\Open Focus < Successful.

> Resetting attributes: D:\Pest records < Successful.

> Resetting attributes: D:\Yad vashem < Successful.

> Resetting attributes: D:\Justice Budapest - demandes < Successful.

> Resetting attributes: D:\Vienne - demandes < Successful.

> Resetting attributes: D:\Généalogie - à faire < Successful.

> Resetting attributes: D:\Mariages Lowy < Successful.

> Resetting attributes: D:\Transferer < Successful.

> Resetting attributes: D:\Nécrologies Vienne - Witz < Successful.

> Resetting attributes: D:\Brett Lipot < Successful.

> Resetting attributes: D:\Brett Mor < Successful.

> Resetting attributes: D:\Inscription UCL < Successful.

> Resetting attributes: D:\Nouveau < Successful.

> Resetting attributes: D:\Pour le transfert sur laptop < Successful.

> Resetting attributes: D:\Master UCL < Successful.

> Resetting attributes: D:\Tombes - à imprimer < Successful.

> Resetting attributes: D:\Imprimer couleur < Successful.

> Resetting attributes: D:\Verbes à imprimer < Successful.

> Resetting attributes: D:\Partie 2 < Successful.

> Resetting attributes: D:\A imprimer < Successful.

> Resetting attributes: D:\A transférer ce soir < Successful.

> Resetting attributes: D:\Advanced Tibetan Dialogues < Successful.

> Resetting attributes: D:\Etude de cas < Successful.

> Resetting attributes: D:\LRZTP < Successful.

> Resetting attributes: D:\A sauver < Successful.

> Resetting attributes: D:\animheb-cd < Successful.

> Resetting attributes: D:\Imprimer examens 2017 < Successful.

> Resetting attributes: D:\WOLFF < Successful.

> Resetting attributes: D:\VRAI FAUX Wolff < Successful.

> Resetting attributes: D:\Clinique psychanalytique PDF < Successful.

> Resetting attributes: D:\IMPRIMER DOCS < Successful.


=> Malicious files   : 69/69 deleted.
=> Hidden folders    : 45/45 unhidden.
=> Hidden files      : 23/23 unhidden.

____________________________________________

::::: Scan duration: 4min 24sec ::::::::::::
____________________________________________



Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: How to get rid of a Trojan?
« Reply #8 on: February 25, 2017, 11:39:15 PM »
Check back tomorrow when malware expert have checked your logs   ;)


REDACTED

  • Guest
Re: How to get rid of a Trojan?
« Reply #9 on: February 26, 2017, 10:02:45 PM »
Thank you! I'm looking forward to the malware expert's feedback.

Offline dbrisendine

  • Malware Fighter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1258
Re: How to get rid of a Trojan?
« Reply #10 on: February 26, 2017, 10:19:59 PM »

Fix with Farbar Recovery Scan Tool
This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

How is the system running now?  Does Avast still find the VBS malware?
Win7 x32 Ult. SP1, Brain 2.0 / Win10 x64, Brain2.5
My help is always free but if you would like to help encourage me or show your thanks -----> DONATE

REDACTED

  • Guest
Re: How to get rid of a Trojan?
« Reply #11 on: February 27, 2017, 01:41:37 AM »
Hi!
Thank you very much for your reply. I've started the FRST fix 3 hours ago and it is still running, it is normal it's taking so long?
I will let it run overnight and hope it will be done by tomorrow morning.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: How to get rid of a Trojan?
« Reply #12 on: February 27, 2017, 02:05:21 AM »
Quote
I've started the FRST fix 3 hours ago and it is still running, it is normal it's taking so long?
No it sometimes hang, you may abort and run again


REDACTED

  • Guest
Re: How to get rid of a Trojan?
« Reply #13 on: February 27, 2017, 10:06:59 AM »
That's what I did then : I aborted it and started again.
The second run kept going too and, after more than two hours, I ended it. But, during the first 5 minutes, there is a Fixlog text that appeared on my desktop (see attached file). Does it mean it worked or should I run it again?

REDACTED

  • Guest
Re: How to get rid of a Trojan?
« Reply #14 on: February 27, 2017, 01:05:15 PM »
Is it possible that the reason why the FRST fix is taking so long lies in the Fixlist? I have just checked it and I see that the user name is not me. Does it matter?