can someone please help me remove this trojan found by a scan i performed yesterday?
my computer is a toshiba portege A200, running WIN XP pro. antivirus is avast! 4 home edition, with ZA as firewall.
yesterday, when logging onto the internet ZA detected an access-request by two processes I had not started or seen before: hkcmd.exe and igfxtray.exe
I ran a TrendMicro online scan which didn't find anything and then my usual Avast! scan with updated VPS 0642-0 of 17/10/06.
The scan found the following trojan horse:
win32: sdBot-gen28[trj]in the following location:
C:System Volume Information\_restore{E0038286-7C38-416A-AC95-17B978ECDCF9}\RP59\change.log.31
when the pop-up appeared i chose the recommended option and moved the infected file to Avast's CHEST, where it's still sitting.
Having read a few threads on this forum, I did the following:
1) backed up the System State onto a memory stick - this failed on two dll files: fastprox.dll and repdrvfs.dll
2) disabled the system restore function and rebooted
3) rebooted in safemode
4) performed another scan with avast! (i cannot access the internet in safemode to use online tools) which resulted negative but couldn't access fastprox.dll and repdrvfs.dll
5) deleted all temp files and emptied java cache
6) looked for suspicious processes in task manager but did not feel confident enough to interpret their names
7) restarted in normal mode
what do i do with the infected file? can i scan the file in avast's chest with an online tool?
how do i definitively remove the malware?and can i replace the two apparently damaged (altough i'm afraid from before) dll files from another machine (i.e. my brother's)?
PLEASE, i'm trying not to panic but it's harder for us non-experts!
i hope someone can help and i apologise if the question is silly, i am not very computer literate and English is not my first language.
THANK YOU EVER SO MUCH.
s