help needed

[markyc101]

hello,
         i have just started useing avast and it has found a virus .
    the virus is -win32:trojan-gen.(other)

     file name - c:\windows\sychost.exe

what do i do know  . i am not very good with computers so any instructions / help you could give me in plain english would be great.
               
     thank you.

[whocares]

Hi,
are you sure, that's a "Y" and not a "V"
in the filename ? Please check the spelling or better exactly copy the name from avast'S report/logfile in here


what WIN do you have ?


test the file with OnlineScanners e.g. from Trend & KAV (see below) to get a more specific name
(you need to temporarily disable AV-Resident Shields/Monitors to be able to scan the file online)


-remove the Virus/Malware and it's system modifications according to VirusInfos from Avast, VGREP, TrendMicro, Kaspersky; you might also try searching for the virus name or filename with google

general removal procedure:
- kill respective Backdoor/Trojan process with task manager
- search for the file/process names in the registry; remove the malware's startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot
 

-Secure your system (change passwords, secure shares, install patches/updates for WIN, IE etc..)
-scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro to check whether your PC is clean
 

[markyc101]

hi,
 thanks for trying to help.
yes sorry that is a v in the file name.
i have windows 98 ver 4.10

when you say website names can you say the whole name as i do not them.thanks.

[whocares]

Hi,

scan the file here:
http://housecall.antivirus.com/housecall/start_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://www.ravantivirus.com/ --> Scan Online

and tell us the exact name they come up with
(pause avast's resident shield first: rightclick on the blue ball-> pause ..)

 

[markyc101]

hi,
    useing kaspersky it said
svchost.exe infected :trojanspy.win32.tofger.d

[whocares]

ok, that's  a start:

either you browse through these 2 Links:
ClickME!
http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=tofger&product=4 (read both 2 pages!!)
and follow/adapt the general removal procedures..

or you tell us, what variant HouseCall/Trendmicro says it is..

It might be that deleting the file is enough, but I'm not sure..
P.S.: some Tofger-variants have backdoor-components, meaning that someone can/could manipulate&read your data, passwords entered etc..

--> if you have important, sensitive or private data on the PC, it might be a good idea to backup your data-files, format and reinstall..