Author Topic: How to deal with a Trojan?  (Read 3924 times)

0 Members and 1 Guest are viewing this topic.

SongAndSerenity

  • Guest
How to deal with a Trojan?
« on: September 19, 2008, 03:27:11 PM »
My mother's free home edition of Avast! just detected a trojan (Win32:trojan-gen [other]).  She says there's a black screen that has several options (delete, delete all, move, move all, move to chest, move all to chest, repair, repair all) and she isn't sure which is the best option to get rid of this thing.

Advice?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: How to deal with a Trojan?
« Reply #1 on: September 19, 2008, 03:53:46 PM »
Move to Chest is the safer and allow further investigation of the file.
If she is asked about system files infection, then the wiser will be copy file path/name, ignore, past the info here for further instructions.
The best things in life are free.

SongAndSerenity

  • Guest
Re: How to deal with a Trojan?
« Reply #2 on: September 19, 2008, 04:23:30 PM »
If she does that, is that all there is to it?  Move to chest and then don't fret about it, or would there be something else she should do afterwards to take care of it?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: How to deal with a Trojan?
« Reply #3 on: September 19, 2008, 04:25:50 PM »
If she does that, is that all there is to it?  Move to chest and then don't fret about it, or would there be something else she should do afterwards to take care of it?
She shouldn't send system files to Chest. First post the file name and paths here.
She could send other infected files to Chest.

Further cleaning? I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.