Author Topic: New Trojan???  (Read 25905 times)

0 Members and 1 Guest are viewing this topic.

TypeX

  • Guest
Re:New Trojan???
« Reply #30 on: May 22, 2004, 11:55:44 PM »
No, you MUST schedule a pre-boot scan - this scan will start before the operating system loads.  It doesn't have to be in safe mode; the only reason I mentioned safe mode was because it was the method that I used to trigger the pre-boot scan.  

Tango

  • Guest
Re:New Trojan???
« Reply #31 on: May 23, 2004, 10:35:00 PM »
I too had the same problem ! It kept coming back , the notepad.exe and the win32:Trojan-090[TRJ] ! Newsflash this is the same virus that Symantec has except its called Download.Trojan . This virus is memory resident as well!

Somebody stated correctly with Avast that you need to run a "scheduled" boot scan , this will find the Trojano and give you the option to delete it .

It is in fact the same virus , once I scanned with there online scanner, and Pandas the exact same file came up on both there scans and Trojano came up on Avast

Here is some additional information from Symantec on the "download.trojan" :

Download.Trojan connects to the Internet and downloads other Trojan horses or components.

 
Variants:  Trojan Horse
Type:  Trojan Horse
Infection Length:  varies
 
 
 
Systems Affected:  Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected:  Macintosh, UNIX, Linux
 


Download.Trojan does the following:

Goes to a specific Web or FTP site that its author created and attempts to download new Trojans, viruses, worms, or their components.
After the Trojan downloads the files, it executes them.






Disable System Restore (Windows Me/XP).
Update the virus definitions.
Restart the computer in Safe mode (Windows 95/98/Me/2000/XP) or VGA mode (Windows NT).
Run a full system scan and delete all the files detected as Download.Trojan.
Clear Internet Explorer History and files, if needed.

Av ery good point was mentioned "dis-able the system restore point" because if you dont do this , Microsoft copies everything , including virus data into the restore archive, thus you recaptured the virus and continue to let it replicate over and over again!