Author Topic: How do I remove trojans  (Read 2550 times)

0 Members and 1 Guest are viewing this topic.

Offline volover

  • Newbie
  • *
  • Posts: 3
How do I remove trojans
« on: June 06, 2004, 06:45:48 PM »
I ran a different virus scan, it says I still have 5 trojans on my computer. How can I remove them?? When I run avast, it does not locate them???

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:How do I remove trojans
« Reply #1 on: June 06, 2004, 06:59:22 PM »
Hi,

which scanner was this ? what were the exact trojan names and locations ?


what WIN do you have ? Are all ServicePacks and Windowsupdates applied ?

Where exactly was the infected File found (full path/folder/filename, e.g. c:\Windows\system32\virusfile.exe) ?

Sometimes it's enough to
- clear all TEMP-folders (via drive CleanUp AND best also manually)
- empty Temp.Int.Files folder(s) (via IE->Extras-Internetoptions->Delete files, including OFFLINE files) and
- empty java-Cache or
- disable system restore on Win ME/XP INCLUDING a REBOOT!! ( http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm )
to get rid of it..

test the file with OnlineScanners e.g. from Trend, RAV & KAV (see below) to get a more specific name
(you need to temporarily pause AV-Resident Shield/Monitor/Guard to be able to scan the file online)

if avast doesn't detect it, please send it in a password-protected zip-file to  
virus (at) asw (dot) cz
Include the Zip-password and a link to this posting in the mailtext)

spybot, ad-aware and cwshredder might also help
see www.lurkhere.com ->nicefiles and www.lavasoft.de

-remove the Virus/Malware and it's system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky;
you might also try searching for the virus name or filename with google

general removal procedure:
- disable system restore on Win ME/XP
- kill respective Backdoor/Trojan process with task manager
- search for the file/process names in the registry; remove the malware's startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot

if you still can't remove it, you could post a logfile of Hijackthis here:
http//hjt.klaffke.de/en
& read this first: http://www.spywareinfo.com/%7Emerijn/htlogtutorial.html


-Secure your system:
   change passwords, secure shares, install patches/updates for WIN&IE;
   disable ActiveX and Scripting in IE except for know secure sites - and better use a secure browser like Opera or Mozilla
- scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro/RAV to check whether your PC is clean ;)
- If needed, reenable system restore on Win ME/XP


Further Details and Links via the board search above
« Last Edit: June 06, 2004, 06:59:55 PM by whocares »

Offline volover

  • Newbie
  • *
  • Posts: 3
Re:How do I remove trojans
« Reply #2 on: June 06, 2004, 08:33:56 PM »
c:\WINDOWS\SYSTEM\zdpvygk.exe TrojanDownloader.Win32.Agent.ae

c:\WINDOWS\SYSTEM\zdpvygk.exe TrojanDownloader.Win32.Agent.ae

c:\WINDOWS\TEMP\iinstall.exe TrojanDownloader.Win32.IstBar.gen

c:\WINDOWS\TEMP\iinstall.exe TrojanDownloader.Win32.IstBar.gen

c:\WINDOWS\TEMP\istbar.dll TrojanDownloader.Win32.IstBar.dh

c:\WINDOWS\TEMP\istbar.dll TrojanDownloader.Win32.IstBar.dh

c:\WINDOWS\TEMP\THI6F36.TMP\polall1t.exe TrojanDownloader.Win32.Agent.ae

c:\WINDOWS\TEMP\THI6F36.TMP\polall1t.exe TrojanDownloader.Win32.Agent.ae

c:\WINDOWS\Downloaded Program Files\ISTactivex.dll TrojanDownloader.Win32.IstBar.en

c:\WINDOWS\Downloaded Program Files\ISTactivex.dll TrojanDownloader.Win32.IstBar.en


All found with F-secure

Offline volover

  • Newbie
  • *
  • Posts: 3
Re:How do I remove trojans
« Reply #3 on: June 06, 2004, 08:56:11 PM »
Sorry, forgot

Win Mellium

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:How do I remove trojans
« Reply #4 on: June 07, 2004, 02:08:44 PM »
Hi,

please send them all to virus@avast.com if updated avast doesn't find them..

then delete them, if necessary in SafeMode

and secure your Windows & IE better, please see board-search or google..

 ;)