Author Topic: Anybody have this trojan - Win32:RegZonTr[Trj}  (Read 8667 times)

0 Members and 1 Guest are viewing this topic.

cnw

  • Guest
Anybody have this trojan - Win32:RegZonTr[Trj}
« on: October 17, 2004, 04:49:10 PM »
File anme: c:\re11.REG
VPS 0442-3, 10/15/2004

I've tried everything that I found in this forum and it still comes back in Windows XP when I boot up and can't rename, remove, repair, delete etc.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Anybody have this trojan - Win32:RegZonTr[Trj}
« Reply #1 on: October 17, 2004, 05:18:01 PM »
Did you try Move on Boot application from www.sysinternals.com ?
Did you try to schedule a boot time scanning and delete the file?
Did you try to delete the file in Safe Mode (F8 while booting)?
The best things in life are free.

cnw

  • Guest
Re:Anybody have this trojan - Win32:RegZonTr[Trj}
« Reply #2 on: October 17, 2004, 05:23:07 PM »
Thanks, I have tried many boot time scans although I don't know how to speciafically delete the file when doing so.

How do you delete the file in safe Mode?

I will try Move on Boot and let you know.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Anybody have this trojan - Win32:RegZonTr[Trj}
« Reply #3 on: October 17, 2004, 05:29:48 PM »
Thanks, I have tried many boot time scans although I don't know how to speciafically delete the file when doing so.

If the file is detected as a virus, you can choose an option to delete it...

How do you delete the file in safe Mode?

You must boot Windows in Safe Mode, pressing F8 continually just after the boot.
Choose Safe Mode in the Boot Menu.
Delete a file there is just like in the Windows Explorer, clicking on DEL  ;)

I will try Move on Boot and let you know.

Very small, simple and usefull application indeed  ;)
The best things in life are free.

cnw

  • Guest
Re:Anybody have this trojan - Win32:RegZonTr[Trj}
« Reply #4 on: October 17, 2004, 05:38:44 PM »
Thanks again but the problem is AVAST won't let me delete this virus after it is detected.

If I see the virus appear on the screen in Safe Mode how do I highlight it to remove it?

,Couldn't find Move on Boot at that site but found alot of other cool stuff

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Anybody have this trojan - Win32:RegZonTr[Trj}
« Reply #5 on: October 17, 2004, 05:46:58 PM »
Thanks again but the problem is AVAST won't let me delete this virus after it is detected.

This could happen if the virus is active...
I can't believe you can't delete the file in boot time scanning (did you choose to scan archive files and whole HDD?)

If I see the virus appear on the screen in Safe Mode how do I highlight it to remove it?

You can't run avast in Windows Safe Mode...
You should delete that file into Windows Explorer while in Safe Mode.

Couldn't find Move on Boot at that site but found alot of other cool stuff

Sorry, I was wrong. The right url is: http://www.snapfiles.com/get/moveonboot.html
The best things in life are free.

cnw

  • Guest
Re:Anybody have this trojan - Win32:RegZonTr[Trj}
« Reply #6 on: October 17, 2004, 06:38:16 PM »
Thanks, am I looking for the Virus name or the file name?

When I typed c:\re11.REG into Move On Boot I got an error message. Should I be using the virus name?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Anybody have this trojan - Win32:RegZonTr[Trj}
« Reply #7 on: October 17, 2004, 07:53:26 PM »
Thanks, am I looking for the Virus name or the file name?

When I typed c:\re11.REG into Move On Boot I got an error message. Should I be using the virus name?

If you right click the file, don't you see an entry 'Delete file on next boot'?
The best things in life are free.

cnw

  • Guest
Re:Anybody have this trojan - Win32:RegZonTr[Trj}
« Reply #8 on: October 17, 2004, 08:56:30 PM »
Right click?  How?  I keep getting the window "A Virus was found" and no matter what choice I make nothing works.  I just ran a boot scan too.

cnw

  • Guest
Re:Anybody have this trojan - Win32:RegZonTr[Trj}
« Reply #9 on: October 17, 2004, 09:12:02 PM »
and then I get "Avast cannot find the file specified"

neal62

  • Guest
Re:Anybody have this trojan - Win32:RegZonTr[Trj}
« Reply #10 on: October 17, 2004, 09:41:07 PM »
Have you disabled your WinXp "System Restore"?. If not then do that, then do what technical has suggested and see if this helps. :)
« Last Edit: October 17, 2004, 09:42:34 PM by neal62 »

cnw

  • Guest
Re:Anybody have this trojan - Win32:RegZonTr[Trj}
« Reply #11 on: October 17, 2004, 09:53:44 PM »
Already did that, thanks

DukeNukem

  • Guest
Re:Anybody have this trojan - Win32:RegZonTr[Trj}
« Reply #12 on: October 17, 2004, 11:01:44 PM »
Hello!

When u chose schedule a boot time scan did u,

tick advanced options
then select ask for action.

You could also try selecting delete infected file.



Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Anybody have this trojan - Win32:RegZonTr[Trj}
« Reply #13 on: October 18, 2004, 12:43:56 AM »
Right click?  How?  I keep getting the window "A Virus was found" and no matter what choice I make nothing works.  I just ran a boot scan too.

Windows Explorer
Go to C:\
Right click the file c:\re11.REG
Choose 'Delete file(s) on the next boot'  :)
The best things in life are free.

cnw

  • Guest
Re:Anybody have this trojan - Win32:RegZonTr[Trj}
« Reply #14 on: October 18, 2004, 02:11:24 AM »
Just tried that and deleted it, hope it stays away.  

I'm just curious why AVAST couldn't do the same after finding it?

Also MoveOnBoot found something that it will delete on the next boot.

Thanks again for your help