Win32:Trojano-803 [Trj] C:\temp\NCasePackage.exe

[Amadeumc]

Hi fellas
How can i remove this trojan forever
im using avast 4.5 home and all updates installed

Plz help me
thanks

[Eddy]

Click on the link in my signature and visit the malware removal section.

[Amadeumc]

Thanks bro !
I installed spybot and some shit was founded
I think my download acellerator was infected, than i remove him

Now i think im clean
thanks

[Amadeumc]

Man the trojan is back !
I cant remove or do nothing with the avast
and the spybot dont detect this one
i installed the Spyware Blaster

But this shit is returning
what more can i do ?
thanks

[Eddy]

Do as I suggested that will remove it. And be carefull with what websites you visit, what you download/install etc.

[kiwikid]

Excuse me for jumping into your post, but I got the same trojan today when trying to download lyrics to a song. A Macromedia window appeared and stated I could not see the site unless I clicked yes. Although something stuck in my mind that it wasn't right about the box, I clicked yes, it started to download, I got panicky and tried to stop it.  Avast 4.5 made a warning noise and immediately put a box up on my screen telling me of this virus and recommended moving it to Virus chest. [ Brilliant catch by Avast - really impressed   ]

Closed browser, disabled system restore, ran Avast in boot time scan, chose 1. delete [my isp said that the C:\temp\.. files were not vital so could use delete in this instance.]
Ran Adaware = found 4X BlazeFind malware in RegKey[2], RegValue[1], + file in C:\Windows\System32\ide21201.vxd. Got Adaware to delete the regkey and regvalue ones and chose to run spybot to fix the ide21201.vxd file which it did. Re-ran Adaware, Spybot, Avast again and all came up clean.

Now can I go into the Virus Chest and delete the trojan that appears to still be in the chest even though Avast deleted it in boot time, and came up clean when I ran it again?
It says this will delete it irreversibly, ie. not removed to recycle bin.

PS:Adaware also found 3x WindUpdates malware [data miners, TAC8].
Do go on a bit don't I? sorry.

[Lisandro]

Now can I go into the Virus Chest and delete the trojan that appears to still be in the chest even though Avast deleted it in boot time, and came up clean when I ran it again?
It says this will delete it irreversibly, ie. not removed to recycle bin.

Yes, you can delete from Chest.
But, if you're not sure that it was a malware, wait few days to do it.
It won't harm in anyway if it's on the Chest  

[kiwikid]

Thanks for the prompt reply Technical  
My computer is functioning ok. Will leave it in the chest for the moment as I don't feel threatened by it.

I'm living proof that it is the User's actions, more than the OS, which gives you more grief. My first virus!  

[REDACTED]

I keep getting the above virus. At 10:37 every night, avast goes off saying that it is infected with the file. I've tried deleting it, says its not  valid, try moving to the chest, says its not valid. Tried running all those programs listed on your site Eddy last night, and it came up proptly at 10:37 again tonight. Tried running in safemode tonight and running avast from there, so i guess i'll find out at 10:37 tomorrow if it really got rid of it.. I'm just about to just wipe the whole system and start over. this is the first virus I have ever received, and of course its on my 2 week old brand new computer  Any other suggestions? I've ran every possible program, avast, antivirus, all those on Eddy's site, ad-aware, lavasoft's program. Nothing will get rid of the Ncasepackage.

[DavidR]

Have you run HiJackThis and used the log file analyser from Eddy's site? I strongly doubt it, HiJackThis is the best tool for removing items in the registry and this sounds like something is kicking this off (running at 10:37) and that is likely to be a registry entry.

Have you tried scheduling a boot-time scan?

Did you try finding ncase removal tools/advice using google? This is just one of many I found http://www.pchell.com/support/ncase.shtml, google is your friend learn to use the tools. Would you care to guess what they are doing to remove this, yes, editing the registry. This is what HiJackThis does without you having to do it manually!

[Eddy]

Have you disabled system restore before running the applications?
If you follow the instructions on my website, it will be gone. And it won't come back unless you make a mistake. eg by visiting a bad website, install a with malware infected application or such.

[REDACTED]

Yes, I did run Hijack, but i couldn't understand anything it was displaying. After I got the virus again last night i turned off the system restore, so it probably won't fix that until tonight when it goes off again and i try to get rid of it.  Thing i dont understand is I can't delete/repair/move to chest via avast.

[Eddy]

Thing i dont understand is I can't delete/repair/move to chest via avast.

Yes you can, but you must disable the harmfull process first.

[watchthisspace]

Have you tried an online virus scan?
Go here for a Trend micro online scan: http://housecall.trendmicro.com/housecall/start_corp.asp
Also, have you tried deleting youe temp files? that might help

[inthewildteam]

Try reboot into safe mode command prompt/  or dos.......... depending on your os.

From command prompt type "del c:\temp\*.*"  no quotes.  press enter!

Reboot into Windows and delete your I.E cache then try a full scan, (or alternative browser's cache)

If you are using M.E. XP, disable system restore first, as posted above.