Trogan horse

Marlene2 · 04-12-2005, 06:46 AM

One of our computers runninng ME. has a trogan horse virus. Doesn't seem to be affecting the performance of the computer (Yet) but like to get it off. We have:

Avg anti virus
spy sweeper
ad-aware
spybot
ccleaner

Avg is what picked it up, it lets you quarantine it but unable to delete file.
File path:

C:/Restore/Temp/ (Backup copy infected)
Trogan horse Downloader.Small.28.BQ
A0010582CPY

Can this be deleted out of Registry?, and if so, which heading would it be under?

If any one can help, we would greatly appreciate it!
Thanks,
Marlene2

~~whodat~~ · 04-12-2005, 06:59 AM

try housecall on line checker and or macfree. try deleting it safe mode.

**jgvernonco** · 04-12-2005, 08:18 AM

It's in your system restore.

Try this:

Go to Start->Settings->Control Panel and double-click on the System icon. On the Performance tab click File System. Click the Troubleshooting tab, and then check Disable System Restore. Click OK. Click Yes when you are prompted to restart Windows. When we have confirmed that your log file is clean, you may enable System Restore again by following the same steps as above except you should uncheck Disable System Restore.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Then run the scan again and see if it comes up clean.

If so, set a new restore point.

If not, we may need an HJT log to see where this thing is hiding.

Let us know, either way, please!

I am going to move this over to HJT Help, just in case.

Marlene2 · 04-12-2005, 09:47 AM

Thanks jgvernonco,
I'm running the steps as you suggested.....will post back

Marlene2 · 04-12-2005, 10:32 AM

Ok, I disabled Sys. Restore, ran ccleaner and than reran AVG. The report comes up clean, no virus but the trojan horse is still showing in the AVG vault.

~~whodat~~ · 04-12-2005, 11:05 AM

did you try trend micro's housecall yet? free on line scanCLICK ME HERE

Marlene2 · 04-12-2005, 11:32 AM

UPDATE

System is now trojan horse free.....:)
After running steps above I was able to delete trojan from AVG vault.
Went back into control panel and unchecked disable restore.
Set a new restore point, and reran AVG. Report came up clean and vault was empty. THANK YOU jgvernonco very much for your help.
Thanks whosdatknocking for your advice also. Didn't try it, but did save it for future help.

THANKS AGAIN!
Marlene2

04-12-2005, 06:46 AM	#1 (permalink)
Marlene2 Registered User Join Date: Feb 2005 Posts: 90 OS: xp-me-98	Trogan horse One of our computers runninng ME. has a trogan horse virus. Doesn't seem to be affecting the performance of the computer (Yet) but like to get it off. We have: Avg anti virus spy sweeper ad-aware spybot ccleaner Avg is what picked it up, it lets you quarantine it but unable to delete file. File path: C:/Restore/Temp/ (Backup copy infected) Trogan horse Downloader.Small.28.BQ A0010582CPY Can this be deleted out of Registry?, and if so, which heading would it be under? If any one can help, we would greatly appreciate it! Thanks, Marlene2

04-12-2005, 08:18 AM	#3 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,958 OS: Vista Home Premium, SP 27	It's in your system restore. Try this: Go to Start->Settings->Control Panel and double-click on the System icon. On the Performance tab click File System. Click the Troubleshooting tab, and then check Disable System Restore. Click OK. Click Yes when you are prompted to restart Windows. When we have confirmed that your log file is clean, you may enable System Restore again by following the same steps as above except you should uncheck Disable System Restore. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes. Then run the scan again and see if it comes up clean. If so, set a new restore point. If not, we may need an HJT log to see where this thing is hiding. Let us know, either way, please! I am going to move this over to HJT Help, just in case. __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt

04-12-2005, 11:05 AM	#6 (permalink)
~~whodat~~ Register user Join Date: Mar 2005 Posts: 5,931 OS: XP	did you try trend micro's housecall yet? free on line scanCLICK ME HERE Last edited by whodat; 04-12-2005 at 11:18 AM.

04-12-2005, 06:59 AM	#2 (permalink)
~~whodat~~ Register user Join Date: Mar 2005 Posts: 5,931 OS: XP	try housecall on line checker and or macfree. try deleting it safe mode.

04-12-2005, 09:47 AM	#4 (permalink)
Marlene2 Registered User Join Date: Feb 2005 Posts: 90 OS: xp-me-98	Thanks jgvernonco, I'm running the steps as you suggested.....will post back

04-12-2005, 10:32 AM	#5 (permalink)
Marlene2 Registered User Join Date: Feb 2005 Posts: 90 OS: xp-me-98	Ok, I disabled Sys. Restore, ran ccleaner and than reran AVG. The report comes up clean, no virus but the trojan horse is still showing in the AVG vault.

04-12-2005, 11:32 AM	#7 (permalink)
Marlene2 Registered User Join Date: Feb 2005 Posts: 90 OS: xp-me-98	UPDATE System is now trojan horse free.....:) After running steps above I was able to delete trojan from AVG vault. Went back into control panel and unchecked disable restore. Set a new restore point, and reran AVG. Report came up clean and vault was empty. THANK YOU jgvernonco very much for your help. Thanks whosdatknocking for your advice also. Didn't try it, but did save it for future help. THANKS AGAIN! Marlene2