Trojan Downloader

[thescruff]

I found the two Perflib ones but they won't delete.

Says they are being used in another program.

[dave.m]

If you have found two of them, use MoveOn Boot to shift them:

http://www.softpedia.com/get/System/Boo ... Boot.shtml

Download it and then go back to where you found the files and right click on them and click MoveOnBoot in the menu. Just follow the instructions and it should shift them.

The other one will show in the System 32 folder, but they will be hidden files.

To show hidden files:

Windows XP and Windows 2003

To enable the viewing of Hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Windows Vista

To enable the viewing of Hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Click on the Start button. This is the small round button with the Windows flag in the lower left corner.
3. Click on the Control Panel menu option.
4. When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:
1. Double-click on the Folder Options icon.
2. Click on the View tab.
3. Go to step 5.

If you are in the Control Panel Home view do the following:
1. Click on the Appearance and Personalization link .
2. Click on Show Hidden Files or Folders.
3. Go to step 5.

5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
6. Remove the checkmark from the checkbox labeled Hide extensions for known file types.
7. Remove the checkmark from the checkbox labeled Hide protected operating system files.
8. Press the Apply button and then the OK button and shutdown My Computer.
9. Now Windows Vista is configured to show all hidden files.

Go to My Computer and double click the C: drive and open the System 32 Folder. Have a look for the entry with the trojan but make sure you only right click on that one and use MoveOn Boot again.

dave

[thescruff]

Ok Dr web is running slowly at the moment.

Will have to wait till it's finished.

The one I can't find is.

c/windows/system32/config/system.log.

is that the one I should be looking for

[dave.m]

Dr Web may have the power to remove them, but if it cannot, then use the MoveOnBoot.

Off to bed now but will check this thread in the morning.



dave

[thescruff]

The speed it's going I might do the same thing

[thescruff]

None of that worked

In the end I did a system restore, back a week, and although the files are still on the computer they're not infected any more

[asinine]

I'd be very careful of using system restore whilst infected with malware, they usually sit in there waiting for it.

[thescruff]

Ran a full scan over night with super antispy ware and it found 3 different Trojens, but no sign of the Trojen-downloader, also did a scan with Malwarebites and that came up clean as well.

Will see how it looks at the weekend, just got to find where it came from now.

[dave.m]

A system restore point is a snapshot of your system at the particular moment it is set.
It may contain snapshots of any virus or spyware that is on your computer BUT they cannot infect your computer UNLESS you do a system restore back to the SR Point that contains the snapshot.
SAS does scan the SR points and so a snapshot of anything malicious will show up in its report, but it cannot remove them because they are only a picture.

Now is the time to clear (purge) all your system restore points and then set a new one.

Not sure which OS you have so:

Purging System Restore

To remove all SR Points thus removing any contaminated ones:

In XP:
Start -> Control Panel -> Performance & Maint. -> System -> System Restore tab
Tick Turn Off System Restore -> Apply -> OK. Then reboot your computer.
Follow the instructions above but this time untick the Turn Off SR box. No need to reboot this time.
Then set a new Restore Point:
Start -> All Programs -> Accessories -> System Tools -> System Restore -> Create a restore point.
Give it a name and click Next.

In Vista:
Follow these instructions.
Then set a new restore point by following these instructions

Once that is done, run a Quick Scan with MBAM and then a Quick Scan with SAS. They should only take abouit 7 to 12 minutes each.

dave

[handyman]

downloaded and put that malwarebytes programme on my pc and it found 38 'things'. These 'things' have now been removed.

[thescruff]

Run it again Handyman to make sure it has removed them.

[handyman]

Run it again Handyman to make sure it has removed them.

Done, and nothing found.

[dave.m]

Handyman,

Now your computer is 'Clean', it is time to remove the old system restore points because you could accidentally restore to one that has an infection snapshot, if you forget and need to restore back , in the future.

Follow my instructions in the post above and start with a clean restore point.
dave

[handyman]

ffs its never ending

[dave.m]

I know what you mean.
But a system restore point that has a snapshot of a trojan or other infection is quite safe and cannot corrupt your computer, UNLESS you forget about it and do a restore to that point, then all your work starts again.
So it is best to remove them.

dave