Help...trojan!

[Guest Shirley_Crabtree]

I picked up a trojan today when my uncle was downloading something.

I thought AVG had sorted it but it hasn't.

It's managed to bypass AVG,mess up my system restores and generally make my PC die.

All I know is it's called trojan small download.

If I try to system restore AVG alerts me that it's there but can't seem to see it when I scan for viruses.

I downloaded a prog called Swatit (a trojan/bot detecter) which didn't find it.

Anyone have any ideas?

I will reformat in the morning if necessary but a fix would be nice....cheers :unsure:

[Paul]

Ddraigcoch is the expert on this sort of thing - I will let her know you are in touble and if she can help Im sure she will post back.

It would be worthwhile awaiting her response before you go and do a format.

[Guest Shirley_Crabtree]

Thanks for your response Paul,much appreciated.

I'm downloading yet another doodad which I hope will find it....Trend Micro HouseCall...fingers crossed

Regards.

[Prince of Calcutta]

try doing an online virus scan at the symantec site or any other sites.

[mark2]

If you download Startuplist unzip run it and copy/paste the log on here we can have a look at what you have runnning and deal with it, also try Gladiator A/V which has trojan detection.

To finally get rid of it you will have to disable sys restore as it will be in your sys restore points.

[Guest Ddraigcoch]

Hi Shirley

My hunch is, this is likely to be the Downloader Trojan, and if it is, then it has backdoor elements.

As Mark has said, we're going to need a Start Up List to identify it correctly, but in the meantime, you should disable System Restore and remove all previous Restore points in the C:\Restore_ folder. You'd find its presence in the Registry. Go to start, run and type regedit then press enter. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

And look for an entry such as:

.inr\(mixture of numbers and letters)

It could be more than one prefixed with .inr you'll find, if this is the case, right-click and delete each one you find.

It will also be present in HKEY_LOCAL_MACHINE\Software\CLASSES\.inr, again, right-click and delete the folder.

You should empty your C:\windows\temp and C:\windows\temporary internet file folders, together with the contents of C:\windows\downloaded program files.

I would also change ALL your passwords.

If you could then post your log, we can analyse it for further infection.

[eyespy]

Hi Shirley,

you may want to download and run an anti trojan program. It's a free trial and would identify any trojan and give you some piece of mind.

AVG is not known for it's trojan detection.

Try one of these and let us know how things turn out. TDS and Trojan Hunter are 2 A/T's I'd recommend !!

http://tds.diamondcs.com.au/

or

http://www.misec.net/index.jsp

regards,

bill :)

[Boris]

eyespy

He sorted this last night but the posts have been lost in the site move back here.

[Guest Shirley_Crabtree]

Yes,I ended up reformatting as,although I got rid of the trojan,it had damaged the way things were working on my PC to such an extent that I decided this was the only way forward.

All suggestions/remedies were very gratefully received though,thanks to all who contributed,especially Ddraigcoch....you certainly know your stuff :D Thanks.

Edit...Oh and thanks Boris :P

Craig this can be locked now....cheers.

[Paul]

Paul does best Craig/Madboy impersonation

Topic Closed ;) :D :P