Guest Shirley_Crabtree Posted February 6, 2003 Report Share Posted February 6, 2003 I picked up a trojan today when my uncle was downloading something.I thought AVG had sorted it but it hasn't.It's managed to bypass AVG,mess up my system restores and generally make my PC die.All I know is it's called trojan small download.If I try to system restore AVG alerts me that it's there but can't seem to see it when I scan for viruses.I downloaded a prog called Swatit (a trojan/bot detecter) which didn't find it.Anyone have any ideas?I will reformat in the morning if necessary but a fix would be nice....cheers :unsure: Link to comment Share on other sites More sharing options...
Paul Posted February 6, 2003 Report Share Posted February 6, 2003 Ddraigcoch is the expert on this sort of thing - I will let her know you are in touble and if she can help Im sure she will post back.It would be worthwhile awaiting her response before you go and do a format. Link to comment Share on other sites More sharing options...
Guest Shirley_Crabtree Posted February 6, 2003 Report Share Posted February 6, 2003 Thanks for your response Paul,much appreciated.I'm downloading yet another doodad which I hope will find it....Trend Micro HouseCall...fingers crossedRegards. Link to comment Share on other sites More sharing options...
Prince of Calcutta Posted February 6, 2003 Report Share Posted February 6, 2003 try doing an online virus scan at the symantec site or any other sites. Link to comment Share on other sites More sharing options...
mark2 Posted February 6, 2003 Report Share Posted February 6, 2003 If you download Startuplist unzip run it and copy/paste the log on here we can have a look at what you have runnning and deal with it, also try Gladiator A/V which has trojan detection.To finally get rid of it you will have to disable sys restore as it will be in your sys restore points. Link to comment Share on other sites More sharing options...
Guest Ddraigcoch Posted February 6, 2003 Report Share Posted February 6, 2003 Hi ShirleyMy hunch is, this is likely to be the Downloader Trojan, and if it is, then it has backdoor elements. As Mark has said, we're going to need a Start Up List to identify it correctly, but in the meantime, you should disable System Restore and remove all previous Restore points in the C:\Restore_ folder. You'd find its presence in the Registry. Go to start, run and type regedit then press enter. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunAnd look for an entry such as:.inr\(mixture of numbers and letters) It could be more than one prefixed with .inr you'll find, if this is the case, right-click and delete each one you find.It will also be present in HKEY_LOCAL_MACHINE\Software\CLASSES\.inr, again, right-click and delete the folder.You should empty your C:\windows\temp and C:\windows\temporary internet file folders, together with the contents of C:\windows\downloaded program files.I would also change ALL your passwords.If you could then post your log, we can analyse it for further infection. Link to comment Share on other sites More sharing options...
eyespy Posted February 8, 2003 Report Share Posted February 8, 2003 Hi Shirley, you may want to download and run an anti trojan program. It's a free trial and would identify any trojan and give you some piece of mind. AVG is not known for it's trojan detection. Try one of these and let us know how things turn out. TDS and Trojan Hunter are 2 A/T's I'd recommend !! http://tds.diamondcs.com.au/or http://www.misec.net/index.jspregards, bill :) Link to comment Share on other sites More sharing options...
Boris Posted February 8, 2003 Report Share Posted February 8, 2003 eyespyHe sorted this last night but the posts have been lost in the site move back here. Link to comment Share on other sites More sharing options...
Guest Shirley_Crabtree Posted February 8, 2003 Report Share Posted February 8, 2003 Yes,I ended up reformatting as,although I got rid of the trojan,it had damaged the way things were working on my PC to such an extent that I decided this was the only way forward.All suggestions/remedies were very gratefully received though,thanks to all who contributed,especially Ddraigcoch....you certainly know your stuff :D Thanks.Edit...Oh and thanks Boris :P Craig this can be locked now....cheers. Link to comment Share on other sites More sharing options...
Paul Posted February 9, 2003 Report Share Posted February 9, 2003 Paul does best Craig/Madboy impersonationTopic Closed ;) :D :P Link to comment Share on other sites More sharing options...
Recommended Posts