Announcement

Collapse
No announcement yet.

Stubborn Trojans

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Stubborn Trojans

    Alright, hate asking things in PC Advice but I'm stumped right now.

    On my home computer I ran AVG (updated too) and it found the following:

    Belt.exe Trojanhorse Downloader. Stubby.A
    A0303668.CPY Trojanhorse Downloader.Revop.A

    Now AVG says its going to restart the PC to get the crap off, but upon reboot and another scan, these trojans are still there. So, I went into Safe mode and tried deleting with no luck. Manual deletion doesn't work either from safe or otherwise, I get the same message: Access denied, source file may be in use, cannot delete, you know the one.

    So, options?
    Tags: None
    #2
    Tried a different AV program? Give something like McAfee a go. Any unusual processes running in task manager?

    Comment

      #3
      Have you checked the startup settings in the registry?

      I had to delete allsorts of stuff out of there before the clean up would actually completely clean up when I was fixing my neighbours virus infested PC lately.

      I think there here:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

      and

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce

      But there might be other bits under the different HKEY_ thingies.

      Comment

        #4
        yeah, the goold old start > run > msconfig allows you to easily see what's running at start-up in the various registry keys.

        If in doubt about some of the ones in the process list in taskmanager, go on to google and type in the executable's name. Then it'll tell you what it is. Also, some MS office processes reinstall themselves even after you've deleted them from the registry keys. Don't worry about these. You have to go onto to MS's website to find out how to remove these (they're mostly pointless anyway, to do with alternate methods of device input into office).
        Last edited by Crispin; 31-05-2004, 23:05.

        Comment

          #5
          I forget what I had after reinstalling windows recently (5mins online sans wall with an unpatched xp is lethal, heh), but my registry was riddled with references to wuamgrd.exe. Check the various keys Ish suggested to find anything out of the ordinary then search the whole reg for it.

          And Msconfig can't hurt.

          AVG got rid of the virus, for what it's worth, but didn't clean up the registry. I shouldn't think mcafee will?

          Comment

            #6
            If you have system restore enabled, sometimes it will keep restoring the trojan
            every time you delete it.

            Make sure system restore is disabled and delete the trojan keys that hijackthis
            shows. A good AV like NOD32 set at deep heuristics should help too.

            Comment

              #7
              run startup mechanic... To clean any processes that are run on boot once you've disabled anythign that could have some link to the trojan you wanna remove run your remover again have another go at deleting it....

              Comment

                #8
                Thanks everyone

                Should have this sorted shortly

                Comment

                Previous template Next
                Working...
                X

                We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                I Agree