Hi guys having a few problems with this "Trojan.Popuper", I was infected and both my NOD32 and Spydoctor finally found it. They say it is deleted after scan but on reboot the computer is reinfected again. Anyone know how to remove for good?

Cheers Sliyde

I know next to nothing about these security issues but I was able to put an end to my trojandownloader infestation (I hope) by deleting related entries from the registry. Do an internet search on your trojan and see if you can get some directions for removal. Find out what files are associated with it and search your files and the registry for them and delete, if that is recommended.

@Slyide

Hello.

Open Control Center and click on Update -> Update now to ensure your NOD32 is up to date.

Make sure your settings are the same as listed in this tutorial (http://www.wilderssecurity.com/showthread.php?p=450664#post450664).

Boot Windows in Safe Mode (http://support.microsoft.com/kb/315222) , Open Start -> Programs -> ESET -> NOD32
Make sure it uses "Control Center profile" and push Scan&Clean of all your hard drives . NOD32 will take care of all threats found .

HiTech_boy/Anyone: When is System Restore an issue for making an AV issue Re-appear after you think it's been removed? Not mentioned here so there must be a reason. Thanks.

-{ Quote: "HiTech_boy/Anyone: When is System Restore an issue for making an AV issue Re-appear after you think it's been removed?" }-

If the restore point is used . Most likely it is not the restore but a stubborn infection. Let's wait for the OP :thumb:

Hi guys sorry been flat out at work...

Well i did what was suggested. Tweaked the settings and ran NOD32 in safe mode didnt pick up anything all seemed fine for a couple of days... Did a scan with Spy doctor last night tho and 15 infections of the same Trojan. Spy doctor removed them but i know it's just waiting for me to restart again >< NOD just dosnt seem to be deceting it at all.

-{ Quote: "Did a scan with Spy doctor last night tho and 15 infections of the same Trojan. Spy doctor removed them but i know it's just waiting for me to restart again >< NOD just dosnt seem to be deceting it at all." }-


Who know what exactly Spy Doctor detected - some reg entries or something really innocent ?

http://img229.imageshack.us/my.php?image=ss1qp7.jpg

http://img511.imageshack.us/my.php?image=ss2ht5.jpg

Thanks for the screenshots . It appeared true . Spyware Doctor found reg entries which NOD32 does not detect because they are innocent and useless without the files.

I think NOD32 has deleted the most important from this threat . You can also run SmithfraudFix

-{ Quote: "
1. Please go to the NOD32 Control Centre (Start> All Programs> Eset> NOD32 Control Centre)
2. Click on AMON> Setup> Options (tab)
3. Untick "Potentially unsafe applications" (version 2.7).
4. Click on OK.
5. Click on IMON> Setup> Miscellaneous (tab)> Scanner Setup> Setup (tab)
6. Untick "Potentially unsafe applications" (version 2.7).
7. Click on OK.
8. Click on OK
" }-

Download the Smithfraudfix from http://siri.urz.free.fr/Fix/SmitfraudFix.exe
, boot in Safe Mode , run it . Choose button 2 to clean and follow the instructions .

After that you should be OK .

The above instructions are from here (http://www.wilderssecurity.com/showthread.php?t=178177) . Good luck!