New Here - Computer Idiot - Have Trojan - Cant get rid of - HELP, pleeze

ok, following your instructions... mine was already selected...

i do recall friday when this all came down, seeing a Temp Files folder and w/in that was the Temp Int Files folder...

but i still dont see "the path in the screen shots".. is that in a previous post?

 

blue - looking back over previous posts too see if i missed something about deleting the temp files and i came across this, which i have not done yet...

i'm at that page... how do i know which one to use? see next question, however, before answering, lol!

how do i tell which version i have? i did download the service pack when it first became available, whenever that was...

and what am i going to be doing with this??

 

The Temp folder is located at C:\Documents and Settings\karen\Local Settings\. C:\Documents and Settings\karen\Local Settings\ is generally referred to as the path - think of it in the literal terms. Don't delete the Temp folder, just the files in it.

Blue

 

ok - yes, i've seen that folder. so it is ok to delete the files w/in it? doing so now!

 

oooh, my!!! there are a bazillion temp folders w/in the temp folder!!! they are labeled from "aaa" to "aaz", begin again at "aba" to "abr"... there are also some files with names like: ICD1.tmp, ins3.tmp, isp13.tmp... are those temp files, too? or should i just concentrate on deleting the temp folders WITHIN the temp folder? LOL!! sheesh...

 

blue asked how my system was running - and its been ok today. but now i've just gotten what i believe to be a virus/spoof email.. it is not addressed to me directly but says my emails are going to their account (ya, right) and of course, there is an attachment... so KAV is not scanning my email? and i cant run it and AVG at the same time? AVG must've been scanning my emails cuz i've not gotten an email like this in a long time.

 

It's a Temp folder. Anything in there is a transient. Some files may be locked if in use by other programs at the moment.
Were any locked?

If there are a number of folders under TEMP, take a screenshot and post it, otherwise just list them here, just want to make sure nothing is being missed.

Blue

 

ok, since i'm now so 'screenshot' smart, i'll snap them!


ug - so many folders (BTW, some of them are empty!)

 

temp folders - snap #2

 

temp folders snap #3

 

temp folder snap #4

 

here is example of whats in temp folder .aaa (it seems these files are in all the folders that have stuff in them.... but i didnt check each one...)

 

and here is a snap of something that was curious - a temp folder in a temp folder in a temp folder....

 

Hi KathyL and Blue,

I use ccleaner to clean out all my temp files. With the latest version, I turn off Firefox cookie cleaning since I manage the cookies myself. Otherwise it is very reliable for cleaning out all of the temp files quickly. It can be run in safe mode if one of the trojans is holding on to a file. It has seperate analyze and clean functions.

http://www.ccleaner.com/

Just another idea, but Blue is running the show right now. Continued good-luck Kathy. I looks like everything is going well.

Rich

 

do you think so? i feel like i'm getting deeper and deeper... i'm visiting a website right now that is supposed to have pictures, but i cant see them. would this be a KAV thing?

 

Hi KathyL,

Well, things are still in a incomplete state, so just hang in there. You should be able to clear out all of the malware and bring your system back to a stable state. After that, you can see what is happening. Until everything is complete and you have completely restarted, it is difficult to say what is happening where. At this time, you probably shouldn't do anything with your system until all malware is removed. Remnants can cause all kinds of trouble. In fact, you should probably re-run a KAV scan to make sure everything is gone and don't do any browsing or anything until the system is free and clear. (I would recommend a scan with another product - such as Ewido).

Rich

 

For the moment, you can keep the following folders: Cookies, History, SelectFiles (what's in this one? Anything unexpected?), VBE, Word 8. Delete all other folders.

Blue

 

'selectfiles' is one of those empty folders... it is very late here and i forgot to make up my new work-out routine for the morning, so that is what i will be working on.

will anyone be around in the morning or are all of you work-away from home-ers?

 

I can't speaker for others, I'm here to ~ 7:40 AM east coast US time, then away for the day. You are in good hands with KAV active, so don't worry too much, hopefully this is pure housekeeping cleanup phase.

Blue

 

new development - i've not made any changes to my system since yesterday (waiting to hear back from blue on some things he's told me to do), but i was closing a browswer window (yes, i'm still browsing!!) and i got this - see 'snap' (i cant view the attachment so i dont know what it looks like... )

 

ok, i've gone in and deleted all but the above folders - BUT - i have a mazillion FILES just hanging around!! i've attached three sample pages of those...

 

temp FILES in temp folder - AFTER deleting folders sample #2

 

sample #3

 

Kathy, download the cleaner (it's free) that Rich gave you a link to here: http://www.ccleaner.com/, it will be a lot easier to delete much of the garbage that accumulates on a computer over time. A screenshot of CCleaner:

 

Hi KathyL,

While it is difficult to avoid browsing at this time, I would strongly advise it. The system is not stable at this time. If I were you at this time, I would:

1) Clean all temp files with ccleaner.

2) Run KAV again, to make sure there is nothing left that KAV can detect.

3) Run Ewido in safe-mode.

4) Restart

5) Run KAV one more time.

If everything is clean - you can probably browse again. If not, then more work needs to be done.

Because I am familiar with RegSeeker, I personally would run RegSeeker to remove remnants from my registry. I will leave it to my fellow forum members to suggest otherwise.

Bottom-line: the system is still unstable and until it is clean and stable, will yield unpredictable results which may actually cause more confusion. So patience is probably necessary at this time.

Rich