Computer idiot needs help

Discussion in 'malware problems & news' started by wbpool, May 5, 2005.

Thread Status:
Not open for further replies.
  1. wbpool

    wbpool Registered Member

    Joined:
    May 5, 2005
    Posts:
    8
    Sorry, I've tried searching so I wouldn't have to bother you all. I have a trojan, and am not sure how to get rid of it. It is located in an archive.

    This is what it's called (where it is):

    C:\Documents and Settings\warren\Local Settings\Temp\alchem.cab\alchem.exe Infection: Trojan-Downloader.Win32.Alchemic


    Any assistance you can give me would be greatly appreciated.

    Thanks!
     
  2. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Welcome to Wilders!! :D


    I recommend doing a full scan of your system with a good Anti-Virus and an Anti-Trojan. It would be better if you scanned in safe mode too.

    If you need a good anti-trojan, I recommend Ewido (www.ewido.net). You may want to scan with some Anti-Spyware software as well (Ad-Aware, Spybot S&D, MS anti-spyware).

     
  3. wbpool

    wbpool Registered Member

    Joined:
    May 5, 2005
    Posts:
    8
    Thanks Capp.

    I have the ad-aware, and spybot, and I have an antivirus program through my internet provider. This trojan has been on here awhile, before I switched to my current IP and had the current antivirus program.

    Can I install the anti-trojan, with my current antivirus program too?
     
  4. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    No Problem, Glad to help.

    Is the Anti-Virus (through your ISP) installed on your system on theirs? If it is theirs, I strongly recommend getting one for your local system. If you already have one, may I ask which one? :)

    You can install the Anti-Trojan with the Anti-Virus already installed and you shouldn't run into any problems.
     
  5. wbpool

    wbpool Registered Member

    Joined:
    May 5, 2005
    Posts:
    8
    I believe it is on my system. It is through Charter, and is the Charter High Speed Security Suite, it also say F-Secureo_O Does this help you at all?

    My program detects the virus, it just won't let me delete or rename, because it is in an archive. This is when I wish I knew more about this stuff! LOL!
     
  6. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Well, You have come to the right place to learn more about security. ;)

    F-Secure isn't my personal top-pick, but it'll work just fine for most users :)

    Download and install Ewido then do an "update".

    Reboot your PC into safe mode and do a full scan with your AV and Ewido.
    It should be able to detect and remove it without any problems, but let us know how it goes and if you need any more help

    Good Luck!
     
  7. wbpool

    wbpool Registered Member

    Joined:
    May 5, 2005
    Posts:
    8
    Dumb question Capp.....what is safe modeo_O

    I know, you're working with a real genious here! LOL!
     
  8. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    LOL!! It's quite alright. You are still learning and I am happy to teach what i can.

    Safe Mode...is a way for windows to start up loading only the absolute necessary components and programs for it function properly. Meaning, if you had something malicious running and you couldn't kill it, booting in safe mode would keep it from starting up and allow you to get rid of it.

    When you reboot your computer, before the Windows Splash Screen, hit F8 on the keyboard (in fact, to make it easier, hit F8 a few times before windows starts loading). You will be taken to the boot options and just use the arrow keys to select "Boot in Safe Mode" and hit enter.
    Don't worry about not knowing... We had to learn it too ;)
     
  9. wbpool

    wbpool Registered Member

    Joined:
    May 5, 2005
    Posts:
    8
    Thanks. I've downloaded, installed, updated, and am reday to re-boot. Thanks so much for your help. I'll let you know what happens.
     
  10. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Good Luck!!!

    Always glad to help and definitley let us know how it goes :D

    We'll be anxiously awaiting your status :ninja:
     
  11. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
  12. wbpool

    wbpool Registered Member

    Joined:
    May 5, 2005
    Posts:
    8
    Well, I ran the ewido program in safe mode, and it found lots of stuff including 2 trojans...but not the original trojan I wrote about. When I rescanned in the F-Secure, the trojan alchemic file still popped up. So then, I went into ewido, and specifically selected that folder to scan, and still, it did not detect it.

    Some time ago, almost a year ago already, I had problems with a virus (probably a trojan), and I was unable to get my printer/scanner to work. I followed directions on the HP website and selected specific files to delete and copy from a disk (not sure if it was my HP printer disk, or a Windows one). I am almost certain that the alchemic file was one of them. Don't know if I should be concerned or not.

    More reasons that someone like me should not be deleting and copying files when they don't know what they're doing! LOL!

    Thanks again for all your help. I'm not certain what I should do now.
     
  13. wbpool

    wbpool Registered Member

    Joined:
    May 5, 2005
    Posts:
    8
    Hi Primrose--I followed your links. I don't have the ad-aware SE. I am going to try taking it off in safe mode. Thanks!
     
  14. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Good give it a try..and then follow the leads Capp gave you and let us know how you make out..and if ever again you do question a file...like that hP thingie..just let us know and someone I am sure will have run into it before.
     
  15. Happy Bytes

    Happy Bytes Guest

    I don't think that Ewido scans CAB files... At least not the free version.
    However, this cab is NOT needed for your system, so just delete it manualy:

    C:\Documents and Settings\warren\Local Settings\Temp\alchem.cab
    (delete the whole cab file)

    Please remember, that you have to enable hidden & system folders in the folder display options inorder to see & access the "Local Settings" Folder...

    BTW... this trojan is as dangerous in this Cabinett file as flyshit on your desk, so don't worry, just delete this file!
     
  16. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Thanks guys for continuing helping this guy while I was away :)

    Sorry Ewido didn't catch it, no biggie though.

    Just do as Happy Bytes said and delete it and you should be fine.

    Don't hesitate to ask if you have any questions or need further help :D

    Take care
     
  17. wbpool

    wbpool Registered Member

    Joined:
    May 5, 2005
    Posts:
    8
    Thanks so much! I'm all clear.

    I had to LOL about the danger of my virus, happy bytes.

    I've bookmarked this site for future help, you are a real nice bunch. I'm sure I won't be able to come to anyone else's rescue anytime soon, but I sure appreciate you coming to mine!
     
  18. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    We are glad you are here and visit as often as you like. You can really learn a lot from this forum and all 30,000+ members.

    We're glad you are clean now and good luck!!

    See You around :)
     
  19. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.