Help: Downloader.Trojan remove

Hi all, just in the last days I discovered on my mobile: PIV 3,4 1Gb Ram XP Pro SP1, a Downloader.Trojan Virus, Norton Antivirus Corporate Edition found it but cannot delete it. I found DTS-3 and your web site trough Google search engine, with the demo version of DTS-3, running in safe mode, It discovered the same trojan virus located into 1FSDD.DLL file, but also DTS-3 was unable to delete this trojan virus.

Do you have any idea/suggestion how to remove it.....??

I appreciate any help about.

Thanks

TexWiller

 

Did you turn system restore off before trying to clean? Could be sitting in a restore point Just a guess? It's mentioned here http://securityresponse.symantec.com/avcenter/venc/data/downloader.trojan.html but no cant find the dll file on google!

 

Hi TexWiller, You can get this free tool "DelLater" from DiamondCS:
http://www.diamondcs.com.au/index.php?page=dellater

HTH Pilli.

Quote from the web page:
DiamondCS DelLater is a simple program that uses the only method that Microsoft recommend to delete files that are in use. This method is based on documentation from Microsoft that describes a function called MoveFileEx, and DelLater has been carefully designed to be technically accurate to the guidelines set forth in the article. Interestingly, this is the technique used by anti-virus scanners when they're unable to delete a file (such as a trojan) because it's in use. Although the MoveFileEx function isn't supported under Windows 95/98/ME, the article does describe how to implement the same functionality, which DelLater does. Don't worry if you don't understand the Microsoft article as DelLater simplifies everything.

DelLater is the ideal program to use when you can't delete a file, no matter how hard you try. This is usually because an active process has an open handle to the file which prevents it from being deleted. Normally if you close down all running programs you'll find that most files will then be free to delete, but that's not always the case, and in some cases it may even be a trojan that's preventing itself from being deleted.

To DelLater A File...

1. Run dellater.exe <filename>
2. Reboot (whenever you like).
That's all that's required. After rebooting and logging in you'll be able to see that the file you specified is no longer there.

 

Thanks for your quickly reply, I done it but without any good success....


The virus is tille present.....

Thanks again

TexWiller

 

OK, So the next thing to do is follow the instructions in this post:
https://www.wilderssecurity.com/showthread.php?t=50662

Please let us know if it is successful

 

Many thanks to Pilli DCS moderator, the infected file within Dowloader.Trojan virus was deleted.



Thanks again

TexWiller

 

I'll tell you what I ended up doing, this after undoing the Restore and booting up in safemode.
All that I did was download a trail Trojan Remover app and ran it just once - no problems since