help needed to remove Trojan horse.Downloader.Nex.B

Discussion in 'malware problems & news' started by gallen, Sep 3, 2004.

Thread Status:
Not open for further replies.
  1. gallen

    gallen Guest

    anyone got any advice on removing this trojan horse. I can find it using AVG antivirus scanner but cannot remove it. AVG says that the file cant be healed and, when trying to move it to a virus vault to delete the file, a small window says that the file cannot be removed.
    Files name is C:\RESTORE\TEMP\A0007470.CPY
    I am running a PC with Windows ME. I've already tried to remove the file using AVG while operating in safemode in case the file is in use at the time, but AVG still cant remove it. Also tried searching for the file manually so I can delete it manually but computer cant find it. Also tried using the vcleaner.exe software from AVG website to find the trojan and remove it, but this software doesnt see my trojan horse.
    What do I do?? Any advice??

    Thanks for your help in advance.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,721
    Location:
    Texas
    Here is something you could try.

    The process depends on the operating system:

    Windows ME

    1. Right click on the "My Computer" icon on the Windows desktop and click "Properties"
    2. Click on "Performance">"File system"
    3. Click "Troubleshooting"
    4. Check "Disable system restore"
    5. Click on OK, Close and restart the system

    Note: It is recommended to return to the standard behaviour of the system after the removal of the infected files - by unchecking the "Disable system restore"

    Windows XP

    1. Right click on the "My Computer" icon on the Windows desktop and click "Properties"
    2. Click on the "System Restore"
    3. Check "Turn off System Restore on all Drives"
    4. Click OK, Close and restart the system

    Note: It is recommended to return to the standard behaviour of the system after removal of the infected files - by unchecking the "Disable system restore"
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    In addition to what Ron has advised, can you take the following steps:


    Step 1. Install Zone Alarm (free) – Firewall with visual outgoing alerts to see what is trying to access the internet.
    http://www.zonelabs.com


    Step 2. Install update and run Spybot Search and Destroy (free) – Spyware removal and protection, with registry monitor.
    http://beam.to/spybotsd


    Step 3. Install update and run Adaware (free) – Spyware removal. What Spybot Search and Destroy doesn’t pick up, this will.
    http://www.lavasoftusa.com


    Step 4. Install and run CWShredder available here:
    https://www.wilderssecurity.com/showthread.php?t=14086


    Step 5. Download Stinger available here: do NOT run this YET
    http://vil.nai.com/vil/stinger/


    Step 6. Turn OFF System Restore.


    Windows ME Instructions

    1. Right click on the "My Computer" icon on the Windows desktop
    2. Click "Properties"
    3. Click on "Performance"
    4. Click "File system"
    5. Click "Troubleshooting"
    6. Check "Disable system restore"
    7. Click on OK
    8. Close and restart your system.


    Step 7. Restart your system again in “Safe Mode” by pressing/tapping F8 while booting up


    Step 8. Run a scan with “Stinger” the program you downloaded above.


    Step 9. Run a scan with AVG.


    Step 10. Reboot your system into normal mode.


    Step 11. Run a further online scan found here: http://housecall.trendmicro.com/


    When everything is clean, it is recommended that you turn System Restore back on.


    Now that your system is clean you may want to take a look here for further discussion on security:

    https://www.wilderssecurity.com/showthread.php?t=45284&page=1&pp=25

    and here for more:

    https://www.wilderssecurity.com/showthread.php?t=43117

    Hope this helps…

    Let us know how you go…

    Cheers :D
     
Loading...
Thread Status:
Not open for further replies.