Really Bad Case Of Download.Trojan

Hi, i need some help, badly. My other computer has been infected with Download.Trojan, it's been on the computer for ages without me even realising and its disabled the internet. My two computers are connected together so i was going to send some programs over but its disabled the connection of the network. I have some disks though but still i need some serious help, thanks

 

Hi The Trooper, welcome to Wilders.

From what I have just read about this Trojan, working your way through the following comprehensive steps found in General Cleaning should resolve your situation.

If these steps do not resolve your situation, you will need to download and run “Hijack This” found here and post your log at one of the forums found here. The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

The steps mentioned in General Cleaning use software that ought to be part of your security, as an absolute minimum. Once your system is clean, please don’t hesitate to ask further about using these and other security software to protect your computer.

Hope this helps...

Let us know how you go.

Cheers

 

ok im doing everything but i cannot update the programs, as the interent does not work and when i send most of the programs on the cd, the evaluation period ends. Also i have located where the file is its in C:/Program Files/Norton Antivirus/Quarintine/Portal. The file is named 30580BC5.exe. When running a scan with TDS, the file was marked as locked and would not scan it. Any ideas on how to access it so i can scan it?

 

From what I have just read, running Norton in Safe Mode should remove it, however it appears to have been Quarantined by Norton, and how Norton Quarantines a file I do not know...

Here's a link to Norton regarding this Trojan: http://securityresponse.symantec.com/avcenter/venc/data/download.trojan.b.html

Hope this helps...

Cheers

 

can i just move the file somewhere where i can scan it?

 

What happens when you scan your system while in Safe Mode.

Can you purge the Quarantine file in Norton (I've never used Norton, so I don't know how it functions).

Cheers

 

Sorry im lousy at my English, could you tell me what purge means?

 

That's ok, I only speak english and I'm not too good at spelling it

Does Norton have a DELETE Quarantine files option?

Cheers

 

Open up Norton, in quarantine, highlite the file you want to delete and hit delete.

I would probably do this while in Safe Mode.

Cheers

 

Here's a link reguarding Nortons Quarantine folder: http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000041213443506

Hope this helps...

Cheers

 

when i go into norton quarintine, the file is not there. I can only find the file when i go into program files.

 

I think I would rename the file that you want to get rid of in program files to most anything you want to and try to delete it then. And if it still won't delete I would zip it and then try to delete it. You might disable norton antivirus while you try to delete it.

P.S. just remember what you change the name from.

 

when you run tds3 disable your antivirus just in case that is what has the file locked and then maybe it can get rid of it.

 

I don't know if you have tried running ad-aware se, my grand daughters comp. had fourty nine instances of the download trojan and ad-aware se removed every one of them. As a last resourt it is worth a try.

bigc

 

im going to try the cleaning thing first, how can i fully update my computer if i cannot acess the internet on the computer??

 

If you have no internet access you will just have to do the best you can with what you have.

 

should i rename and attempt to delete the file in safe mode?

 

the file has changed names without me doing anything? What is the cause of that?

 

OK, now I would suggest the following course of action:

Download and run “Hijack This” found here and post your log at one of the forums found here. The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

As what you have said sounds more like Spyware...

Cheers

 

could spyware have done like that much to my pc??

 

That much and more...

You may want to continue with General Cleaning, however when files begin changing names, I tend to head for a HijackThis Log...

Just to be clear, Wilders do not review HJT logs any more.

Cheers

 

OMG its gone all i did was rename the file, delete it and restart my computer. The net is up and running again. thankyou blackspear and bigc73542, you guys are living legends!!!!!!!!

 

im going to do a hijack this log just to be on the safe side too

 

Not always but sometimes the simplest way is the best way. Glad you had a good result.

bigc

 

ROFLMAO, well excellent, now run through General Cleaning just to be sure.

After this you may want to take a look here for further discussion on security and how to make your system that much stronger and here for more.

Let us know how you go…

Cheers