Discussion in 'malware problems & news' started by trooperjmb, Mar 1, 2005.

Thread Status:
Not open for further replies.
  1. trooperjmb

    trooperjmb Registered Member

    Mar 1, 2005
    I have a trojan horse that I can't get rid of. Its called Trojan-downloader-hidd. Webroots Spy Sweeper finds it and deletes it but it reinstalls itself. I haven't tried TDS-3 simply because I have tried so many detection and removal programs I no longer know which ones will work.
  2. ronjor

    ronjor Global Moderator

    Jul 21, 2003


    Wilders no longer does hijack logs but you could post one elsewhere. This would be a good first step.

    Two of the bigger forums for HijackThis log processing, (meaning they process more log threads each day than many others) are: and

    You can also look through these links.
  3. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Aug 10, 2004
    Hi the Trojan you have has a few aliases see HERE or HERE

    For removal i would suggest following the basic Trojan removal instructions;

    If your Anti virus will not delete the Trojan download a free trial from of a different AV.

    Basic instructions for removing Trojans, stubborn viruses etc;

    1. Update windows and security software.

    2. Disable system restore.

    3. Boot into safe mode.

    4. Run security apps (Anti; virus, Trojan, Spyware etc.)

    5. Delete any problems.

    6. Boot normally.

    It should then be clean if not;

    Extended options,

    1. If you know the name of the virus, Trojan etc, research on web for removal advice.

    2. If the infected file has been identified, try to delete it manually. (Check the file name first, makes sure it’s not a legitimate file.)

    3. Perform on line AV scan with a different AV to the 1 you regularly use.

    4. Make a note of the running processes from task manager, research any that are not familiar. (Look very carefully, some are almost identical to the real processes, e.g.; Iexplore, lexplore. the latter is an L.)

    5. Look in the windows Event viewer for errors, it can point to the area/file that is having problems.

    6. Scan with HiJackThis, post log file at forum that does analysis.

    7. Perform System file check. (Windows CD > CDROM drive, click start > run, type in CMD, when window opens type in "sfc /scannow will replace any changed/damaged system files with a clean copy.)
  4. Gigsley

    Gigsley Guest

    Hey. I have the same thing. the only thing that i have found linked to downloader-hidd is found as
    HKCU\Software\Microsoft\Windows\Current Version\nur\
    but it keeps reinstalling.I am still searching for a solution. i think that it may have something to do with about:blank. it keeps hijacking my homepage and sending me dirty ads. there's also an annoying toolbar that i can't get rid of.
    does anybody have any suggestions?
  5. snowbound

    snowbound Retired Moderator

    Feb 18, 2003
    The Big Smoke
    IMHO, ronjor's reply#2 is a pretty good start. ;)

    Posting a HJT log at one of those forums linked, is what i would do.

  6. sam tan

    sam tan Guest

    check your install/remove programs folder, make sure you can account for everything in there. also if you have an idea when it got on then run a search of your system with the specific dates, stand by for some scarry stuff, there was a hidden log of all the progemas it had changed on mine, but i did manage to get rid of it by deleting the six or seven programs that it installed, make sure you are running a decent firewall and you will know when you've been hit in the future as it will ask to connect some bizare program names.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.