Trojan-downloader-hidd

I have a trojan horse that I can't get rid of. Its called Trojan-downloader-hidd. Webroots Spy Sweeper finds it and deletes it but it reinstalls itself. I haven't tried TDS-3 simply because I have tried so many detection and removal programs I no longer know which ones will work.

 

Hi the Trojan you have has a few aliases see HERE or HERE

For removal i would suggest following the basic Trojan removal instructions;

If your Anti virus will not delete the Trojan download a free trial from of a different AV.

Basic instructions for removing Trojans, stubborn viruses etc;

1. Update windows and security software.

2. Disable system restore.

3. Boot into safe mode.

4. Run security apps (Anti; virus, Trojan, Spyware etc.)

5. Delete any problems.

6. Boot normally.

It should then be clean if not;

Extended options,

1. If you know the name of the virus, Trojan etc, research on web for removal advice.

2. If the infected file has been identified, try to delete it manually. (Check the file name first, makes sure it’s not a legitimate file.)

3. Perform on line AV scan with a different AV to the 1 you regularly use.

4. Make a note of the running processes from task manager, research any that are not familiar. (Look very carefully, some are almost identical to the real processes, e.g.; Iexplore, lexplore. the latter is an L.)

5. Look in the windows Event viewer for errors, it can point to the area/file that is having problems.

6. Scan with HiJackThis, post log file at forum that does analysis.

7. Perform System file check. (Windows CD > CDROM drive, click start > run, type in CMD, when window opens type in "sfc /scannow will replace any changed/damaged system files with a clean copy.)

 

Hey. I have the same thing. the only thing that i have found linked to downloader-hidd is found as
HKCU\Software\Microsoft\Windows\Current Version\nur\
but it keeps reinstalling.I am still searching for a solution. i think that it may have something to do with about:blank. it keeps hijacking my homepage and sending me dirty ads. there's also an annoying toolbar that i can't get rid of.
does anybody have any suggestions?

 

IMHO, ronjor's reply#2 is a pretty good start.

Posting a HJT log at one of those forums linked, is what i would do.


snowbound

 

check your install/remove programs folder, make sure you can account for everything in there. also if you have an idea when it got on then run a search of your system with the specific dates, stand by for some scarry stuff, there was a hidden log of all the progemas it had changed on mine, but i did manage to get rid of it by deleting the six or seven programs that it installed, make sure you are running a decent firewall and you will know when you've been hit in the future as it will ask to connect some bizare program names.