Help with Trojan

[Mag]

I keep a PC for my kids to use which runs WinXP and Kaspersky Internet
Security. They were using Limewire and got a message from Kaspersky, after
downloading a file, detecting a Trojan called Downloader.WMA.GetCodec.a.
Kaspersky advised to delete it. When delete was clicked, Kaspersky gave the
message 'Cannot be deleted object is not found. Attempt of access to the
file will be blocked. File will not be changed or deleted'. I deleted the
offending file, emptied the recycle bin and ran a scan which did not find a
Trojan. Is it likely to still be on the PC? If so how can I check?

 

[Mag]

I keep a PC for my kids to use which runs WinXP and Kaspersky Internet
Security. They were using Limewire and got a message from Kaspersky, after
downloading a file, detecting a Trojan called Downloader.WMA.GetCodec.a.
Kaspersky advised to delete it. When delete was clicked, Kaspersky gave the
message 'Cannot be deleted object is not found. Attempt of access to the
file will be blocked. File will not be changed or deleted'. I deleted the
offending file, emptied the recycle bin and ran a scan which did not find a
Trojan. Is it likely to still be on the PC? If so how can I check?

I also ran AdAdware which did not detect it.

 

[Kayman]

I keep a PC for my kids to use which runs WinXP and Kaspersky Internet
Security. They were using Limewire and got a message from Kaspersky, after
downloading a file, detecting a Trojan called Downloader.WMA.GetCodec.a.
Kaspersky advised to delete it. When delete was clicked, Kaspersky gave the
message 'Cannot be deleted object is not found. Attempt of access to the
file will be blocked. File will not be changed or deleted'. I deleted the
offending file, emptied the recycle bin and ran a scan which did not find a
Trojan. Is it likely to still be on the PC? If so how can I check?

Kaspersky most probably has taken care of your problem.

To make sure, you could download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Fora where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is required in any of the below before posting a log

http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29
http://www.thespykiller.co.uk/index.php?board=3.0
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://forums.tomcoyote.org/index.php?showforum=27
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.spywarewarrior.com/viewforum.php?f=5

 

[Mag]

Kaspersky most probably has taken care of your problem.Thanks for the advice. I will follow it. What does Kaspersky mean by 'Cannot
be deleted object is not found'. It implies to me that the Trojan is still
present (which is what worries me).

 

[Kayman]

Thanks for the advice. I will follow it. What does Kaspersky mean by 'Cannot
be deleted object is not found'. It implies to me that the Trojan is still
present (which is what worries me).

Well, I'm not sure why Kaspersky wouldn't be able to find/delete the object
but detecting it in the first place.
The helpful people at Kaspersky forum may be able to throw some light on
this.
http://forum.kaspersky.com/index.php?

In the meantime I'd update Kaspersky followed by a FULL computer scan in
'safe mode'; The scan result should give you a good idea as to the state of
your OS.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
Alternatively:
click onto Start==>Run, type "msconfig" (without quotation marks), click
OK. Then click onto BOOT.INI tab and 'check' /SAFEBOOT then OK and click
Restart. To go back to Normal Mode, you must access the System
Configuration utility again and click the General tab then click/check the
radio button 'Normal Startup'- load all device drivers and services'.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222

Good luck

 

[Mag]

In the meantime I'd update Kaspersky followed by a FULL computer scan in

'safe mode'; The scan result should give you a good idea as to the state
of
your OS.

I'll do it. Thanks for the advice. I'm learning all the time.