Hi BigDot,,
It seems possible that your PC has been deliberately
damaged by the trojan so as to prevent you removing the trojan.
Your first priority must be to cleanse your PC of all malware. as it is
being subverted by malware.
--
Updateyour anti virus applicªtion.
--
In safe mode, some of the protective services which these programs use to
ensure that they aren't removed, are not running, so they are easier to
remºve.
Getting into Windows Safe Mode.
http://www.computerhope.com/issues/chsafe.htm
Shut down the computer and turn off the power.
Wait for at least 30 seconds, and then restart the computer in Safe mode or
VGA mºde.
--
Enable Hidden Files and folder's.
To enable hidden files and folders Go to task bar, click Start > My Computer.
On the Tools menu, click Folder Options.
On the View tab, uncheck Hide file extensions for known file types.
Make sure that 'Show hidden files and folders' is enabled.
Display the contents of system folders' is checked & 'Hide extentions for
known file types' is not checked then press ªpply.
You can set this back later by opening the same page and pressing 'restore
defaults' then pressing ªpply,
HOW TO Enable Hidden Files:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339
--
In Safe Mode
You can clear prefetch files by going to Start menu and Run and typing
prefetch
and then click OK.
Remove the content of the folder Prefetch
The problem is that many spyware/malware/virus/Trojan (you get the idea)
writers use it to cause their programs to get respawned the moment you launch
the app whose prefetch data is linked to the code placed there by the
infection.
--
Open a Internet window and go to Internet Options, Delete Cookies and Temp
Files, and included all off line content.
Then also go to Start menu and Run and type (with %)
%temp%
and clear the files in that fºlder. Also go to Start menu and Run and type:
%windir%\temp
and clear the files in that fºlder.
--
Empty your IE cache and your other temporary file folders, eg: c:\temp,
c:\windows\temp or C:\Documents and Settings\<name>\Local Settings\Temp (the
path to your temp folder will change depending on your name) - sometimes
programmes can be hidden in there - watch out for mysterious *.exe files or
*.dll files in those fºlders; and
c:\Documents and Settings\username\local settings\Temporary Internet
Files\Content.IE5 and delete all the files in those directories and
subdirectºries).
http://www.mvps.org/winhelp2002/delcache.htm
--
After the cleaning, run Windows Defender and your anti virus applicªtion,
also any other anti spyware program like Ad-Aware
http://www.lavasoftusa.com
, Spybot Search & Destroy
http://www.safer-networking.org/ , etc. etc.
--
CCleaner -
http://www.ccleaner.com
Note, uncheck Yahoos toolbar during install.
The first time you run CCleaner's Issues scanner you'll have to keep
running it back-to-back until it finds nothing. One scenario is a registry
key may only be a reference pointing to a completely different location in
the registry and when it's removed then that reference link is also noticed
as being invalid on a subsequent scan. It's generally a good idea to keep
running the Issues scan until nothing is listed.
--
(Exit safe mode) Reboot
--
Go to Ewido
http://www.ewido.net/en
run a online scanner
--
Here's a few more options
Run the House call on line virus scan located at:
http://housecall.trendmicro.com/housecall/start_corp.asp
Follow the prompts to scan your hard drive for viruses. Select the
"Auto clean" option so that House call will remove any viruses from your
system.
When the scan is finished, please restart your computer.
Then run the Panda scan here:
http://www.pandasoftware.com/activescan/
Choose to "Disinfect automatically," and follow the prompts. Delete any
viruses found, and restart your computer.
Finally, run the window security Trojan scan here:
http://www.windowsecurity.com/trojanscan/
Remove any Trojans found, and restart your computer.
Some Anti virus scanners cannot remove infections because you are on line and
they are running on the system when you perform the scan, If you have
problems with the infection returning you would be best downloading these
scanners and running them in safe mode
Microsoft Malicious software removal tool :
http://go.microsoft.com/fwlink/?LinkId=40587
Trend Micro's Damage clean up tool :
http://www.trendmicro.com/ftp/products/tsc/tsc.zip
Mcafee's Stinger Virus Remover
http://vil.nai.com/vil/stinger/
Download the three removal tools and boot into safe mode (Reboot and keep
tapping F8 then choose safe mode from the list) Once in safe mode run all the
scanners and let remove anything found.
--
Anti-Trojan
Not all Trojan Horses are detected by anti-virus and anti-spyware programs.
So you should have software that specializes in the removal of Trojans.
So-called back door Trojans open up your PC from the inside to attackers,
which enables the person/website who sent the Trojan to monitor your PC. An
even worse variant is the so-called RAT, short for Remote Administration
Tool, which enables a hacker to control your PC.
a2 Free is the one of the best free anti-Trojan (and anti-malware) software
available. The free version has only an on-demand scanner, and does not
provide real-time protection.
http://www.emsisoft.com/en/software/free/
Antoher good anti-Trojan available for free is Ewido.
http://www.ewido.net/en/download/
It's advisable to have both these scanners.
McAfee Stinger is a very good tool that can detect and remove some 55 (and
growing) common and dangerous viruses , Trojans and their variants. It's a
stand alone, on-demand scanner.
http://vil.nai.com/vil/stinger/
Online Scans
Even though we may have the best anti-virus, anti-Trojan/spyware tools, we
are never completely secure. Based on some estimates 500 or more new viruses
surface every month and antiviruses and antispyware software based on
signature scanning will not always detect all of them.Therefore, it is
advisable to use a backup scanner to make sure nothing is missed. One idea to
perform online scans to check the system. These online tools have up to date
database and they can detect more malwares than any other. Another reason to
perform an online scan is because some malware can deactivate or hide from
security programs, but not from online scanners.
If you still have problems let us know whats being detected and it will be
easier to help more.
Regards
--
CONVICTION
It is easier to fight for one;s principles than to live up to them.
-----Alfred Adler
