is there a way to delet trojan horses?

[sean diggz]

I RAN 3 DIFF VIRUS SCAN'S

AVG FREE
MCAFEE
NOD32
AND AD AWARE
4 NIGHTS STR8

EITHER NO virus found on either scans from either app or 1 or 2 found and deleted.

nod32 keeps popping up saying that a SYS32/VTROJANHORSE or someTHING is on here and i choose the only option and thats to clean flle or heal or delete now everytime i OPEN IE EXPLORER'S AND SHIT that nod32 pops up and MY WINDOWS EXPLORER SCREEN KEEPS REFRESHING AND MY DESKTOP EITHER DISAPEARS OR REFRESHES MY ITEM'S WHEN I CHOOSE TERMINATE THE TROJAN FROM GOING ANY FURTHER THE SCREEN REFRESHES BUT SOME TIMES DOES NOT GO BACK TO NORMAL AND SOME TIMES WHEN I LOAD UP TEH PC THE DESKTOP IS MISSING I HAVE TO REBOOT AGAIN FOR IT TO APPEAR.
what could i possibly do besides restore windows?

 

[SirKenin]

From my experience not one of those programs is effective at deleting anything memory resident.

I would recommend working with Prevx1 while in normal mode, Ewido while in safe mode, followed by Avast!

If you have rootkits or anything Microsoft's Autoruns will help you locate them and delete them. If it doesn't delete them, Smitfraud is very effective at removing them.

 

[tlarkin]

Go to symantec's security response section of their website and find out how to manually remove it. Sometimes applications just plain won't work.

 

[_simon_]

Recently had the same problem on my father's machine but with Zlob.

He had the latest Norton which surprise, surprise found it but would not delete it.
He tried ad-aware, spybot and some program I'd never heard of.

I popped over, removed all of the above, installed Avast and set it to a thorough scan and within minutes it had found and deleted it.

 

[sean diggz]

tryed avast free virus cleaner and nothing was detected i dont know if it has one of the trojans i have up to date to detect here is one of my nod32 logs i always remove or quarintine them threw nod32 but they seem to come back and are not fully deleted threw that app i will try the other 2 suggested




Time Module Object Name Threat Action User Information
Time Module Object Name Threat Action User Information
11/26/2006 13:17:23 PM AMON file C:\DOCUME~1\sean\LOCALS~1\Temp\$06571B03.t$m Win32/Adware.WinFixer application quarantined - deleted Event occurred on a new file created by the application: C:\Program Files\Grisoft\AVG Free\avgwb.dat. The file was moved to quarantine. You may close this window.

Time Module Object Name Threat Action User Information
11/26/2006 2:19:59 AM AMON file C:\DOCUME~1\sean\LOCALS~1\Temp\jugecmkc.dll Win32/Spy.VBStat.H trojan quarantined - deleted MAJOR-26137D8D0\vin Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
Time Module Object Name Threat Action User Information
11/27/2006 17:43:16 PM AMON file C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\WB153N5M\new[2].htm JS/TrojanDownloader.Agent.BI trojan quarantined - deleted MAJOR-26137D8D0\vin Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe. The file was moved to quarantine. You may close this window.

 

[Numbskull]

How about trying A-squared Free from http://www.emsisoft.com/en/software/download/

 

[joeswm8]

LISTEN TO THIS MESSAGE!!!

Get ZoneAlarm Pro from this URL
http://www.zonelabs.com/store/conte...y/trial_zaFamily.jsp?dc=12bms&ctry=US&lang=en

Download ZoneAlarm Pro for Free, just click trial, you know what to do

It just deleted THREE trojans from my computer yesterday when it was going very slow, and now its really fast. Just delete it when ur done though because there are a lot of system alert pop-ups.


GET IT NOW

 

[SirKenin]

rofl. I love that last post. It reminds me of the stupid advertisements you see all over the web, or those TV "informercials".. Classic stuff.

 

[joeswm8]

trust me, its so awesome

 

[alchemist83]

REmOVAL INSTRUCTIONS + TOOL

Follow these removal steps to remove this adware / trojan from your computer:

Reboot the computer to Safe mode (press F8 when windows start).
Open a Dos command prompt window (from Start > Programs > Accessories ), enter the following commands:

cd "%programfiles%\winfixer 2005"
regsvr32 /u strres.dll
regsvr32 /u oedrop.dll
regsvr32 /u mmfix.dll
regsvr32 /u idletrac.dll
regsvr32 /u ftrec.dll
regsvr32 /u fixcore.dll
regsvr32 /u ffwraper.dll
regsvr32 /u ffcom.dll
regsvr32 /u df_proxy.dll
regsvr32 /u df_fixer.dll
regsvr32 /u compcln.dll

cd "%programfiles%\common files\winsoftware\"
regsvr32 /u crxml.dll
regsvr32 /u pcheck.dll

Open the "Program Files" folder, find and delete the folder "winfixer 2005".

Open the "Program Files\common files" folder, find and delete the folder "winsoftware".

Click Start > Run, type 'regedit', and click OK to open the Registry editor.
Navigate to the following key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.

In the right pane find and delete any entries point to file "?????.exe", where '?' denotes random letter

OR

Also i found this handy removal tool, download it here http://upload2.net/page/download/TO7WVeDLOIIVEUC/Fixwareout.zip.html


Just unzip it and run - (allow it to connect to the net if it asks, so it can download bfu (brute force uninstaller) once you've run it will wanna reboot, at which it will remove the trojan/adaware and provide you with a report to tell you exactly what was removed