Can't get rid of Trojan horse dialer

  emmandelo1 14:50 02 Jan 05
Locked

AVG 7 found 'Trojan horse Dialer. 13.Q located in C:\explorer.cab:\explorer.exe but gives me no options to clear it. Have run AdAware and Spybot both in safe mode and with systen restore points turned off. They do not find it. Housecall does not find it. Spyware Blaster did not stop it. Have run out of ideas. Has anyone got any suggestions on how to get rid of this?

  stalion 14:55 02 Jan 05

try this click here

  emmandelo1 14:58 02 Jan 05

Sorry, forgot to mention that. A2 doesn't find it either.

  stalion 15:03 02 Jan 05

you may have to post a hijack this log
click here

  Fruit Bat /\0/\ 15:04 02 Jan 05

Trojan removers :-
click here
click here
click here

  ACOLYTE 15:06 02 Jan 05

AVG wont delete it cos its in a cab file it can find virus/trojans, inside archives but not delete them so can you search for the cab file click it and see it the file mentioned is there if it is delete it,BE AWARE THAT DELETING THE WRONG FILE WILL STOP WINDOWS WORKING.so dont delete explorer.exe.This is risky so you may wont to wait for someone else to advise.

  JIM 15:13 02 Jan 05

W32/Sober-C is an internet worm which spreads via file sharing on peer-to-peer networks and by emailing itself to addresses found within files on the computer.

The email subject line and message text are randomly chosen from internal lists and will be in either English or German. The attachment filename is also randomly chosen from an internal list and can have an extension of EXE, SCR, PIF, COM, CMD or BAT. See below for further details.

When first run, the worm copies itself to the Windows system folder as syshostx.exe and two other randomly selected filenames.


W32/Sober-C then creates the following registry entries

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\<random characters>

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\<random characters>

that points to the two copies of the worm with randomly selected filenames to ensure it is run at system logon.

The following files could also created in the Windows system folder.

ms16taskwin.exe

savesyss.dll

Humgly.lkur

yfjq.yqwm

These files are not malicious and can simply be deleted.

W32/Sober-C copies itself to the My Shared Folder in the KaZaA folder replacing existing executables that have an extension of COM, EXE, SCR, BAT, CMD or PIF.

W32/Sober variant disinfection instructions.

Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms.

click here

May be worth a try.

  rômanab 15:21 02 Jan 05

Try this click here

  emmandelo1 15:21 02 Jan 05

Am currently trying a couple of Fruit Bat /\0/\ suggestions, then will look into Jim's posting. Will post again with results. Thanks

  emmandelo1 20:28 02 Jan 05

Have now managed to get rid of this trojan dialer. Having tried almost every anti virus and scanner known to man the one that found it and deleted it in the end was the one suggested by rômanab. So a huge thank you to rômanab. It was eScan Antivirus by Micro World Technologies. I had to purchase the full version to be able to delete but I consider it £22 well spent. It also found a couple of other things that nothing else had found. The only problem I'm left with now is that having bought this thing do I use it as my main AV prog or do I carry on with AVG 7. Ho hum... solve one problem, create another....

  john-232317 21:47 02 Jan 05

I used the free escan and it picked up 8 virus`s, but were they real virus`s as nothing else picked them up.

click here

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Alex Chinneck’s giant ice cube Christmas tree at Kings Cross

Apple rumours & predictions 2017: The iPhone 8, new iPads, and everything else you should expect fr7…