How do I get rid of this trojan? Help please

  bof:) 20:33 07 Feb 06
Locked

Hi all,nextdoor neighbour has run AVG and its detected the following:

Trojan Horse Proxy TI

found in

A014053.CPY (embedded object)
and
FS726.CAB Infected Archive (cannot heal)

Initialy my neighbour thought he had a problem because some of his games folders disappeared after he thought he heard the HD go pop. He ran AVG but with scan all files ticked, it found nothing.

I downloaded the 14 day free trial of kaspersky antivirus checker after it said restart computer, I did and it would only start up into safe mode.

We turned pc off and left it for a while and then rebooted. This time it booted into WinME fully. BUT kaspersky could not be found.

If you went to 'My computer' and then c-drive there where no icons on the page although it said
36 objects at the bottom of the page. Also there are no icons in 'Control panel'

So, we have full icons on desktop but no folders visible in my computer or control panel.

We can access the internet but not (it seems) on- line virus checkers.

I did consider doing a highjackthis log but the icon is in downloads which is in c drive so it cannot be seen.

I changed AVG to scan all files and it found just the Proxy TI trojan horse.

I updated and ran A-squared which found nothing.

If anyone has any thoughts on this please let me know.

many thanks,

Mike

  VoG II 20:41 07 Feb 06

Download Ewido Anti-Malware trial version click here

When installing, under 'Additional Options' untick 'Install background guard' and 'Install scan via context menu'.

Launch Ewido by double clicking the icon on your desktop. The program will now go to the main screen. You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update then click on Start Update.

Then select 'Settings'. Under the bottom section 'What to Scan?' make sure 'Scan every file' is ticked. Select 'OK' and you will return to scanning options. Click on Complete System Scan and the scan will begin. This scan can take quite a while to run.

While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose 'Clean' (or 'Delete' if 'Clean' is not an option). Then put a tick next to 'Perform action on all infections'. Doing this enables the scan to proceed automatically until its completion. Click OK.

  Jak_1 21:21 07 Feb 06

disable system restore via the control panel and then run your av in safe mode. That should clear the little beast, if av shows it has been cleared then re-boot in normal and re-activate system restore.

  VoG II 21:25 07 Feb 06

Turning off System Restore will only get rid of it if it is in a restore point.

Expert opinion (I do not mean me!) is that it is better to keep restore points to go back to if your attempts to remove malware result in an unstable system.

Where is the infected file located bof:)?

  rawprawn 21:52 07 Feb 06

click here Try this online scan, I have found it very good.

  bof:) 22:53 07 Feb 06

Hi all, neighbour ran Reg Mechanic whilst I was away, it found approx 175 errors which it repaired.

Upon rebooting 'active desktop' appeared and will not go away.

I've restored reg mechanic 'repairs' using its own restore option and still active desktop will not go away.

Tried to install Ewido but it will not work on windowsME.

Currently running kaspersky 14 day free trial which I copied to cd disk.

Pc will show icons on the cd disk in the 'D drive' but still will not show anything when you attempt to view the 'C drive or control panel'.

rawprawn I'll try Housecall tomorrow if kaspersky finds nothing.

Jak_1, we cannot see any icons in the control panel.

VoG™, have you any thoughts on why we cannot view the c drive icons but can view the d drive ones?

Many thianks,

Mike





But can see icons on the desktop and still connect to the internet.

  skidzy 23:21 07 Feb 06

Bof try this...Little program ive been using for a couple of years,The trial version will only repair 10 errors at a time,but can give you an idea of what may be wrong...You can scan as many times as you like or just pick where you would like to scan...Its worth a try and i totally recommend it.I bought the full version and will keep on doing so.click here

  bof:) 10:19 08 Feb 06

Hi all, neighbour has telephoned this morning to say kasperky AV found same trojan as did AVG but there was not an option to delete it.

now neighbour says when he tries to access the internet, his home page appears blank.


So, now we have the following situation:

AVG and kaspersky AV have found the trojan,

Trojan Horse Proxy TI

found in
A014053.CPY (embedded object)
and
FS726.CAB Infected Archive (cannot heal)

But neither can get rid of the trojan.

we have icons on the desktop but not in either the c-drive or the control panel. (although at the bottom of each page of both it states the number of the objects on the page).

Homepage on internet appears as a blank page.

Any ideas will be greatly appreciated.

Neighbour has winME preloaded onto his HD so I'm not sure if push comes to shove we can even restore WinME.

many thanks,

Mike

  bof:) 10:19 08 Feb 06

bump

  rawprawn 11:44 08 Feb 06

Have you tried the online scan I suggested?

  madirishman 14:09 08 Feb 06

Hi rawprawn, I've tried Housecall and get as far as scan my computer. Then I get a message from IE which says 'Not found alert-detected slow connection'.

I'm able to connect to other sites such as Yahoo fine.

Mike

This thread is now locked and can not be replied to.

Surface Pro (2017) vs Surface Pro 4

Where HTML5 is headed next

MacBook Pro v Surface Pro 5