Contact Forum Editor

Send an email to our Forum Editor:

PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom

It's free to register, to post a question or to start / join a discussion

View Forum Rules | Contact Forum Editor

 

RE-loading windows XP

technician

Likes # 0

Posted November 14, 2012 at 10:38AM

It seems I have a trojan virus on my computer. I understand the best way to get rid of it is to reload windows. Can I move other programmes installed on main drive to a external drive, then reload windows XP from recovery drive, then move programmes back ?

Like this post
mgmcc

Likes # 0

Posted November 14, 2012 at 10:44AM

No. You cannot move programs around because their entries in the registry would no longer be correct. They will have to be reinstalled from the original installation media after you've done the reinstallation of Windows.

I suppose you don't have a backup using something like Acronis True Image from before you got the trojan?

Like this post
lotvic

Likes # 0

Posted November 14, 2012 at 10:51AM

Which program has diagnosed the 'trojan virus' and what symptoms/behaviour have you got on your pc that makes you feel that an install is the only answer to clear it?

Like this post
northumbria61

Likes # 0

Posted November 14, 2012 at 10:53AM

Try the simple things first enter link description here

Like this post
Fruit Bat /\0/\

Likes # 0

Posted November 14, 2012 at 3:41PM

What antivirus program and anti malware programs are you using?

Malwarebytes or SAS are both free and very good

Like this post
technician

Likes # 0

Posted November 15, 2012 at 10:23AM

Thanks mgmcc,though that but worth a try. I think spydig said it was a trojan. Tried malwarebytes, pcsafedoctor, pc cleaner pro,stinger, spy emergency,xoftspy and norton 360. Some say nothing is wrong and others find it and do nothing. Computer is very slow, screen freezes, programmes take ages to load or exit and it says (not responding).

Like this post
Fruit Bat /\0/\

Likes # 0

Posted November 15, 2012 at 11:53AM

What is the name of the Trojan?

Like this post
technician

Likes # 0

Posted November 15, 2012 at 1:18PM

Helminthos

Like this post
Fruit Bat /\0/\

Likes # 0

Posted November 15, 2012 at 1:41PM

  1. Boot your computer into safe mode to close all running processes.

  2. Remember to back up your system before making any changes for future restore job when necessary.

  3. Remove these TrojanDownloader.Helminthos.fe files:

    C:\Program Files\Antivir Solution Pro\AntivirSolution.exe %UserProfile%\Local Settings\Application Data[random][random].exe

  4. Open Registry Editor to delete the following registry entries:

    HKEYCURRENTUSER\Software\Microsoft\Windows\CurrentVersion\Internet Settings 'WarnOnPostRedirect' = '0' HKEYCURRENTUSER\Software\Microsoft\Windows\CurrentVersion\Run 'tmp' HKEYCLASSESROOT\secfile HKEYCLASSESROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt HKEYCLASSESROOT\CLSID{5E2121EE-0300-11D4-8D3B-444553540000} HKEYCURRENTUSER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments 'SaveZoneInformation' = '1' HKEYCURRENTUSER\Software\Malware Defense

  5. It is possibly for TrojanDownloader.Helminthos.fe to load by hiding within the system WIN.INI file and the strings "run=" and "load=". So you must check carefully in order to thoroughly remove it from your computer.

  6. It is necessary for you to clean the IE temporary files where the original carrier may store.

  7. Rerun malwarebtes on completion to see if it finds it agin

Like this post

Reply to this topic

This thread has been locked.



Check out PC Advisor's other tech forums

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story. Both your name and the recipient's name and address will not be used for any other purpose.