For some reason I cannot make a Trojan horse go away. The avast finds it and asks me what I want to do, I either move to chest or delete it- press enter and it pops again and again. It will not stop. I am running Windows XP and Avast 4.8 - the file name is C:\WINDOWS\System32\hpzjrd0132.dll Malware name is Win32:Spyware-gen [trj] Malware type Trojan Horse (it seems to change each time, it pops up). I have run SpyBot, Stinger, and XoftSpy, all with no end in site. Can someone please tell me what to do.
Thanks.

Welcome to the forums, kocksan.

Please download HijackThis from the link below. Do not download HJT to the desktop but instead download it into it’s own folder on the hard drive.

Run the program but do not make any fixes and then post the log results using the “copy & paste” method. It will probably take more than one post to be able to get the complete log posted.

OR, you can post it as an attachment to your post by clicking on “Additional Options…” below left of the posting box. Someone will review your log and then offer help.

http://filehippo.com/download_hijackthis/

First I would exercise care in what security programs you install on your system as xoftspy has some previous history as a bit of a rogue itself, aggressive promotion by alerting on stuff not there. Whilst that isn’t meant to happen now there are more security application out there than you can shake a stick at which don’t have any previous bad history.

If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

1. SUPERantispyware On-Demand only in free version.

2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

Well I don’t know exactly what I did, but it has stopped. I did download and install the anti-malware program as suggested and the only way I could run it was to turn off Avast. I ran a quick search and it found 10 different thing (virus and trojans). I have since turned my Avast back on and everything seems to be OK. Spybot also found a lot of problems. I guess for now it is OK, and I guess I have learned that you can never just blindly go and download and install some thing unless you are positive there is nothing wrong with it. Thanks for your help.

What was found, that’s why I suggested you post the logs.

Open MBAM again, it shouldn’t require that avast is not running, it doesn’t on mine, had you done as suggested and run it from safe mode, avast doesn’t run in safe mode, so you wouldn’t have had anything to do.

You should also run SAS and report the findings.

disable your system restore
use “Spybot S&D” search that

Disabling System Restore isn’t advisable unless it is a problem specifically related to it, as it clears ALL restore points and currently avast isn’t detecting anything in the System Volume Information _Restore points.

Whilst this is in a system folder avast should be able to deal with that and any infection in the System Volume Information _Restore points. It also has the ability to run a boot-time scan to overcome any such problems.

So by advising kocksan to disable system restore you could by doing them a disservice as it denies them that option if they need it. So this isn’t something that should be generally advised when using avast as it should be able to deal with these issues. Not to mention if you read kocksan’s second reply the problem is resolved, so you would be disabling system restore for zero benefit/reason.

What we are seeing here is the restoration of infected files because of a hidden or undetected element to the general infection and nothing to do with system restore, restoring a moved/deleted file.