Hello

My avast detects a trojan which is called “!uptade-4995[1].0000/Win32:Trojan-gen.{UPX!}” then although i delete it,it comes back again every time when i turn my pc on

What should i do ?

Please, follow:

3) Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. 4) Use [url=http://www.emsisoft.com/en/software/free/]a-squared[/url], [url=http://www.ewido.net/en/]Free AVG Antispyware[/url] or [url=http://www.superantispyware.com]SUPERantispyware[/url] (trojan removers). ;)

Thanks a lot

No Its still same

I delete it but it comes back again somewhere that i dont know

What did you do? All the steps?

1. Disabled the System Restore on Windows XP

2. Cleaned the temporary files.

3. Also deleted the virus

But
I had this problem before as well.It always comes back when i turn my pc on or restart.

I dont wanna format my pc again

Did you check the registry?

How can i check it

Start → Run → Regedit → search for the filename

Ok but its too diffucult to find it in register

Which is more difficult searching the registry using regedit and the find tool or formatting your system, I know what I would choose.

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2 or HiJackThis Tutorial 3
On-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

This should show all running processes or registry entries (run commands, etc.) so you should hopefully see mention of that file name.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.

1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.
2. Ad-Aware SE Personal Edition - Ad-Aware Product Comparison Chart http://www.lavasoft.de/download_and_buy/product_comparison_chart.php
3. Spybot Search and Destroy
4. Spywareblaster Don’t install this until you are clean.

I think you need to review your security as prevention is better and easier than cure.

You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

The Windows Vista version of IE 7 will provide a Protected Mode that gives the browser sufficient rights to browse the Web, but not enough rights to modify user settings or data. Protected Mode will only be available to Vista users because the functionality depends on the reworked user account system in Windows Vista. Vista’s version of IE 7 will also be able to automatically install security and other updates; that will not be the case in the XP version.

Can anybody explain clearly what should i do to this trojan not to reload every time of starting windows ?

You have to find out what it is in order to be able to stop it.

The two programs on item 1. are a more specialised anti-spyware, which the trojan responsible for this is. Download them or at least one and as I said install, update and run it, preferably from safe mode, boot and keep tapping the F8 key it should then give you the option to start in safe mode.

If that doesn’t clear the problem, read the Hijackthis (HJT) tutorial and download HJT and run that, and either post the contents of the HJT log file here or use one of the on-line analysis sites. Check (google the file names, etc.) the entries marked Nasty, Possibly Nasty or have a question mark icon in the entry.

Anti-spyware is useless for it

Whats Hijack? What does it do ?

It has been a long time since I have used hijack this but it can locate and find your problem and allow you to block any unwanted activity from it. Check out the tutorial, volcano, I need to also get reacquainted with it.

Have you actually tried any of the anti-spyware tools suggested before saying they are useless or did you run them from safe mode.

I can’t teach you what hijackthis is about, as I have already stated it is an analysis tool that reports what is running on your system, that is why I gave the links to the tutorials

How can i delete the web-sites I have visited before?

Any privacy tool like CCleaner or IE Privacy Tool (http://www.browsertools.net/) or your own browser settings (Firefox and Opera could delete browser history).

I meant in windows How i could delete

Windows doesn’t keep a record of the sites you have visited, that is in your browser. I assume you are using IE, check the Tools, Internet Options, General Tab, Temporary Internet files section, Delete Files and History, Clear History, see image.