I’m pretty new to Avast, so hopefully someone can help me. I just started getting a Trojan Horse alert on the file windows/system32/mwinsldt.exe. I’m not sure what this file does, but no matter what I do, Avast doesn’t seem to be able to clean or delete the file. No matter what action I tell it to do, I keep getting the warning at least twice a day. What should I do?

Eric

Heya, and welcome to the fourms.

Well, lets see, Avast! AV doesn’t specialize in trojan removal (though it does has capability to remove SOME). So, if it cannot remove that specific one, try one (or more if one doesn’t work) of the following programs:

AVG Anti-Spyware
a-Squared
Spyware Terminator
Spybot S&D (for secondary scanning after)

All these specialize (in some way) to remove trojans. Good luck !!

i think use boots time scan can remove that 1.

The boot-time scan really isn’t an option here as it is used when avast can’t deal with the infected file (file in use or protected, etc.), then the boot-time scan will be able to deal with it before windows starts.

In this case it appears to be an ‘undetected’ trojan that is restoring or downloading this file. So a boot-time scan can’t detect what is undetected in a normal scan, that is why we suggest more specialised anti-spyware tools.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode (for item 1 applications).

1. If using winXP AVG anti-spyware (formerly Ewido) Resident scanner during trial On-Demand after trial ends. Or SUPERantispyware On-Demand only in free version. Or Spyware Terminator Resident scanner. Or a-Squared free On-Demand only with free version(if using win98/ME).
2. Ad-Aware SE Personal Edition
3. Spybot Search and Destroy
4. Spywareblaster Don’t install this until you are clean.

AVG anti-spyware is great for remove spyware.

In my opinion,Avast does not suit to delete trojan,althought it can detect spyware.

So choose AVG anti-spyware free edition as assistance is good choice .

Well, I managed to delete the Trojan Horse (it turned out to be Downloader IB), but none of the recommendations you made were the solution (thanks anyway!). I used HiJackThis to find the suspect process and file and then deleted it in Safe Mode bootup. ComboFix made sure that everything was clear. Thanks, guys, for the help!

Eric

No problem, welcome to the forums.

I’m surprised that none of the above found it, was the file name an location you previously said the trojan ?

If you could have added the file to the User Files section of the avast chest and emailed the sample to avast that would have helped improve detections.

Davidr, sometime the avast detect as trojan but when i send to virustotal to scan it, the result must hv 2 or 3 say it is a downloader or infostealer

Can you please post the results of the VT scan ?

What concerns me is your statement, ‘sometime the avast detect as trojan’ there should be a consistency where it either detects it or it doesn’t. Can you explain further ?

Trojans can be multiple things add to that there is no standardisation in malware naming so this is often why there are multiple detections in VT with different names.