can anyone tell me what to do to get rid of this trojan found by avast.
Keep gettin the sirens ever time i start the comp.
Details are:-
Original File name: WTools.exe
Original Folder: C:\Programs Files\Common Files\WinTools\Update\WToolS.exe
Size of File: 137728
Last Modification time: 12/09/2004 05:22:28
Time of transfer to Computer: 31/12/2004 10:50:35
Category: Infected Files
Virus description: Win32:Trojan-gen. {other}
Field ID: 7
At the moment i can’t udate xp with any security files or service pack 2, could this trojan be the problem.
Its not just SP2 i can’t download its any security udates, i’m not really up on the regestry etc…, but i can re-format the drive and take the computer back to original install from master CD’s.
At the momnet i can’t even get into the dsl modem to set up the firewall as the browser looks for a web site!!
Phule, are you using Windows XP?
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning
Select for scanning archives.
Boot.
Access denied means, generally, that the file is in use by another process (program) and cannot be repaired/cleaned/moved/handled by avast!
Delete the trojan, but do not even think in “clean” the registry using any “cleaner” program. Such cleaning is not needed in 32 bits systems and is totally useless and will only give a lot of troubles to the OS. Instead try to locate the keys that belong to that program and delete them manually
In the hands of a novice, manually deleting registry keys can be every bit as harmful to the OS as any cleaner that you mention.
But simply leaving them there is not an option as this will simply regenerate malware. It’s about using the right tools for the job and in this case it is HiJackThis to remove harmful registry entries (which may be a branch of a registry key and not necessarily the whole key).
Registry cleaners are not the correct tool for the job (malware removal), but they do - for the most part - have a backup/restore function, manual deletion may not.
Following the information on Eddy’s site should make this a relatively painless journey.
Right click “my computer” and choose properties. You will see a number there. It looks like xxxxx-xxx-xxxxxxx-xxxxx Is the second number 640 and does the 3rd start with 00 (zero zero)?
ps: Do not post the entire number here! If it makes you feel more confortable you may send the answer in a private message.
Right clicked my computer>properties and checked all tabs, advanced etc no numbers anywhere.
i don’t have an xp disc as all software was preloaded.
Have now got my firewall up and running so hopefully that damn trojan will not get in again.
However i downloaded SP2 as you suggested, it trys to install but after a few minutes i get the message ’ could not verify integrity of file Update.inf, make sure the Cryptographic service is running on this this computer.
Checked through msconfig and it is running.
Also tried today to download directx 9c it almost installed then a message appeared stating that the file did not pass microsoft logo test and would not be installed.
