help needed

hello,
i have just started useing avast and it has found a virus ???.
the virus is -win32:trojan-gen.(other)

 file name - c:\windows\sychost.exe

what do i do know ???. i am not very good with computers so any instructions / help you could give me in plain english would be great.

 thank you.

Hi,
are you sure, that’s a “Y” and not a “V”
in the filename ? Please check the spelling or better exactly copy the name from avast’S report/logfile in here

what WIN do you have ?

test the file with OnlineScanners e.g. from Trend & KAV (see below) to get a more specific name
(you need to temporarily disable AV-Resident Shields/Monitors to be able to scan the file online)

-remove the Virus/Malware and it’s system modifications according to VirusInfos from Avast, VGREP, TrendMicro, Kaspersky; you might also try searching for the virus name or filename with google

general removal procedure:

  • kill respective Backdoor/Trojan process with task manager
  • search for the file/process names in the registry; remove the malware’s startup entries in the registry
  • disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot

-Secure your system (change passwords, secure shares, install patches/updates for WIN, IE etc…)
-scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro to check whether your PC is clean :wink:
:wink:

hi,
thanks for trying to help.
yes sorry that is a v in the file name. :-[
i have windows 98 ver 4.10

when you say website names can you say the whole name as i do not them.thanks.

Hi,

scan the file here:
http://housecall.antivirus.com/housecall/start_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://www.ravantivirus.com/ → Scan Online

and tell us the exact name they come up with
(pause avast’s resident shield first: rightclick on the blue ball-> pause …)

:wink:

hi,
useing kaspersky it said
svchost.exe infected :trojanspy.win32.tofger.d

ok, that’s a start:

either you browse through these 2 Links:
ClickME!
http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=tofger&product=4 (read both 2 pages!!)
and follow/adapt the general removal procedures…

or you tell us, what variant HouseCall/Trendmicro says it is…

It might be that deleting the file is enough, but I’m not sure…
P.S.: some Tofger-variants have backdoor-components, meaning that someone can/could manipulate&read your data, passwords entered etc…

→ if you have important, sensitive or private data on the PC, it might be a good idea to backup your data-files, format and reinstall…