I’m having the same problem with this virus as another poster. I am using win xp. I have done the following:
Removed system restore
Deleted temp internet files
scheduled boot scan
The boot scan did delete the file, but when I reboot it shows back up again.
When I try to delete from avast I get the “file being used by another app” message.
Again, I can delete it by doing the boot scan, but it reappears on every restart or reboot.
Thank you for the response. I’ve tried the steps outlined in the post mentioned. The boot scan does find and delete the file, but when the system boots avast again flags the same file and gives the trojan warning. I have double checked and I have system restore checked off. I have done those steps three different times but I cannot boot the computer without getting the virues warning.
I’ve submitted a ticket to avast but hoping someone has another suggestion?
I have one other thought about this. My computer is an HP Pavilion 3400+ and they come standard with an hp recovery system . Could this be where the virus is being restored from?
Avast version 4.6 Home edition
VPS file version 0604-1 compilation date 01/24/2006
File location: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NSQYPXYD\gdnUS1391[1].exe[Yoda]
Note that the locations remains the same up tp \Content.IE5. The next folder name will change, then the rest stays the same.
Malware name: Win32:Trojano-3295 [Trj]
Malware type: Trojan Horse
I use ZoneAlarm version 5.1.011.000 with truevector
I’ve run Ad-aware. Spybot has been giving me problems (crashes). Will uninstall and reinstall.
Also, since my last post I have run a thorough scan with archive checked from windows safe mode. Took 3 1/2 hours. Avast found and deleted 8 infected files. When it booted on completion of the scan, the avast again found the virus.
I’ve downloaded the suggested program and will install and run it. Will let you know results.
I also suggest that you update your firewall ZA free is on 6.1.?? I think wwith better outbound protection.
Since your firewall is well out of date, makes me ask is your OS up to date (SP2 plus latest Security updates)? If this virus is taking advantage of an expliot (it could continue to come back) that has since been patched you should update.
Thanks for all the advice. Running ewido caught 72 infected items for quarantine. When I rebooted and ran the avast boot scan it did again catch the trojan virus and deleted it.
And this time it did not reappear. So ewido must have caught whatever else was restoring the virus.
I am still at SP1 (I know, I know). So I will update to SP2 as well as get Zonealarm up to date.
Again, I really appreciate the help!
thanks,
charlie
use weboot spysweeper.
reboot into safe mode
login as a user other than root administrator. (the user can have admin rights)
start a scan with spysweeper and it will detect then remove it.
I’ve had no issue with this trojan or downlaod.ruin after sweeping in safe mode