How to get rid of the Win32:Horst-GV [Trj] in the TEMP file...

Greetings…
Avast On-access scanner detected the following files with Win32:Horst-GV [Trj]

C:\DOCUME~1\Alex\LOCALS~1\Temp\22exhdda.4.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\27exhdda.4.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\28exhdda.4.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\53exhdda.4.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\58exhdda.4.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\74exhdda.4.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\77exhdda.4.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\SetUp.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\SetUp.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\SetUp.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\SetUp.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\SetUp.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\SetUp.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\SetUp.exe

i have moved all the above files to chest already but avast keep detecting them over and over again in the standard shield scanner and i when i delete them manually from the temp file it keeps coming back…can anyone help me?? and can anyone also tell me where did they come from, so i can be more careful…thanks

There would appear to be an undetected trojan downloader restoring them.

What Operating System are you using ?
What is your firewall ?
It should be capable of blocking unauthorised outbound Internet Connections.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.

  1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.

If nothing is detected it could be that it is hidden, let us know if anything is found.

Hi,
i am using Windows XP Professional SP2
and i am only using the Windows Firewall

I would say you need to look at a third party firewall to protect against unauthorised outbound connections. Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

Thanks for ur advice and suggestion, is McAfee firewall good from protecting Unauthorised Outbound Connections?

so what do i do first in order to get rid of the virus??
scan thecomp with ewido in safe mode and what happen next??
Can u pleas tell me the whole process? thanks

Basically how do i get rid of the undetected trojan downloader??

  1. I have never used McAfee personal firewall, That is why I gave a link to some firewall tests. However the sooner you install a firewall, hopefully the sooner it will block (ask you about) the outbound connection and so no inbound files. It could also identify the process responsible for the downloads.

  2. Having downloaded AVG anti-spyware (a.k.a. ewido), run it from safe mode and report the findings. It may or may not find anything. If not Try the next on a-squared.

  3. First you have to find it, and if either of the two programs do that then they should be able to deal with it. If not we will take further steps, but I don’t want to swamp you with too many options.

I used MFW 3 a long time ago. It had in and out bound blocking capabilies. I don’t imagine the newer versions have changed all that much. Mcafee has a help forum at mcafeehelp.com