I am getting the same problem >:( Very frusterating because I can not get rid of it. BTW I do have a wireless connection.
Butercup
I first picked up the same Trojan in DXDIAGN.exe last night. Same symptoms, can’t repair, moved it to my chest.
Just now I’ve picked it up in kbdne.exe and msratelc.exe, and moved them to my chest. All three in the C:\Windows\System32 path.
In fact, just as I typed this, it appeared again in rsmps.exe.
So far, except for the first instance, the alert occurs when I open text files, not .doc files or anything else. I noticed that the filename and path does NOT correspond to the name or path of the file I opened. Google isn’t finding much of anything, other than this thread, and something in what I think is Spanish.
Please post the link/URL
http://www.avast.com/i_idt_1405.html
It’s just avast in a different language.
Hi,
Have you UPDATED avast ?
again: move files not to chest, but to a new, empty folder…
then pause!!! avast shield & test the file(s) with Trend, RAV & KAV (Links above) + do a full scan with SPYBOT, Ad-Aware & cwshredder
→ if they all don’t show infections in the files, send in the files to avast stating it’s a false alarm
- move files back to their original locations and exclude them from detection in mainscanner and GUARD
Hello everyone,
I Also somehow got this virus and I’m useing wireless dsl. I got the same exact trogan except it’s infected my notepad. Everytime I try opening it The trogan warning would pop up. The file that Avast said was infected was called C:\WINDOWS\system32\nddenb32.exe . I’ve tried everything you’ve guys said and I’ve come up with the same results as the others…This trogan can’t be a false alarm, my notepad won’t work now 
Win32: Trojano-090
Hey, I just found out I got this virus as well just 2 hours ago, and have spent the last two frikkin hours trying to diagnose this program. It has corrupted my Notepad and I only noticed this virus when I tried to view an html source code about 2 hours ago.
I’m running Windows XP Pro, Avast, Sygate Personal Firewall, and I don’t see how I got this virus. I am fanatic about Internet privacy to the point of running Adware everyday, deep scanning with Avast every night, and I still fail to understand how I got this virus.
I’ve deleted the whatever was found through pre-scheduled Avast scan before Windows boot, and my notepad is back. So far everything seems normal.
I’ve also dug into the web, and as noted by another member, was unable to find anything regarding this trojan.
I've deleted the whatever was found through pre-scheduled Avast scan before Windows boot, and my notepad is back. So far everything seems normal.
I’ve tried deleting it, but it won’t go away. So I tried moving it to the chest and then deleting it, but it still won’t leave >:( You got your notpad back? How did you manage to delete the trogan? Manually? ???
Boot up Windows in Safe Mode, then run Avast for a scan. It should find the virus/files/problem right away, and will ask you if you want to schedule a scan before windows boots up (before the virus is run in memory). Say yes to reboot Windows. Windows will reboot and the scan will start immediately. Whatever files it found I deleted right away.
The scan should take about 10-20 minutes to complete. When everything is said and done, boot up Windows normally. You will find that at first notepad seems to be gone or is missing. Delete the notepad shortcut in your Start>Programs>Acessories folder because that shortcut no longer works. You can find Notepad in C:\WINDOWS and create a shortcut to replace your old one if you like.
Another side effect that I’ve found is Microsoft Word file association. If you double click on the .doc file, it will say that the file is either corrupt or missing. You can do a right click > open with MS Word and check the “Always use the selected program to open this kind of file” option to regain the association.
Avast didn’t find it, after I placed it in safe mode, and scaned the computer… I’ve also downloaded the lastest updates so I don’t get what I did wrong :-\
Are you sure all you did was placed it in safe mode and then started scanning?
No, you MUST schedule a pre-boot scan - this scan will start before the operating system loads. It doesn’t have to be in safe mode; the only reason I mentioned safe mode was because it was the method that I used to trigger the pre-boot scan.
I too had the same problem ! It kept coming back , the notepad.exe and the win32:Trojan-090[TRJ] ! Newsflash this is the same virus that Symantec has except its called Download.Trojan . This virus is memory resident as well!
Somebody stated correctly with Avast that you need to run a “scheduled” boot scan , this will find the Trojano and give you the option to delete it .
It is in fact the same virus , once I scanned with there online scanner, and Pandas the exact same file came up on both there scans and Trojano came up on Avast
Here is some additional information from Symantec on the “download.trojan” :
Download.Trojan connects to the Internet and downloads other Trojan horses or components.
Variants: Trojan Horse
Type: Trojan Horse
Infection Length: varies
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, UNIX, Linux
Download.Trojan does the following:
Goes to a specific Web or FTP site that its author created and attempts to download new Trojans, viruses, worms, or their components.
After the Trojan downloads the files, it executes them.
Disable System Restore (Windows Me/XP).
Update the virus definitions.
Restart the computer in Safe mode (Windows 95/98/Me/2000/XP) or VGA mode (Windows NT).
Run a full system scan and delete all the files detected as Download.Trojan.
Clear Internet Explorer History and files, if needed.
Av ery good point was mentioned “dis-able the system restore point” because if you dont do this , Microsoft copies everything , including virus data into the restore archive, thus you recaptured the virus and continue to let it replicate over and over again!