Avast identifies a trojan as “AILI trj” but cant get rid of it. Trojan replicates itself in the window temp directory when an attempt to delete it is made by manual or by avast. This occurs as well during a bootup scan. Any suggestions. OS is WinXP pro.
What is the file name ?
When it is replicated is the file name the same or are these file names randomly named ?
If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
-
- MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware (SAS). On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
file name is 4ce3fcaf.qsp and changes.
Running Endian Firewall. Tried mbam, boot with Avast scanning, Panda online scan, Dr. Web. Still came back
Does anything in this link ring any bells, e.g. do you happen to have this software installed ?
No, doesn’t ring any bells. I noticed that it first started out creating temp files in the users temp directory. When I deleted those while watching process explorer it started to create the qsp files in the windows/temp folder. Symantec finds it the files and now quarantines them, but I cannot discover the source. I am now running another antivirus check in safe mode over night to see if that shows up anything.
You haven’t got symantec installed at the same time ?
As that can bring its own sort of pain in the form of conflict.