Hello,
I’ve been having problems with that Trojan that avast recognizes but can’t eradicate. I’ve tried several ideas I found on the web but it’s still there. SuperAntispyware recognizes it as Trojan.spam-Rucrzy but can’t get rid of it. I’ve tried to boot in safe mode and erase the c:\cd1041.nls file created by the Trojan but doesn’t work. I’ve also tried to replace the infected ndis.sys by a clean version but without any success. Any help or ideas would be welcome.
thanks!!
flrobert
Hi flrobert,
Have you tried a boot time scan with avast!? (Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested.)
Have you tried AVG Anti-Spyware Free?
If still having problems, post a HijackThis! log.
According to the following page, SDFix may remove the infected ndis.sys:
SDFix is available here:
I suspect that it may be the ability of SDFix to deal with rootkits (hidden malware) that enables it to remove this infection, so you could also try these anti-rootkit scanners:
Avast with boot time scan didn’t work, however SDFix seems to have solved the problem. Thank you very much for your help and for replying so quickly to my request. I still don’t understand very well how this totour.exe manages to behave the way it does. I’d be interested to learn more about it. You guys call it a rootkit, is that right? Merci again!
Do you mean didn’t detect or avast did not work? Do you need further help?
Yeah.
I still don't understand very well how this totour.exe manages to behave the way it does.
There may be a clue here:
I bet there's something in the registry that instructs explorer to download totour.exe at first connection availability.
If you haven’t got one already, a third-party firewall can help you control what has access to the internet and may prevent an infection downloading more malware onto your computer:
http://www.geocities.com/dontsurfinthenude/rec_firewalls.htm