My system is affected with a trojan.dialer.pz. I use ewido anti malware. Ewido is able to catch it and quarantine it. But the problem is it is hidden and show up in the window temp folder every now and then. I have scanned fully with avast (current and updated) as well as ewido.

How do I remove it from the system so that it doesnot pop up again and again.

Kindly help.

pscraja.

Try running ewido from safe mode.

If something like this keeps coming back you have a security issue, exercise care in the sites you visit, ensure your browser and OS are fully up to date to avoid vulnerabilities that have been patched. Try a more secure browser, like firefox or opera, they don’t have activeX, BHOs and aren’t integrated into the operating system like IE.

If you haven’t already got this software (freeware), download, install, update and run it.

1. Ad-Aware
2. Spybot Search and Destroy
3. Spywareblaster Don’t install this until you are clean.
4. ClearProg - Temp File Cleaner or CCleaner - Temp File Cleaner, etc.

Some recurring infection (coming and coming again) could be cleaned by:

1. Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405
2. Clean your temporary files.
3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot.
4. Use a-squared or ewido (trojan removers).

Other option is scanning in SafeMode (repeatedly press F8 while booting): http://support.microsoft.com/default.aspx?scid=kb;en-us;315222

Other good thing is disable System Restore, boot, enable it again. If you find a virus keeps coming back after you delete it, it’s most probably infected the System Restore folder, the best way to solve this is to disable System Restore, reboot your machine and then enable it again. After all, run a full avast! scanning. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k.

Enable/Disable System restore on Windows ME: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887
Enable/Disable System restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405

Yes a virus could come from the system restore _Restore points, but only if you do a system restore that includes that _restore point, any malware having been deleted from the system folders is likely to end up here.

However, it is protected storage and the only thing that can play in there is the system restore function, even avast can’t delete infected _restore points, so any multi part virus couldn’t initiate a recovery/restore of the file, it wouldn’t know the unique _restore point it is in.

So if you haven’t used system restore I can’t see anything recovering the virus from the _restore point, it has to be coming from somewhere else IMHO. But I’m open to any confirmatory information that it is possible for a virus (or other malware or element) to recover/restore deleted files from windows protected storage, that is the whole purpose of protected storage so nothing can mess with the system restore functions _restore points.