Avast detected these two trojans; I deleted them but they keep coming back. Need help, thanks.

We need more information to be able to help you. Please give your OS, other security software you use, the complete file name of what is found, etc.

Also, delete is not a good first option. You should,if possible,quarantine it to the Chest where it can do no harm and will be available for farther investigation.

By the way, welcome to the forums.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.

Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate. Whist this might not be a problem with this particular detection it isn’t a good habit to get into.

Do you happen to use the AutoIt application ?

The are likely to be other (undetected) elements to this infection, either restoring or downloading them again, what is your firewall ?

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.

1. If using winXP AVG anti-spyware (formerly Ewido) Resident scanner during trial On-Demand after trial ends. Or SUPERantispyware On-Demand only in free version. Or Spyware Terminator Resident scanner. Or a-Squared free On-Demand only with free version(if using win98/ME).

If after David’s advices you still detecting any strange behavior or even you’re sure you’re not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

Os is:XP Pro
I use: Spy sweeper; AVG Anti-spyware; and Avast Anti-Virus; No firewall
Avast detected following;
9/7/2007 11:19:38 PM SYSTEM 1452 Sign of “Win32:Winfixer-F [trj]” has been found in “http://download.errorsafe.com/files/installers/ErrorSafeNewReleaseInstall.exe” file.
9/8/2007 9:41:42 AM Administrator 3024 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\Documents and Settings\Administrator\My Documents\Misc\silver-cnet-MySearch-rsaure.exe{tmp}\MyBar.exe[Embedded#040d0][Embedded#04200]” file.
9/8/2007 9:43:09 AM Administrator 3024 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\Documents and Settings\Administrator\My Documents\Misc\silver-cnet-MySearch-rsaure.exe{tmp}\MyBar.exe[Embedded#040d0][Embedded#43348]” file.
9/8/2007 9:43:22 AM Administrator 3024 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\Documents and Settings\Administrator\My Documents\Misc\silver-cnet-MySearch-rsaure.exe{tmp}\MyBar.exe[Embedded#500d0][Embedded#04110]” file.
9/30/2007 5:06:28 PM Administrator 3700 Sign of “Win32:Downloader-KK [trj]” has been found in “C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GLI5EXCT\ErrorSafeNewReleaseInstall[1].exe” file.
9/30/2007 5:21:20 PM Administrator 3700 Sign of “Win32:AutoIt-V [trj]” has been found in “C:\Documents and Settings\Administrator\My Documents\Unzipped\UBCD4WinV30.exe\plugin\Registry\ServicesPE\ServicesPE.exe” file.
9/30/2007 5:32:52 PM Administrator 3700 Sign of “Win32:Downloader-KK [trj]” has been found in “C:\Program Files\Alwil Software\Avast4\DATA\moved\ErrorSafeNewReleaseInstall[1].exe.vir” file.
9/30/2007 5:32:52 PM Administrator 3700 Sign of “Win32:AutoIt-V [trj]” has been found in “C:\Program Files\Alwil Software\Avast4\DATA\moved\ServicesPE.exe.vir” file.
10/1/2007 1:31:50 AM Administrator 4048 Sign of “Win32:AutoIt-V [trj]” has been found in “C:\Documents and Settings\Administrator\My Documents\Unzipped\UBCD4WinV30.exe\plugin\Registry\ServicesPE\ServicesPE.exe” file.
10/1/2007 1:47:53 AM Administrator 4048 Sign of “Win32:Downloader-KK [trj]” has been found in “C:\Program Files\Alwil Software\Avast4\DATA\moved\ErrorSafeNewReleaseInstall[1].exe.vir” file.
10/1/2007 1:49:05 AM Administrator 4048 Sign of “Win32:AutoIt-V [trj]” has been found in “C:\Program Files\Alwil Software\Avast4\DATA\moved\ServicesPE.exe.vir” file.
10/1/2007 10:01:34 AM Administrator 4076 Sign of “Win32:AutoIt-V [trj]” has been found in “C:\Documents and Settings\Administrator\My Documents\Unzipped\UBCD4WinV30.exe\plugin\Registry\ServicesPE\ServicesPE.exe” file.
10/2/2007 11:42:39 AM Administrator 1104 Sign of “Win32:AutoIt-V [trj]” has been found in “C:\Documents and Settings\Administrator\My Documents\Unzipped\UBCD4WinV30.exe\plugin\Registry\ServicesPE\ServicesPE.exe” file.
10/2/2007 4:59:33 PM Administrator 1668 Sign of “Win32:AutoIt-V [trj]” has been found in “C:\Documents and Settings\Administrator\My Documents\Unzipped\UBCD4WinV30.exe\plugin\Registry\ServicesPE\ServicesPE.exe” file.

You really should be using a firewall … at least activate the built-in XP firewall as it is better than no firewall.

A firewall is an absolute essential and I’m afraid in your case XP simply won’t cut it as it doesn’t provide outbound protection.

You only have to look at some of the detections in your list.
The first (in the list) is an attempt by something on your system to contact a web site to try and download malware, fortunately detected and blocked by avasts web shield. Please modify your post for the link to this detection to avoid accidental exposure, e.g. http :// download . errorsafe.com/files/installers/ErrorSafeNewReleaseInstall.exe, this way the link isn’t active.

Others show the presence of a downloader Win32:Downloader-KK, this if missed by avast (and there might be others) would be connecting to a malware site do download more malware, the XP firewall if running would let this in as the request comes from your system, hence the need for a firewall to block unauthorised outbound connections.

Another concern is all this is in the Administrator account, which has the highest priority/permissions and could effect all other users. You shouldn’t really be using the Administrator account for general use.

Without a firewall it will be an uphill strugle to get clean as much as you remove others will take its place. There are many freeware firewalls such as, Comodo, PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.
See http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php later set of results

Actions required:

1. Get a firewall very soon and as an absolute minimum enable XP’s until you do, it is better than nothing.

2. You could also try an on-line malware scan, http://www.pestscan.com/ or http://www.spywareinfo.com/xscan.php, once you connect to the site just before starting the scan, pause the Standard Shield to avoid any possible conflict, enable it immediately the scan is complete.

3. You need to download and run some of the other tools (one at a time to see if anything can be found) I gave links to to try and find any undetected elements.

4. If necessary after the above checks you may need to check out some of the tools mentioned by Tech.

anybody know how to fix this??? Need help fast!!!

this is a new thing for me, my computer will not let me send it to the chest I keep getting pop ups and my pop up blocker is set to high it is in c:/documents and settings/application data/errsafenewreleaseinstall[1].exe is infected by win32:downloader-kk[trj]…PLEASE HELP

how do I get help no one is helping??? I need this fixed like yesterday win32:downloader-kk[trj] is ruining me

Welcome to the forums, fireangel120.

Please download HijackThis from the link below. Do not download HJT to the desktop but instead download it into it’s own folder on the hard drive.

Run the program but do not make any fixes and then post the log results using the “copy & paste” method. It will probably take more than one post to be able to get the complete log posted.

OR, you can post it as an attachment to your post by clicking on “Additional Options…” below left of the posting box. Someone will review your log and then offer help.

http://filehippo.com/download_hijackthis/

Sorry you wait 2 minutes before posting again and less than 4 minutes to say no one is helping you, but you post to a topic over a year old. This forum in comparison to many others is fast but I don’t think we can match your expectations of help in 2-6 minutes.

Whilst some of the tools previously suggested are no longer the most current/efficient, SuperAntiSpyware is still available and one of the more effective tools, but you don’t say if you have tried any of the previously mentioned tools (that would have been a good start point whilst waiting) ?

Add to that a new (in terms of this out dated topic) MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.