Trojan win32.small-BXP

Hi,

Avast has detected the above subjest virus in C:\windows\new_drv.sys so I did a boot scanning and the virus is still there ?

What I missed ? what should I do ?

Merci

If it is still there there may be something restoring it.

Check out this link found by a google search for the file name and there are other components that may be restoring it, http://sandbox.norman.com/live_2.html?logfile=1533936.

If any of those exist, either rename them or open the virus chest and add them to the User Files section of the chest.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.

  1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.

Also see, Hidden things http://invisiblethings.org

If a virus is replicant (coming and coming again), you should:

  1. Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405
  2. Clean your temporary files. You can use the Windows Advanced Care features for that.
  3. Schedule a boot time scanning again with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot.
  4. Use a-squared, Free AVG Antispyware or SUPERantispyware (trojan removers).
  5. Use the immunization of [url=SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

Looks like a rootkit. Try a few different rootkit scanners and see what they find. Remember that legitimate applications can also hide processes, so check here before deleting anything if you’re not sure.

Here’s a few to try:

http://www.f-secure.com/blacklight/

http://www.freewarefiles.com/downloads_counter.php?programid=22524

http://www.antirootkit.com/index.htm

http://www.trendmicro.com/download/rbuster.asp

That is what I suspected too hence the invisible things link.

However, I’ve just revisited the invisible things site and it doesn’t seem to be keeping pace with developments.

First I thank you for yr replies

I tried all of your suggestions and it cleaned several viruses not visible with Avast but Trojan win32.small-BXP is still there

Regards

Do you have a firewall, if so what ?
Without one or one with outbound protection getting rid of an infection is like pushing a pea uphill with your nose, difficult.

Did you check the link in my first reply and were there any associated files, etc. ?

Can you see it in the windows folder ?

You could try deletion with Unlocker http://ccollomb.free.fr/unlocker/ is also good as it also has a few additional features to not only delete the files but stop any process that is stopping you from deleting a file. When you try to delete it should show if there is a process locking it, make a note of that if there is one and let us know

Hi,

I did carefully all your instructions and I get ride from the virus. In fact I (by mistake) did not see your first message.

Thank-you very much I appreciated your support et bonne soirée :slight_smile:

Glad that we could help, a belated welcome to the forums.

Hi Derembercourt.

The technical info on this malware can be found here:
http://www.symantec.com/security_response/writeup.jsp?docid=2005-121910-1238-99

polonus