trojano-1175

Hi,
I’ve on my computer a trojan. Avast detect it as “trojano-1175” or “trojano-1218”, and when i planify a scan at boot, it detect all (?) files infected and erase them, but the trojan still remain on my computer and launch when i start explorer or iexplorer. I’ve tried others soft like anti-spyware from microsoft or
a-squared but the problem is the same.
After 2 days on trying cleaning up my computer, i don’t know what to do. Can anyone help me ?

Thanks.

In order to help fully we need more information…

  • What OS are you using? is it up to date?
  • What avast! version and VPS file (virus database) number, e.g. 0436-4 (see about avast!)
  • What was the filename, where was it found
    example (C:\windows\system32\infected-filename.xxx)?

How did you discover it, e.g. whilst browsing the web, after a download, routine scan?

Have you cleared your temporary internet files/cache and temp files?

ok, here are informations you resquested :

  • i’m using windows 2000 pro up to date with the last critical patches.
    i’ve also a personnal firewall (kerio) and spybot (with teatimer actived) installed on my computer.

  • the version of avast is 4.6 home edition (downloaded yesterday), the virus database number is 0519-1.
    at the time i write, a new version has been downloaded (0519-2) but no new scan has be made.

  • many files were detected, mostly in c:\winnt\system32 with strange names (with .exe extension), and in
    the last scan it detected corrupted files with something like “:$data” at the end of file’s name (i think
    it’s ADS stream in file, but correct me if i’m wrong).

  • i discovered it whilst browsing the web, because kerio and spybot launched together to warn me that suspects programs tried to execute themselves and/or change the default start page in internet explorer.

  • by default, internet explorer is set to clean up temporary internet files when i close it, and there are only
    few files in temp folder that i can’t erase.

  • when i try to start explorer or iexplorer, the memory grow up fast and i’ve to kill process.
    (maybe because of kerio or spybot or ms anti-spyware, i don’t know exactly)

If you want more informations, fell free to ask me.

Patrice.

Ok with w2k you can use the, schedule boot-time scan in avast’s menu (or try the ‘Schedule Boot-Time Scan’ using RejZoR’s AEC avast! External Control Tool

I’m not sure if that may be an ADS stream issue, I haven’t come across it as I still have my HDD formatted as fat32 not NTFS.

Hijackthis should be able to show you what is running on your system.

Download HijackThis.zip - HiJackThis Tutorial
For an on-line scan of your Hijackthis log file try here http://hijackthis.de/index.php
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.