Hi,
I’ve on my computer a trojan. Avast detect it as “trojano-1175” or “trojano-1218”, and when i planify a scan at boot, it detect all (?) files infected and erase them, but the trojan still remain on my computer and launch when i start explorer or iexplorer. I’ve tried others soft like anti-spyware from microsoft or
a-squared but the problem is the same.
After 2 days on trying cleaning up my computer, i don’t know what to do. Can anyone help me ?
i’m using windows 2000 pro up to date with the last critical patches.
i’ve also a personnal firewall (kerio) and spybot (with teatimer actived) installed on my computer.
the version of avast is 4.6 home edition (downloaded yesterday), the virus database number is 0519-1.
at the time i write, a new version has been downloaded (0519-2) but no new scan has be made.
many files were detected, mostly in c:\winnt\system32 with strange names (with .exe extension), and in
the last scan it detected corrupted files with something like “:$data” at the end of file’s name (i think
it’s ADS stream in file, but correct me if i’m wrong).
i discovered it whilst browsing the web, because kerio and spybot launched together to warn me that suspects programs tried to execute themselves and/or change the default start page in internet explorer.
by default, internet explorer is set to clean up temporary internet files when i close it, and there are only
few files in temp folder that i can’t erase.
when i try to start explorer or iexplorer, the memory grow up fast and i’ve to kill process.
(maybe because of kerio or spybot or ms anti-spyware, i don’t know exactly)
If you want more informations, fell free to ask me.
Ok with w2k you can use the, schedule boot-time scan in avast’s menu (or try the ‘Schedule Boot-Time Scan’ using RejZoR’s AEC avast! External Control Tool
I’m not sure if that may be an ADS stream issue, I haven’t come across it as I still have my HDD formatted as fat32 not NTFS.
Hijackthis should be able to show you what is running on your system.
Download HijackThis.zip - HiJackThis Tutorial
For an on-line scan of your Hijackthis log file try here http://hijackthis.de/index.php
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.