system
13
Eddy, I will, thank you.
Whocares, you are likely right I’ll check about them. I already noticed that ‘mfmedia.exe’ has something to do with them because when it runs, ‘teatimer’ of SpyBot shows that an entry of ‘plugin1.exe’ is added!
On the other hand, I think I found the steps to get rid of ‘Trojano-169 [Trj]’
First I noticed that it is reinstalled by ‘Win32:Dialui-B [Trj]’ that resides in “C:\pagefile.sys”.
“C:\pagefile.sys” is an option (Virtual Memory) by Windows (mine is XP) as an extension to the internal RAM.
So before performing boot full scan of "C:" (by Avast), I disabled first this Vitual Memory:
Start → Control Panel → Administrative Tools → Computer Management
→ [at left, right click] Computer Management (local) → Properties
→ Advanced → Performance, Settings → Virtual Memory, Change.
Before selecting ‘No paging file’ I took a note about the custom size (Initial and Maximum size) so I can set them again after trojan removal.
I rebooted then deleted, during Avast scan, the files having ‘Trojano-169 [Trj]’ or ‘Win32:Dialui-B [Trj]’
I Shutdowned the PC for few minutes to clear the RAMs (just in case!
)
I turned on the PC and checked that the deleted files don’t exist.
My final step was to re-enable the virtual memory to its previous settings.
Obviously from early stages, ‘Turn off System Restore’ is already checked in System Properties → System Restore.
Unless I missed something, I thought that writing what I did might help others having the same trojan.
Kerim