Win 32 Trojan Horse

Hi,
I’m new on the forum just wondered if you could help me, yesterday just browsing the net on Ebay Avast puts up it’s alerts an says virus detected so i chose the delete option but now every time i switch on or reset my computer when it loads back to desktop it says virus detected and i cant seem to get rid of it.
The virus is located in the Win 32 directory and it has now stopped my internet from working, I use Zone Alarm Pro firewall which i thought would of worked.

Any help would be greatly appreciated

thanks
nick

Hi nikc87,

Try a boot time scan with avast! Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested.

Scan with DrWeb CureIT!

Try the usual free adware/spyware scanners.

AVG Anti-Spyware Free (Requires Win2k/XP)
Ad-Aware Free
Spybot Search & Destroy
SUPERAntiSpyware Free
a-Squared Free

Download, install and update all the programs. Disconnect from the internet (pull the plug) before running scans in Safe Mode if possible.

Try some online scans. (Disable avast! while scanning.)

F-Secure
BitDefender
Panda
Trend Micro Housecall

If still having problems, post a HijackThis! log.

When you have finished, scan for out-of-date and insecure software using Secunia Software Inspector.

Drive-by malware infections like this (where malware installs just by visiting a website) means your browser or other web-interface software (Sun Java, Adobe Flash, media players etc.) has security vulnerabilities, so this scan is vital.

???
hi,

i’m new member from avast forum. my laptop also detected TROJ_DIALER.SL from C:\windows\system32\winsxf32.dll. after i doing the online free scan (Trend micro housecall), it can detected the virus but still cannot clean up the virus. :cry:

the virus cause my laptop cannot set the default web sites at internet option and keep on pop up the unknown webpages.

please help. :-[

thanks.

hi irene85 why dont u start a new topic for ur self we’ll be glad to look into it ok …
and ur browser seems to be hi jacked … start a new topic and we’ll fix ur laptop :slight_smile:

hi sasin44,

ok.

thanks. :slight_smile:

Hi Irene85,

Follow these steps in removing the Surferbar toolbar. To complete these steps you may have to Start in Safe Mode, however by terminating the running program you should be able to complete the steps normally.

  1. Terminate the running program

Open the Windows Task Manager by either pressing CTRL+ALT+DEL on Win9x machines or CTL+Shift+Tab and clicking on the Processes tab on WinNT/2000/XP machines.
Locate the following program, click on it and End Task or End Process
winsrv32.exe
or
wins32.exe (2nd variation)

Close Task Manager
2) Remove the Registry entries

Click on Start, Run, Regedit
In the left panel go to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

In the right panel, right-click and delete the following entry
c:\program files\winsrv32.exe
or
c:\program files\wins32.exe

Close the Registry Editor
3) Delete the infected files (for Windows ME and XP remember to turn off System Restore before searching for and deleting these files to remove infected backed up files as well).

Click Start, point to Find or Search, and then click Files or Folders.

Make sure that “Look in” is set to (C:\WINDOWS).

In the “Named” or “Search for…” box, type, or copy and paste, the file names:
win32.dll (in the Program Files directory)
winsrv32.exe (in the Program Files directory)
drg.exe (in the root directory)

or

win32.dll (in the Program Files directory)
wins32.exe (in the Program Files directory)
sfbar.exe (in the root directory)

Click Find Now or Search Now.

Delete the displayed files.
4) Change your default Internet home page in Internet Explorer:

Open Internet Explorer
Click on Tools
Click on Internet Options
Click in the Homepage section and reset your homepage to whatever page you would like
Click OK
5) Open Regedit and search for registry keys containing “surferbar”, “adplus”, and “adbar”, and delete these keys.

This should remove SurferBar from your computer.

polonus