Hello all,
I was just infected by this trojan; I think it was via an infected flash drive. I think I have managed to remove the worst of it, but there are a few things I can’t figure out. From what I could see, I think it did the following:
Tried to disable the Windows XP firewall
Added a registry entry in: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
I think it was under soundMam and it had an entry about running svohost.exe in the system32 folder
Avast kept detecting an infected file called winscok.dll (yes, it really was spelt like that).
Copied a svohost.exe file in the windows\prefetch folder
Finally, I also noticed that the folder option to view hidden files was irreversibly disabled.
I think I managed to remove the trojan, but now I can’t seem to view hidden files now; whenever I select this option in the folder options, it just goes back to hiding them. Does anyone have any idea how I can repair this?
I suggest that you schedule a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’
– Most Delf Trojans add a Startup entry: Startup Entry Name, SysService - Process Name, SysService.exe
Use Task Manager to End the Process. Also to end the startup entry, Windows Start, Run, type 'msconfig without the quotes, in the new window select the Startup Tab, find the SysService entry and uncheck it.
If something is hiding files, then there is something else on your system, can you give an example of a file/folder that is hidden even after you change the hidden status ?
Thanks for your advice. I’ll try a few more anti-trojan programs.
“If something is hiding files, then there is something else on your system, can you give an example of a file/folder that is hidden even after you change the hidden status ?”
I’ve noticed that whenever I try to view hidden files by selecting the option in the folder options and click on apply, nothing really happens, and if I go back and check in the folder options, the ‘view hidden files…’ option goes back to being unselected.
The Ok button should also save any changes you make so if apply didn’t appear to do anything the OK should save them, that doesn’t appear to be working either.
Thanks DavidR, but I suspect there’s something seriously screwed up with my registry now. I don’t really trust my system anymore. When I have time I might just format and start again.
That may be for the best, but make sure you are prepared. Save your data files to CD, save a copy of the avast setup program file (registration key email, etc., firewall and any other security based programs so you don’t have to go on-line without your defences up.