Hello to all
I’m new here so hope I am posting this in the right spot.
I recently have had problems with Win XP Home freezing and shutting down on me, and it got to the stage where Windows didnt start.
I was finally able to run check disk, and then Avast anti virus which didn’t detect anything, however when I ran spybot it came up with w32 element trojan worm as part of a desktop shortcut to a Shockwave game Zuma.
After allowing Spybot to remove the shortcut, I created a new shortcut and when I ran Spybot the Trojan was back, so again I allowed it to be fixed and did not create a new shortcut.
The next time I ran Spybot the Trojan was attached itself to the Spybot shortcut on the desktop and so I allowed SpyBot to remove the shortcut. After all this I re-ran Spybot to find it had attacked a different shortcut.
I dont know if this was the cause of the windows problem as xp is now running ok most of the time but I am unable to get rid of this Element Trojan.
So far I have run the following pieces of software, and the only program that detects anything is Spybot.
Avast
Avg
Norton online scan
MacFee online scan
Ad-aware
Ewido
Spyware Doctor
One final thing is that I ran Zuma over the network on a laptop that wasn’t doing anything strange and it started doing strange things so I’m left wondering if the software developers have planted a trojan/spyware in their application for some unknown purpose.
I am hoping someone may be able to tell me if I have a problem or not. If I do have a problem how can I fix it, as this is driving me nuts and any help would be greatly appreciated.
After cleaning out the overwritten files (zeroed), you need to do a fresh install from CD to put these files back.
Filesharing services can seriously harm you computer trough added malware, kazaa and e-donkey etc. are phasing out because they are unsafe, and piracy is illegit.
Thanks for your quick reply.
I have checked the securityresponse as suggested and I can only find 2 damaged files on my computer refferred to.
Autoexec.bat 0 kb
Config.sys 0 kb
Would you be able to tell me how to clean out the overwritten files and reinstall can they just be deleted and copied from Cd or do I need to reinstall Windows xp
Thanks again
Po
Hello Tech
thanks for your reply
This is the message I get from Spybot
ELEMENT
Autostart file
D:\Documents and settings\ViPo.Kg2\Desktop\Shortcut to Lyndell(Newtop).lnk
This is a shortcut to home network connection to a laptop owned by my daughter
If I let Spybot fix problem the shortcut is deleted and I have then run Spybot again and element is detected attached to another shortcut.
So far 8 shortcuts have been deleted
Thanks for taking time to look into this for me
If you run a boot time scanning of avast and a full scanning with ewido, do you get anything?
It’s weird but COULD be a false positive of Spybot IF the shortcuts were there BEFORE the scanning and were not generated by malware.
Yes i have run Avast on boot Ewido in safe mode and nothing has been detected.
You think its weird I think it gets weirder.
A helper on Spybot forum suggested I move all shortcuts to a folder. I did including the last shortcut detected with element.
The folder is on desktop.
Now after 2 scans with Spybot nothing has been detected.
Does that mean prob solved or is it just hiding?
Thanks for your help I’ll wait and see what happens
What I suggest you do to prevent this in the future is to run CCleaner. This if you check the appropriate boxes takes all the crap from various anti-spyware and adware programs. I use CCleaner together with System Security Suite both from inside a mem stick. Works beautiful for me. Some like URL Explorer for they can analyze what is in their cache. Sometimes you have to leave cookies there for specific sites and some ISPs don’t like you to clean out their cookies. The world likes tracking you, you know?
