I have a big problem. A Pc of a friend is infected. Avast releved it as Win32.Trojan-Gen.
An Avast alarm appeare all the time I try to connect to internet.
I tried to check regedit, msconfig and active process but all this application does’nt work! Maybe the trojan are blocking all application in system32 directory.
Also I can’t install a firewall beause the trojan block the firewall process at start!!!
Also read the information on this thread, but do nothing until you could come up with the anwers to DavidR’s questions, then follow his advice.
Interesting to read this: http://www.dslreports.com/forum/remark,9339010~mode=flat
Success with cleaning that computer. Actually were the infected files ISNSYS.DLL & system32.winservn.exe??
S.O. is a WinXP SP1, VPS version is the last avaiable 540-5, on Avast 4.6 pro
The strange things are that if I run a full system scan avast do not releve nothing, but if I try to connect to internet the message appeare. I cant remember the file infected (stupid…), the next time I’ll signe it
I already try a scan with Ad-Aware personal in safe mode, also I cleaned Run directory in the register (in safe mode regedit work)…
What was the filename, where was it found
example (C:\windows\system32\infected-filename.xxx)?
What provider detected it?
I suspect Web Shield because you can’t find anything on your scan. What options were displayed e.g. ‘Abort connection’ Or Repair, Delete, move, move to chest?
To clean a system from malware (and protect it against) follow the instructions in the malware removal section on this website: http://mrspock.dsmirc.co.uk