HELP!! I need a step by step to get rid of this trojan it pops uo only when I want to play a game on msn games it says its a virus I have been going on line to play this game and this has never happened before…I know its really not a virus…how can I get rid of this and stop avast for picking up this file as a virus.
Hi monalee2,
This thread deals with this problem win32trojano, using the Search tool in this forum can be very helpful.
You should also look at General Advice&Tools for virus/trojan/malware removal.
HTH David
I have spent hours I have done everything possible I took your advice…the only thing I havn’t done is uninstall avast…I wonder how suzzanah made out with her trojan I know something about computers but I’m still in trouble here someone help pleazzzzzzzzzeee
Hi Monalee,
help us to help you…:
please reread the topic linked by david,
answer theose questions here, and tell us exactly WHAT you did and with what results…
e.g.:
what WIN do you have ? Are all ServicePacks and Windowsupdates applied ? Please CHECK !!Where exactly was the infected File found (full path/folder/filename, e.g. like c:\Windows\system32\virusfile.exe) ?
test the file with OnlineScanners e.g. from Trend, RAV & KAV to get a more specific name. You need to temporarily pause AV-ResidentShield/Monitor/Guard to be able to scan the file online
What did ad-aware, SPYBOT & CWSHREDDER find ?
did you secure your WIN & IE ?
otherwise it might just always ome back again…
and please post the hijackthis-Log
Avast found win32:Trojano-177 on my PC too, on 6-22-04:
It was detected in:
- C:\WINDOWS\Downloaded Program Files\popcaploader.dll
- C:\Program Files\HJT\backup-20040309-204429-273.dll
During repair, I got the following messages:
- popcaploader.dll [L] win32:Trojano-177[Trj] (0) during file repair error occurred: file not repaired.
- backup-20040309-204429-273.dll [L] win32:Trojano-177 [Trj] (0) file successfully repaired.
Online scans at Panda and Trendmicro, plus updated spybot S&D, adaware, and CWSshredder all find nothing. I use XP Home Edition-SP1, all updates installed. Please let me know if this is a false positive or an as-yet unknown trojano variant…
???
Thanks in advance!
cyberdelicat (running Avast free/home edition with latest build)
To all concerned, after following instructions as to how to get rid of trojano-177 nothing worked so I simply uninstalled Avast and reinstalled, this solved my problem…
Thanx monalee… not sure why the mods didn’t respond… :
Google shows this Ad-Aware report:
“[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = h**p://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab”
and it doesn’t seem to be malicious (RAV & KAV don’t complain either…)
So (if a VPS-Update !! doesn’t help):
- like said in the linked advice, please send the file to virus@avast.com , best in password-protected ZIP- or RAR-archive
- include archive-password, and problem description and/or link to this topic in the mail text; clearly state that you suspect a “false positive”