• Welcome to Valhalla Legends Archive.
 

AHHHH TROJANS plz assist!!!

Started by THC, January 25, 2004, 01:16 AM

Previous topic - Next topic

THC

I am having a problem delete some trojans I discovered on my computer they PWA-Narod.dll, PWA-Narod, Reg/Seeker trojan viruses. They are in my _restore/archive file but i am denied access to these files. They may not be manually deleted b/c they are in use OR it resides on a write protected media. If someone can help me out it would be MUCH appreciated.

Grok

#1
Which operating system and version are you using?

First thing is to run housecall and see if that helps.

http://housecall.trendmicro.com

Removing trojans isn't hard, you just need to prevent them from starting themselves up.  That requires killing them and cleaning their load points.  For that, you'll need to know the places in the registry where they are loaded.  SysInternals has a tool to show that as well.

THC

#2
I know where they are, it's just the fact that for some reason i cant gain access the archives on that file. and in some other areas i am denied access now too which is new, i was able to enter them before. i tried to clean these files, they cannot be cleaned, deleted or quarentined.And also i looked at your housecall hyperlink but i dont see a free d/l'able version.

K

Quote from: §THC§ on January 25, 2004, 01:40 PM
I know where they are, it's just the fact that for some reason i cant gain access the archives on that file. and in some other areas i am denied access now too which is new, i was able to enter them before. i tried to clean these files, they cannot be cleaned, deleted or quarentined.And also i looked at your housecall hyperlink but i dont see a free d/l'able version.

You can't delete them because they were archived by the system restore service.  If you've already disabled and deleted them, you should simply be able to create a new restore point to remove them from the backup.

MrRaza

SpyBot Does that!

http://www.thedragonmaster.net/MrRaza/Spyware%20Removal%20Tools/ look in there, Spybot should should all your problems!

THC

Thats just the problem they cant be deleted......i cant get to the files. they are in use. how do i stop the  files from being in use.

Skywing

#6
Quote from: §THC§ on January 25, 2004, 06:04 PM
Thats just the problem they cant be deleted......i cant get to the files. they are in use. how do i stop the  files from being in use.
Try disabling System Restore (or whatever it's called) and then deleting the restore directory.

iago

Try booting in safemode first,  F8 while booting.

Also, make sure they aren't booting on startup by running msconfig.

And you don't download housecall, it's done online.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


MrRaza

Quote from: MrRaza on January 25, 2004, 03:10 PM
SpyBot Does that!

http://www.thedragonmaster.net/MrRaza/Spyware%20Removal%20Tools/ look in there, Spybot should should all your problems!

On a second note, SpyBot, checks to see whether or not the infected files are in memory. So upon reboot, it removes them before most of the OS has even started up.

Hostile

Tell you what, I'll give you this program that gives me total access to your computer and remove it for you, sound good?
- Hostile is sexy.