|
-
January 7th, 2005, 01:51 PM
#1
Registered User
Downloader.Trojan
Ok one of my knuckle head users has a virus…Downloader.Trojan..I cant delete, fix or quarantine it. I have tried safe mode and everything…any suggestions??!!
Last edited by syrnypolice; January 7th, 2005 at 01:54 PM.
-
January 7th, 2005, 02:28 PM
#2
Registered User
What OS? If it's XP make sure you turn off System Restore and scan it again in safe mode.
-
January 7th, 2005, 02:35 PM
#3
Registered User
 Originally Posted by shamus
What OS? If it's XP make sure you turn off System Restore and scan it again in safe mode.
Its Win XP and I have tried all of that. Disabled system restore, rebooted in safe mode. I tried going to the physical file and deleting it, but I got an error saying that I couldn’t because it was write protected. I checked the properties of the file and there was nothing I could see that would cause this. I see myself reloading the whole friggin machine.
Symantec finds it but than says it cant do anything with it. 
Last edited by syrnypolice; January 7th, 2005 at 02:37 PM.
-
January 7th, 2005, 02:45 PM
#4
Registered User
-
January 7th, 2005, 02:53 PM
#5
Registered User
Look for autostart entries in hklm\software\microsoft\windows\currentversion\run ...., hkcu\software\microsoft\windows\currentversion\run ...., as well as in startup. Then run a virus scan and delete all files detected as infected.
-
January 7th, 2005, 02:57 PM
#6
Registered User
There's an option on the tools page of hijack this to delete a file on reboot.
-
January 7th, 2005, 02:58 PM
#7
Registered User
You might also try running sysclean from Trend Micro with the latest pattern file.
-
January 8th, 2005, 12:59 AM
#8
Registered User
If the file system is NTFS then you might not have permission to access the file, some tricky bstrd ad/spyware has done that to me in the past.
To check if this is the case, log into administrator (it has to be administrator and not an administrator enabled account) in safe mode and check the properties on the file. I obviously can't check now cause I'm not logged on as administrator, but if I remember correctly there is a new tab there that isn't there under any other account (as far as I know) called Security.... grrr damnit gonna rebot my third machine here to check it out... one sec 
OK yeah Security Tab... then at the bottom hit the advanced button, add the administrator account to the permissions and specifcally I don';t remember eactly what I added and/or change but it took me 15-20 minutes of messing and I got it... so see if that's why.... let me know if it worked for ya...
"We must always fear the wicked. But there is another kind of evil that we must fear the most, and that is the indifference of good men." -- Monsignor; The Boondock Saints.
-
January 10th, 2005, 08:54 AM
#9
Registered User
Ok I came in Monday and the virus is not being detected. I had removed it and placed it into a new file in order to try and delete the infected file. Some times I have found this to work. Well it didn’t as of Friday, but today I come into work and Norton is no longer detecting the darn thing during the real-time scan. That’s how we discovered the virus in the first place.
Any way I went to the file in its new location and scanned it for a virus, nothing was found. So I tried deleting it, I was able to. Friday I was unable to delete it, access was denied. I don’t know what happened but it seems to be gone. No more viruses. Thanks for your help.
-
January 17th, 2005, 09:04 AM
#10
 Save your time mate and give this a try,... it worked for me in ten minutes!
Hi,
I spent 12 hours yesterday trying to get the damn 'Downloader.Trojan' off my computer. [Symantec's most recent update for this is June 2002!]
I looked in all the forums, did all the usual 'update your virus definitions' in Norton Antivirus, multiple scans in safe mode, downloaded four 'spyware' softwares, and none of it worked!
The only thing I managed to get to work was the 'Trojan Eliminator'! Go to this URL and download it FR~EE for 30 days. (Though I'd bookmark it too, 'cos if you get another trojan it will save you trying to find it again! ;o)
http://www.alarural.com/rd/trojan_eliminator.html
Let me know if you need any help with it. (I don't think it will be named the same, but my exe file was called: xqexwbx.exe and was in the WINDOWS main directory C:\WINDOWS\xqexbx.exe)
Hope it helps!
Kyle
-
January 17th, 2005, 04:14 PM
#11
Registered User
The problem with download.trojan viruses is that there are significant number of variants out there... the way you removed yours may not be able to remove new variants but it's a new start.
I remember when Download.Trojan.BA was new... that one took me a while to figure out and it was permission. The file somehow had set itself up that nobody owned the file so therefore nobody could delete it until you had the administrator account in safe mode set the permission... even the registry keys that called the file had to have the permission set the same way to remove them...
It's all part of being a tech tho... some genius that should be on our side, but is on thiers figures out a new way to make our job that much more difficult... The BA virus is now easily removed with new virus engines; however, the older ones still have difficulty with it...
"We must always fear the wicked. But there is another kind of evil that we must fear the most, and that is the indifference of good men." -- Monsignor; The Boondock Saints.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks