Trojan horse question

from WinCustomize Forums
I need to appeal to any one of you computer geek guru types. I have a friend with a trojan called "downloader.small.12.bj". She's run AVG, which highlights the program, but won't get rid of it. The only thing I found from a google search was a recommendation to delete the file where it is contained. But, that file is not deletable. Can anyone help with this? Any ideas? TIA



Powered by SkinBrowser!
4,806 views 7 replies
Reply #1 from WinCustomize Forums Top
A lot of times a virus cannot be deleted because it is in the system restore.  Some people advise turning that off if you are cleaning out a virus.  Of course, you will lose all your restore points.
Reply #2 from WinCustomize Forums Top
It probably not deleteable because it's still running and so the file is locked. You'll need to kill the process itself before you can delete the file(s).

If the trojan is worth it's salt it will not let you start up the windows task manager (which you would normally use). One of the earlier worm viruses (sasser or sobig?) did this.

I like to use the SysInternals process explorer in this case http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

One other way is to boot the system from a CD or floppy and delete the file(s) on your HDD. This has it's own set of complications



Powered by SkinBrowser!
CursorFX - Customize your Windows cursor
Reply #3 from WinCustomize Forums Top
Goodmorphing, what a great idea. It never occurred to me to turn off System Restore. We're trying it right now........... I hope it works. Thank you!



Powered by SkinBrowser!
Reply #4 from WinCustomize Forums Top
A lot of times a virus cannot be deleted because it is in the system restore. Some people advise turning that off if you are cleaning out a virus. Of course, you will lose all your restore points.


Goodmorphing, what a great idea. It never occurred to me to turn off System Restore. We're trying it right now........... I hope it works. Thank you!


Ever notice how many people only read or hear what they want, it seems dabe is so excited he didn't see the downfall, nor the more complicated second solution that he should logically try first before doing a solution that has ramifications.

I do hope it works out for you dabe.



Powered by SkinBrowser!
Reply #5 from WinCustomize Forums Top
Me bad.

Just looked up the virus on Symantec, advice just what you are doing. Turn off system restore, update virus software and delete.



Powered by SkinBrowser!
Reply #6 from WinCustomize Forums Top
The only thing I would add to #1 is to then start the computer in safe mode to do the cleaning.
Reply #7 from WinCustomize Forums Top

Ever notice how many people only read or hear what they want,

Like....dabe's a 'she' not a 'he'....

'Ramifications' of turning off 'system restore' to clear virii are approximately zero, as it is a common, necessary requirement for cleaning a system from infection.

Once a system is compromised by virus infection the priority is for its removal, not the retention of 'damaged' restore points.

dabe....if you can access the net [obviously you can]....dl and run Stinger.exe

http://vil.nai.com/vil/stinger/

...it'll sort out the more common virii/trojans.

Failing that, there's other online tools that can help....