Solved

Trojan.download detected but can't be removed

Posted on 2003-11-20
13
3,087 Views
Last Modified: 2013-11-16
I have Norton system works with the latest virus list available (11/19/03)
Lately I have been getting an error message from Norton telling me it has found a trojan.download virus.

So far it has given me two different paths:
c:\windows\system\sleep.exe       and
c:\documents & settings\jms\local settings\...\apdl[1].exe

when i follow norton's recommended solution to removing the virus it does not find anything. I have turned off stystem restore and started up in Safe mode -- I have even scanned the exact files -- but it does not find anything.
I have also downloaded trojan remover and hijack this -- neither of these programs finds anything.

Could someone please shed some light on this -- as I know I must have something (not to mention all the popups that appear when starting the internet).
0
Comment
Question by:jsnyn
13 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9789504
0
 

Author Comment

by:jsnyn
ID: 9789841
yes - those are the directions i have followed. problem is norton does not find anything -- even though when i start ie, norton will occasionally give me an error message telling me that i have the trojan.download virus detected but it could not repair the file.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9789910
see if HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79FA9088-19CE-715D-D85A-216290C5B738}\InProcServer32 exists in the registry and delete it if it does
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:jsnyn
ID: 9789970
thanks for the help chicagoan - but i do not find that file in the registry
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9790052
tried deleting rather than repairing?
0
 

Author Comment

by:jsnyn
ID: 9790178
Well - i thought about deleting the sleep.exe file - but wasn't sure if that was an important file -- do you know?
0
 
LVL 13

Expert Comment

by:WillHudson
ID: 9795620
Sleep.exe allows you pc to go into standby mode. It's not part of windows, so its safe to delete it.
Apdl[1].exe looks really suspicious - this is definately not part of windows.

After checking, APDL is a Automatic Porn DownLoader program - so i would delete this also.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9796478
If a executable file's been inserted by the malware, you can't repair it.
You can repair data files usually... .doc.xls, etc.
You can always rename a suspicious file until you've had an opportunity to compare it to a known copy.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 9800916
Consider also scanning registry for those names, but look in the keys for running at startup. Delete any in task manager before HD and rebooting. Worst case, revert to prior registry configuration, or simply reInstall the OS, for that often takes less time than debugging unless you want to get into forensics. Don't forget to grab also a personal firewall like sygate or zonealrm that can block and quickly identify the activity of these "auto" background wares, which can get you a better idea of where they came from in the first place. I think Sleep pgm is downloadable, if you want to check that.
0
 

Expert Comment

by:Zam-Buk
ID: 9829480
Delete the APDL and overwrite the sleep.exe with a fresh copy.
Reinstall your spyware/trojan remover and update them.
You may want to enable OS (eg:XP) firewall too other than external firewall programs.
End some of your suspicious system processes especially if they do not belong to system.

As for pop ups, personally I use pop-up stopper to block it. Its free =)
http://www.panicware.com/process_download.html?prdid=PSFREE
0
 
LVL 6

Expert Comment

by:dorkestra
ID: 9835339
Another thing you might try is booting the pc to dos and manually deleting those files....If you find them there.  If you get an access denied message trying to do that it's likely that the virus files are read only (many viruses are) and you can take care of that using the attrib command ex.

attrib -r apdl[1].exe

then

del apdl[1].exe
0
 

Expert Comment

by:khofer
ID: 9841923
try this software, it's really good.. and free
http://www.safer-networking.org/
0
 

Accepted Solution

by:
cdhill earned 125 total points
ID: 9949965
This may be overly simplistic, but have you looked in your quarantine?  I have found that Symantec AV puts things safely into quarantine but will continue to give you warnings until you deal with the quarantined item.  Searching for the item in the path given is always fruitless, and some have mistaken these warnings false positives because of it.  Unfortunately the warning doesn't actually say that the item is in the quarantine.  You may have already done this, but if not it might be worth the 20 seconds it takes.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question