Autoloading Trojan in Registry - NEED to DESTROY!
Posted on 2004-04-24
I'm really tired of these types of infestations. My 13 yr old goes to music & lyrics sites and twice has had an opportunistic trojan affect my PC.
On W2k, use AVG, SPYbot, & ATS(bought after the last time this happened)-all up to date and used as daily scans.
No real problem getting these softwares to do what they were designed to do (multiple checks until is says no viruses found) BUT I have no idea how to determine what the autoloading registry value change was that allows the reloading of this trojan every time I go back on the internet.
As soon as I reconnect to IE, AVG immediately pops up with Trojan Found -Downloader.small.4.BQ found in CS4PO28.exe and/or start page viruses. Then of course it multiplies with all these other viruses and wanna download popups.
I have deleted all the Temp files, searched for all executables created within the last 24 hrs. and deleted them. I'm a novice when it comes to changing registry values, but because of the last trojan, I did go to regedit and searched HK_LM to see if the stcloader.exe files somehow found its way back on my system(result: not found). Maybe its a different .exe file this time?
Anyone have any ideas on what else I need to delete to get this system back to normal. AND other than the obvious (not to let the 13 yr. old back on the PC) how I can prevent future opportunistic trojans from attacking my PC.
Comment: I really don't get it. Why do people write this malicious code? I'ts such a pain in the A-- for everybody.
I really appreciate the help I've found here at experts-exchange and want to thank and commend all who contribute answers to help us try to deal with our IT issues.