Solved

Autoloading Trojan in Registry - NEED to DESTROY!

Posted on 2004-04-24
3
335 Views
Last Modified: 2010-04-13
I'm really tired of these types of infestations. My 13 yr old goes to music & lyrics sites and twice has had an opportunistic trojan affect my PC.

On W2k, use AVG, SPYbot, & ATS(bought after the last time this happened)-all up to date and used as daily scans.

No real problem getting these softwares to do what they were designed to do (multiple checks until is says no viruses found)  BUT I have no idea how to determine what the autoloading registry value change was that allows the reloading of this trojan every time I go back on the internet.

As soon as I reconnect to IE, AVG immediately pops up with Trojan Found -Downloader.small.4.BQ found in CS4PO28.exe and/or start page viruses. Then of course it multiplies with all these other viruses and wanna download popups.  

I have deleted all the Temp files, searched for all executables created within the last 24 hrs. and deleted them. I'm a novice when it comes to changing registry values, but because of the last trojan, I did go to regedit and searched HK_LM to see if the stcloader.exe files somehow found its way back on my system(result: not found). Maybe its a different .exe file this time?
 
Anyone have any ideas on what else I need to delete to get this system back to normal. AND other than the obvious (not to let the 13 yr. old back on the PC) how I can prevent future opportunistic trojans from attacking my PC.

Comment: I really don't get it. Why do people write this malicious code? I'ts such a pain in the A-- for everybody.  
I really appreciate the help I've found here at experts-exchange and want to thank and commend all who contribute answers to help us try to deal with our IT issues.

DMoreland
0
Comment
Question by:Diane_Moreland
3 Comments
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 300 total points
ID: 10907106
Hey

I would surely advise you to check other spyware tools to start with.
http:Q_20945897.html

Check these online virus scanners and see if they all report the same trojan/virus

http://vil.nai.com/vil/stinger/

http://housecall.trendmicro.com/

http://security.symantec.com/

Then use a pop-up blocker

*************
http://home.rochester.rr.com/artcfox/Pop-Down/

http://www.panicware.com/product_psfree.html

http://zdnet.search.com/search?channel=56&cat=279tag=st.zd.sr.srch.zdnet&q=popup+killer

http://12ghosts.com/ghosts/popup.htm
*************

download this tool http://www.techadvice.com/win2000/m/msconfig_w2k.htm
install it
go to start --> run ---> msconfig
go to startup tab
disable all applications. reboot the machine and check if the virus/trojan comes back again.
If not , enable one by one and check if there is any application might be causing this download of trojan

Post back doing all these.
0
 
LVL 1

Expert Comment

by:mclean01
ID: 10909219
What was the name of the trojan?
0
 
LVL 8

Assisted Solution

by:RevelationCS
RevelationCS earned 200 total points
ID: 10921264
i believe this is the virus if I read your post correctly-

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.HB

it should have all of the directions needed to clean the system properly of the virus... also, if you verify with http://housecall.trendmicro.com/  the name of the virus, just to make sure, you should be able to right click on the found virus in the online scanner and pull up the documentation if it shows as anything other than the virus that is listed here...

hope this helps...
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Adprep 12 44
Print Server: NT to 2008 10 575
Outlook 2013 Certicate error 1 282
WMI Uptime Script Reporting Incorrect Number on W2k Server 16 745
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now