Solved

Trojan horse Downloader effect in win\system32...

Posted on 2004-10-16
5
492 Views
Last Modified: 2008-02-01
hi ,
     i have scanned my system through AVG anti-virus and find out that 3 virusus can't  be deleted by antivirus.so i getting warning everytime when i start the system that AVG found the virusus as follows:

Testing C:\WINDOWS\system32 serial F0DE-8D32
C:\WINDOWS\SYSTEM32\SNCNTR.EXE Trojan horse Downloader.Dluca.AR
C:\WINDOWS\SYSTEM32\SP2CTR.EXE Trojan horse Downloader.Dluca.AM
C:\WINDOWS\SYSTEM32\YSLUX.EXE Trojan horse Downloader.Purityscan.M
 anyone can help me how to rid out these files from m system......is  any other software i hav to use?
0
Comment
Question by:lesmydad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 250 total points
ID: 12328459
Hello lesmydad =)

run the scan in Safemode and also try to manually delete those three files if u can find them lying in C:\Windows\System32 folder !!
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12328470
How to get into safemode >> http://www.computerhope.com/issues/chsafe.htm

You can also run Run Stinger in Safemode ==> http://vil.nai.com/vil/stinger
and dont forget to run the Disk Cleanup on ur hard drive in order to delete all those extra junk temp files and also the temp internet files of IE !!

Good Luck :)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12328500
and if u are good at manual editing the registry, then here are some Good instructions on the Removal of this trojan >> http://securityresponse.symantec.com/avcenter/venc/data/downloader.dluca.html

Post back if u still face problems :)
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12328978
Hi lesmydad,

As you can see from the linked Symantec page that Shehar posted, removal of Dluca involves installation of Norton AV. You can download a 30-day trial version of Norton from:

http://nct.symantecstore.com/0142/NAV_2005_trialware.html

Remember to disable System Restore when doing the removal.

To get rid of PurityScan all you need to do is download Spybot Search & Destroy. PurityScan is adware and it's been included in Spybot's reference file since September '03. To maximize protection, run the Update on Spybot before scanning your machine.

That should take care of your problem. Good Vibes!

Lobo
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12329050
OOps!   I forgot. You can download Spybot S&D from:

http://www.gatesofdelirium.com/ee/tools/

Don't forget to run the Update after installation.

Good Vibes!

Lobo
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question