Trojan horse Downloader effect in win\system32...

Posted on 2004-10-16
Last Modified: 2008-02-01
hi ,
     i have scanned my system through AVG anti-virus and find out that 3 virusus can't  be deleted by i getting warning everytime when i start the system that AVG found the virusus as follows:

Testing C:\WINDOWS\system32 serial F0DE-8D32
C:\WINDOWS\SYSTEM32\SNCNTR.EXE Trojan horse Downloader.Dluca.AR
C:\WINDOWS\SYSTEM32\SP2CTR.EXE Trojan horse Downloader.Dluca.AM
C:\WINDOWS\SYSTEM32\YSLUX.EXE Trojan horse Downloader.Purityscan.M
 anyone can help me how to rid out these files from m  any other software i hav to use?
Question by:lesmydad
  • 3
  • 2
LVL 65

Accepted Solution

SheharyaarSaahil earned 250 total points
ID: 12328459
Hello lesmydad =)

run the scan in Safemode and also try to manually delete those three files if u can find them lying in C:\Windows\System32 folder !!
LVL 65

Expert Comment

ID: 12328470
How to get into safemode >>

You can also run Run Stinger in Safemode ==>
and dont forget to run the Disk Cleanup on ur hard drive in order to delete all those extra junk temp files and also the temp internet files of IE !!

Good Luck :)
LVL 65

Expert Comment

ID: 12328500
and if u are good at manual editing the registry, then here are some Good instructions on the Removal of this trojan >>

Post back if u still face problems :)
LVL 17

Expert Comment

ID: 12328978
Hi lesmydad,

As you can see from the linked Symantec page that Shehar posted, removal of Dluca involves installation of Norton AV. You can download a 30-day trial version of Norton from:

Remember to disable System Restore when doing the removal.

To get rid of PurityScan all you need to do is download Spybot Search & Destroy. PurityScan is adware and it's been included in Spybot's reference file since September '03. To maximize protection, run the Update on Spybot before scanning your machine.

That should take care of your problem. Good Vibes!

LVL 17

Expert Comment

ID: 12329050
OOps!   I forgot. You can download Spybot S&D from:

Don't forget to run the Update after installation.

Good Vibes!


Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now