Link to home
Start Free TrialLog in
Avatar of NoDough76
NoDough76

asked on

Trojan Horse Problem

I ran my anti virus software and it says I have Trojan horse Downloader.VB.3.BH how do I get rid of it? My anti-virus software won't do it.
Avatar of sajuks
sajuks

Download AVG for free from http://www.grisoft.com/us/us_index.php
Make sure that you've the latest dat and patches.
Run in safe mode.
That should do the trick
Do these

a) Boot to normal mode
go to start --> run--> msconfig

go to startup tab and disable all applications except anti-virus and firewall
go to services tab and check "hide microsoft services" and then uncheck all services there

restart the machine

b) Run these tools both in Normal mode and Safe mode
Download Stinger from here : http://vil.nai.com/vil/stinger/  and run it.
Use this Online virus scanner also : http://housecall.trendmicro.com/

c) Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

d) Some of the experts here have helped in compiling all the important spyware tools and they are listed in this thread
https://www.experts-exchange.com/questions/20975384/Standard-response-material-re-Spyware-Adware-BHOs-and-other-Malware.html

My recommendation would be to start with Spybot ,Ad-ware ,CWshredder.After installing them, First Update them and then run

Once running all the above tools and others given in that thread, download and run Hijackthis.
Download Hijacthis from here http://www.softpedia.com/public/cat/10/17/10-17-69.shtml.
Get the log from Hijackthis and save the log and paste it here http://hijackthis.de/index.php?langselect=english to analyze it. The analyser site is used so that you donot gum up the thread with the entire log.

Remove the bad ones that the site reports. If it says unknown process, then use a search engine to check if those are bad ones. If bad remove them , if you still cannot find then post those files alone here.


Post back if you need more help

SR
This trojan mostly resides in System Restore folder, so if u are using WinXP\ME then plzz turn off ur system restore, run ur av scan in safemode and then boot back and enable System restore and create a New Restore point !!
Check if ur av still picks it up or not ??

How to turn off ur System Restore in WinME\XP >> http://www.pchell.com/virus/systemrestore.shtml
Avatar of NoDough76

ASKER

The Virus is still in my system it resides in this location:     C:\Documents and Settings\Yusuf\Local Settings\Temporary Internet Files\Content.IE5\1C1GHV2E\UCSearch[1].CAB:\UCSearch.ocx   I typed the file into the hijack this program and it said the file was invalid.
Did you login to safe mode and clear temp internet files and cookies
also remove temp folder contents going to safe mode
sorry about the new question i didn't know if i was supposed to do that or not. to answer your question, I did clear all of the Temp Itnternet files i didn't remove all of the cookies but I will try that now.
ASKER CERTIFIED SOLUTION
Avatar of SheharyaarSaahil
SheharyaarSaahil
Flag of United Arab Emirates image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks so much! All of you are wonderful.   Salaam
NoDough76

So going to safe mode , deleting all the contents of temp folder , didnot work for you ?
Wsalaam :)
glad the issue was resolved for u.... and just try to remember that this Content.IE5 folder can be removed easily, and shud be removed on regular interval to get rid all the junks temporary internet files.... and the best place to remove it is from safemode !! Cheers ^_^
Shehary ,

if removing the folder and contents are the same , does it mean this comment of mine before yours went unnoticed

Comment from sunray_2003
Date: 10/30/2004 12:43PM EDT
 Your Comment  


Did you login to safe mode and clear temp internet files and cookies
also remove temp folder contents going to safe mode


sunray plzz dont take it as harsh, just let me explain,,,, :)

u can see that u asked to delete Temp Internet Files and user went and deleted the Temp File from IE,,,, and after ur above comment u can see that he\she returned to tell that he\she has already deleted them and no luck !!

Try it urself, delete ur Temp Internet Files from IE options, then boot into safemode and open C:\Documents and Settings\ur useraname\Local Settings\Temporary Internet Files folder, u will still see that ContentIE folder will still be residing there and even when u will open it, u can see most of the files and pics still there, and most importantly u will see the Index.dat file there which has all the websites stored in it (and most of the malwares take advantages of this thing).

That was the reason i asked to Completely remove this folder manually.... and not to delete the TIF from IE options.
That is all i can say :)
I am not sure what the user thought about this

>> also remove temp folder contents going to safe mode

It is OK,shehary ..I get frustated when something like this happens..
sometimes the confusion between temporary internet files and temp folder can change the whole meaning.... even i thought that u are pointing to local settings\temp folder's contents !! =\
Before I Start I just want to say Ramadan Mubarak to  Sheharyaar Saahil and then I want to say to sunray that I think that all of the solutions have been helpful in helping me understand the problem. I went to delete my temp internet files and as Sheharyaar said the virus remained. I am truly grateful to all of you and this is an excellent service that you all provide.   Salaam
Also sunray I tried to split the points because after I did what Sheharyaar said I began to understand what you were saying.
Thanks for coming back. It is just the question of whether deleting the contents of folder helped or the folder itself.

I will just quit here saying , as long as your issue is solved it is fine but give credit to those who helped you in fixing the issue .
The least you can do is splitting the pts. Whether it is relevant here or not depends on you but I see a bad trend going in XP TA now-a-days , where experts comments are not given the proper credit that needs to be given.
>> I just want to say Ramadan Mubarak to  Sheharyaar Saahil

Thank you and same to u :)
btw its already the 17th one here,,,, im at middle east,,, and u ?? :)
>> I just want to say Ramadan Mubarak to  Sheharyaar Saahil

Thank you and same to u :)
btw its already the 17th one here,,,, im at middle east,,, and u ?? :)
 
 
 
It's the 16th one here,, I am in USA. I hope you are having a good one insha allah.
yeah Alhamdulillah.... they are going good :)