Trojan Horse Problem

I ran my anti virus software and it says I have Trojan horse Downloader.VB.3.BH how do I get rid of it? My anti-virus software won't do it.
NoDough76Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sajuksCommented:
Download AVG for free from http://www.grisoft.com/us/us_index.php
Make sure that you've the latest dat and patches.
Run in safe mode.
That should do the trick
0
sunray_2003Commented:
Do these

a) Boot to normal mode
go to start --> run--> msconfig

go to startup tab and disable all applications except anti-virus and firewall
go to services tab and check "hide microsoft services" and then uncheck all services there

restart the machine

b) Run these tools both in Normal mode and Safe mode
Download Stinger from here : http://vil.nai.com/vil/stinger/  and run it.
Use this Online virus scanner also : http://housecall.trendmicro.com/

c) Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

d) Some of the experts here have helped in compiling all the important spyware tools and they are listed in this thread
http://www.experts-exchange.com/Web/Browser_Issues/Q_20975384.html

My recommendation would be to start with Spybot ,Ad-ware ,CWshredder.After installing them, First Update them and then run

Once running all the above tools and others given in that thread, download and run Hijackthis.
Download Hijacthis from here http://www.softpedia.com/public/cat/10/17/10-17-69.shtml.
Get the log from Hijackthis and save the log and paste it here http://hijackthis.de/index.php?langselect=english to analyze it. The analyser site is used so that you donot gum up the thread with the entire log.

Remove the bad ones that the site reports. If it says unknown process, then use a search engine to check if those are bad ones. If bad remove them , if you still cannot find then post those files alone here.


Post back if you need more help

SR
0
SheharyaarSaahilCommented:
This trojan mostly resides in System Restore folder, so if u are using WinXP\ME then plzz turn off ur system restore, run ur av scan in safemode and then boot back and enable System restore and create a New Restore point !!
Check if ur av still picks it up or not ??

How to turn off ur System Restore in WinME\XP >> http://www.pchell.com/virus/systemrestore.shtml
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

NoDough76Author Commented:
The Virus is still in my system it resides in this location:     C:\Documents and Settings\Yusuf\Local Settings\Temporary Internet Files\Content.IE5\1C1GHV2E\UCSearch[1].CAB:\UCSearch.ocx   I typed the file into the hijack this program and it said the file was invalid.
0
sunray_2003Commented:
Did you login to safe mode and clear temp internet files and cookies
also remove temp folder contents going to safe mode
0
NoDough76Author Commented:
sorry about the new question i didn't know if i was supposed to do that or not. to answer your question, I did clear all of the Temp Itnternet files i didn't remove all of the cookies but I will try that now.
0
SheharyaarSaahilCommented:
>> C:\Documents and Settings\Yusuf\Local Settings\Temporary Internet Files\Content.IE5

can u see this Content.IE5 folder..... u have to Delete this WHOLE folder from ur Temporary Internet Files folder..... dont worry it will recrete when u will reopen IE again :)
if u get any error while deleting it,,,, post back the error !!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NoDough76Author Commented:
Thanks so much! All of you are wonderful.   Salaam
0
sunray_2003Commented:
NoDough76

So going to safe mode , deleting all the contents of temp folder , didnot work for you ?
0
SheharyaarSaahilCommented:
Wsalaam :)
glad the issue was resolved for u.... and just try to remember that this Content.IE5 folder can be removed easily, and shud be removed on regular interval to get rid all the junks temporary internet files.... and the best place to remove it is from safemode !! Cheers ^_^
0
sunray_2003Commented:
Shehary ,

if removing the folder and contents are the same , does it mean this comment of mine before yours went unnoticed

Comment from sunray_2003
Date: 10/30/2004 12:43PM EDT
 Your Comment  


Did you login to safe mode and clear temp internet files and cookies
also remove temp folder contents going to safe mode


0
SheharyaarSaahilCommented:
sunray plzz dont take it as harsh, just let me explain,,,, :)

u can see that u asked to delete Temp Internet Files and user went and deleted the Temp File from IE,,,, and after ur above comment u can see that he\she returned to tell that he\she has already deleted them and no luck !!

Try it urself, delete ur Temp Internet Files from IE options, then boot into safemode and open C:\Documents and Settings\ur useraname\Local Settings\Temporary Internet Files folder, u will still see that ContentIE folder will still be residing there and even when u will open it, u can see most of the files and pics still there, and most importantly u will see the Index.dat file there which has all the websites stored in it (and most of the malwares take advantages of this thing).

That was the reason i asked to Completely remove this folder manually.... and not to delete the TIF from IE options.
That is all i can say :)
0
sunray_2003Commented:
I am not sure what the user thought about this

>> also remove temp folder contents going to safe mode

It is OK,shehary ..I get frustated when something like this happens..
0
SheharyaarSaahilCommented:
sometimes the confusion between temporary internet files and temp folder can change the whole meaning.... even i thought that u are pointing to local settings\temp folder's contents !! =\
0
NoDough76Author Commented:
Before I Start I just want to say Ramadan Mubarak to  Sheharyaar Saahil and then I want to say to sunray that I think that all of the solutions have been helpful in helping me understand the problem. I went to delete my temp internet files and as Sheharyaar said the virus remained. I am truly grateful to all of you and this is an excellent service that you all provide.   Salaam
0
NoDough76Author Commented:
Also sunray I tried to split the points because after I did what Sheharyaar said I began to understand what you were saying.
0
sunray_2003Commented:
Thanks for coming back. It is just the question of whether deleting the contents of folder helped or the folder itself.

I will just quit here saying , as long as your issue is solved it is fine but give credit to those who helped you in fixing the issue .
The least you can do is splitting the pts. Whether it is relevant here or not depends on you but I see a bad trend going in XP TA now-a-days , where experts comments are not given the proper credit that needs to be given.
0
SheharyaarSaahilCommented:
>> I just want to say Ramadan Mubarak to  Sheharyaar Saahil

Thank you and same to u :)
btw its already the 17th one here,,,, im at middle east,,, and u ?? :)
0
NoDough76Author Commented:
>> I just want to say Ramadan Mubarak to  Sheharyaar Saahil

Thank you and same to u :)
btw its already the 17th one here,,,, im at middle east,,, and u ?? :)
 
 
 
It's the 16th one here,, I am in USA. I hope you are having a good one insha allah.
0
SheharyaarSaahilCommented:
yeah Alhamdulillah.... they are going good :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.