Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Trojan Horse Problem

Posted on 2004-10-29
20
Medium Priority
?
856 Views
Last Modified: 2010-05-18
I ran my anti virus software and it says I have Trojan horse Downloader.VB.3.BH how do I get rid of it? My anti-virus software won't do it.
0
Comment
Question by:NoDough76
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 6
  • +1
20 Comments
 
LVL 33

Expert Comment

by:sajuks
ID: 12450608
Download AVG for free from http://www.grisoft.com/us/us_index.php
Make sure that you've the latest dat and patches.
Run in safe mode.
That should do the trick
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12451513
Do these

a) Boot to normal mode
go to start --> run--> msconfig

go to startup tab and disable all applications except anti-virus and firewall
go to services tab and check "hide microsoft services" and then uncheck all services there

restart the machine

b) Run these tools both in Normal mode and Safe mode
Download Stinger from here : http://vil.nai.com/vil/stinger/  and run it.
Use this Online virus scanner also : http://housecall.trendmicro.com/

c) Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

d) Some of the experts here have helped in compiling all the important spyware tools and they are listed in this thread
http://www.experts-exchange.com/Web/Browser_Issues/Q_20975384.html

My recommendation would be to start with Spybot ,Ad-ware ,CWshredder.After installing them, First Update them and then run

Once running all the above tools and others given in that thread, download and run Hijackthis.
Download Hijacthis from here http://www.softpedia.com/public/cat/10/17/10-17-69.shtml.
Get the log from Hijackthis and save the log and paste it here http://hijackthis.de/index.php?langselect=english to analyze it. The analyser site is used so that you donot gum up the thread with the entire log.

Remove the bad ones that the site reports. If it says unknown process, then use a search engine to check if those are bad ones. If bad remove them , if you still cannot find then post those files alone here.


Post back if you need more help

SR
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12452149
This trojan mostly resides in System Restore folder, so if u are using WinXP\ME then plzz turn off ur system restore, run ur av scan in safemode and then boot back and enable System restore and create a New Restore point !!
Check if ur av still picks it up or not ??

How to turn off ur System Restore in WinME\XP >> http://www.pchell.com/virus/systemrestore.shtml
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:NoDough76
ID: 12452919
The Virus is still in my system it resides in this location:     C:\Documents and Settings\Yusuf\Local Settings\Temporary Internet Files\Content.IE5\1C1GHV2E\UCSearch[1].CAB:\UCSearch.ocx   I typed the file into the hijack this program and it said the file was invalid.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12452931
Did you login to safe mode and clear temp internet files and cookies
also remove temp folder contents going to safe mode
0
 

Author Comment

by:NoDough76
ID: 12453028
sorry about the new question i didn't know if i was supposed to do that or not. to answer your question, I did clear all of the Temp Itnternet files i didn't remove all of the cookies but I will try that now.
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 2000 total points
ID: 12453129
>> C:\Documents and Settings\Yusuf\Local Settings\Temporary Internet Files\Content.IE5

can u see this Content.IE5 folder..... u have to Delete this WHOLE folder from ur Temporary Internet Files folder..... dont worry it will recrete when u will reopen IE again :)
if u get any error while deleting it,,,, post back the error !!
0
 

Author Comment

by:NoDough76
ID: 12453521
Thanks so much! All of you are wonderful.   Salaam
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12453523
NoDough76

So going to safe mode , deleting all the contents of temp folder , didnot work for you ?
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12453543
Wsalaam :)
glad the issue was resolved for u.... and just try to remember that this Content.IE5 folder can be removed easily, and shud be removed on regular interval to get rid all the junks temporary internet files.... and the best place to remove it is from safemode !! Cheers ^_^
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12454432
Shehary ,

if removing the folder and contents are the same , does it mean this comment of mine before yours went unnoticed

Comment from sunray_2003
Date: 10/30/2004 12:43PM EDT
 Your Comment  


Did you login to safe mode and clear temp internet files and cookies
also remove temp folder contents going to safe mode


0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12454476
sunray plzz dont take it as harsh, just let me explain,,,, :)

u can see that u asked to delete Temp Internet Files and user went and deleted the Temp File from IE,,,, and after ur above comment u can see that he\she returned to tell that he\she has already deleted them and no luck !!

Try it urself, delete ur Temp Internet Files from IE options, then boot into safemode and open C:\Documents and Settings\ur useraname\Local Settings\Temporary Internet Files folder, u will still see that ContentIE folder will still be residing there and even when u will open it, u can see most of the files and pics still there, and most importantly u will see the Index.dat file there which has all the websites stored in it (and most of the malwares take advantages of this thing).

That was the reason i asked to Completely remove this folder manually.... and not to delete the TIF from IE options.
That is all i can say :)
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12454486
I am not sure what the user thought about this

>> also remove temp folder contents going to safe mode

It is OK,shehary ..I get frustated when something like this happens..
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12454528
sometimes the confusion between temporary internet files and temp folder can change the whole meaning.... even i thought that u are pointing to local settings\temp folder's contents !! =\
0
 

Author Comment

by:NoDough76
ID: 12457394
Before I Start I just want to say Ramadan Mubarak to  Sheharyaar Saahil and then I want to say to sunray that I think that all of the solutions have been helpful in helping me understand the problem. I went to delete my temp internet files and as Sheharyaar said the virus remained. I am truly grateful to all of you and this is an excellent service that you all provide.   Salaam
0
 

Author Comment

by:NoDough76
ID: 12457416
Also sunray I tried to split the points because after I did what Sheharyaar said I began to understand what you were saying.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12457419
Thanks for coming back. It is just the question of whether deleting the contents of folder helped or the folder itself.

I will just quit here saying , as long as your issue is solved it is fine but give credit to those who helped you in fixing the issue .
The least you can do is splitting the pts. Whether it is relevant here or not depends on you but I see a bad trend going in XP TA now-a-days , where experts comments are not given the proper credit that needs to be given.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12458292
>> I just want to say Ramadan Mubarak to  Sheharyaar Saahil

Thank you and same to u :)
btw its already the 17th one here,,,, im at middle east,,, and u ?? :)
0
 

Author Comment

by:NoDough76
ID: 12460911
>> I just want to say Ramadan Mubarak to  Sheharyaar Saahil

Thank you and same to u :)
btw its already the 17th one here,,,, im at middle east,,, and u ?? :)
 
 
 
It's the 16th one here,, I am in USA. I hope you are having a good one insha allah.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12463303
yeah Alhamdulillah.... they are going good :)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question