Solved

Trojan Horse Problem

Posted on 2004-10-29
818 Views
Last Modified: 2010-05-18
I ran my anti virus software and it says I have Trojan horse Downloader.VB.3.BH how do I get rid of it? My anti-virus software won't do it.
0
Question by:NoDough76
    20 Comments
     
    LVL 33

    Expert Comment

    by:sajuks
    Download AVG for free from http://www.grisoft.com/us/us_index.php
    Make sure that you've the latest dat and patches.
    Run in safe mode.
    That should do the trick
    0
     
    LVL 49

    Expert Comment

    by:sunray_2003
    Do these

    a) Boot to normal mode
    go to start --> run--> msconfig

    go to startup tab and disable all applications except anti-virus and firewall
    go to services tab and check "hide microsoft services" and then uncheck all services there

    restart the machine

    b) Run these tools both in Normal mode and Safe mode
    Download Stinger from here : http://vil.nai.com/vil/stinger/  and run it.
    Use this Online virus scanner also : http://housecall.trendmicro.com/

    c) Remove temporary internet files, folders and cookies
    Also remove windows Temp files going to

    1) Start --> run --> typein:  %systemroot%/temp
    2) Start  --> run --> typein: %temp%

    d) Some of the experts here have helped in compiling all the important spyware tools and they are listed in this thread
    http://www.experts-exchange.com/Web/Browser_Issues/Q_20975384.html

    My recommendation would be to start with Spybot ,Ad-ware ,CWshredder.After installing them, First Update them and then run

    Once running all the above tools and others given in that thread, download and run Hijackthis.
    Download Hijacthis from here http://www.softpedia.com/public/cat/10/17/10-17-69.shtml.
    Get the log from Hijackthis and save the log and paste it here http://hijackthis.de/index.php?langselect=english to analyze it. The analyser site is used so that you donot gum up the thread with the entire log.

    Remove the bad ones that the site reports. If it says unknown process, then use a search engine to check if those are bad ones. If bad remove them , if you still cannot find then post those files alone here.


    Post back if you need more help

    SR
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    This trojan mostly resides in System Restore folder, so if u are using WinXP\ME then plzz turn off ur system restore, run ur av scan in safemode and then boot back and enable System restore and create a New Restore point !!
    Check if ur av still picks it up or not ??

    How to turn off ur System Restore in WinME\XP >> http://www.pchell.com/virus/systemrestore.shtml
    0
     

    Author Comment

    by:NoDough76
    The Virus is still in my system it resides in this location:     C:\Documents and Settings\Yusuf\Local Settings\Temporary Internet Files\Content.IE5\1C1GHV2E\UCSearch[1].CAB:\UCSearch.ocx   I typed the file into the hijack this program and it said the file was invalid.
    0
     
    LVL 49

    Expert Comment

    by:sunray_2003
    Did you login to safe mode and clear temp internet files and cookies
    also remove temp folder contents going to safe mode
    0
     

    Author Comment

    by:NoDough76
    sorry about the new question i didn't know if i was supposed to do that or not. to answer your question, I did clear all of the Temp Itnternet files i didn't remove all of the cookies but I will try that now.
    0
     
    LVL 65

    Accepted Solution

    by:
    >> C:\Documents and Settings\Yusuf\Local Settings\Temporary Internet Files\Content.IE5

    can u see this Content.IE5 folder..... u have to Delete this WHOLE folder from ur Temporary Internet Files folder..... dont worry it will recrete when u will reopen IE again :)
    if u get any error while deleting it,,,, post back the error !!
    0
     

    Author Comment

    by:NoDough76
    Thanks so much! All of you are wonderful.   Salaam
    0
     
    LVL 49

    Expert Comment

    by:sunray_2003
    NoDough76

    So going to safe mode , deleting all the contents of temp folder , didnot work for you ?
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    Wsalaam :)
    glad the issue was resolved for u.... and just try to remember that this Content.IE5 folder can be removed easily, and shud be removed on regular interval to get rid all the junks temporary internet files.... and the best place to remove it is from safemode !! Cheers ^_^
    0
     
    LVL 49

    Expert Comment

    by:sunray_2003
    Shehary ,

    if removing the folder and contents are the same , does it mean this comment of mine before yours went unnoticed

    Comment from sunray_2003
    Date: 10/30/2004 12:43PM EDT
     Your Comment  


    Did you login to safe mode and clear temp internet files and cookies
    also remove temp folder contents going to safe mode


    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    sunray plzz dont take it as harsh, just let me explain,,,, :)

    u can see that u asked to delete Temp Internet Files and user went and deleted the Temp File from IE,,,, and after ur above comment u can see that he\she returned to tell that he\she has already deleted them and no luck !!

    Try it urself, delete ur Temp Internet Files from IE options, then boot into safemode and open C:\Documents and Settings\ur useraname\Local Settings\Temporary Internet Files folder, u will still see that ContentIE folder will still be residing there and even when u will open it, u can see most of the files and pics still there, and most importantly u will see the Index.dat file there which has all the websites stored in it (and most of the malwares take advantages of this thing).

    That was the reason i asked to Completely remove this folder manually.... and not to delete the TIF from IE options.
    That is all i can say :)
    0
     
    LVL 49

    Expert Comment

    by:sunray_2003
    I am not sure what the user thought about this

    >> also remove temp folder contents going to safe mode

    It is OK,shehary ..I get frustated when something like this happens..
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    sometimes the confusion between temporary internet files and temp folder can change the whole meaning.... even i thought that u are pointing to local settings\temp folder's contents !! =\
    0
     

    Author Comment

    by:NoDough76
    Before I Start I just want to say Ramadan Mubarak to  Sheharyaar Saahil and then I want to say to sunray that I think that all of the solutions have been helpful in helping me understand the problem. I went to delete my temp internet files and as Sheharyaar said the virus remained. I am truly grateful to all of you and this is an excellent service that you all provide.   Salaam
    0
     

    Author Comment

    by:NoDough76
    Also sunray I tried to split the points because after I did what Sheharyaar said I began to understand what you were saying.
    0
     
    LVL 49

    Expert Comment

    by:sunray_2003
    Thanks for coming back. It is just the question of whether deleting the contents of folder helped or the folder itself.

    I will just quit here saying , as long as your issue is solved it is fine but give credit to those who helped you in fixing the issue .
    The least you can do is splitting the pts. Whether it is relevant here or not depends on you but I see a bad trend going in XP TA now-a-days , where experts comments are not given the proper credit that needs to be given.
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    >> I just want to say Ramadan Mubarak to  Sheharyaar Saahil

    Thank you and same to u :)
    btw its already the 17th one here,,,, im at middle east,,, and u ?? :)
    0
     

    Author Comment

    by:NoDough76
    >> I just want to say Ramadan Mubarak to  Sheharyaar Saahil

    Thank you and same to u :)
    btw its already the 17th one here,,,, im at middle east,,, and u ?? :)
     
     
     
    It's the 16th one here,, I am in USA. I hope you are having a good one insha allah.
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    yeah Alhamdulillah.... they are going good :)
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Suggested Solutions

    The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
    You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
    This video Micro Tutorial is the first in a two-part series that shows how to create and use custom scanning profiles in Nuance's PaperPort 14.5 (http://www.experts-exchange.com/articles/17490/). But the ability to create custom scanning profiles al…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    846 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    5 Experts available now in Live!

    Get 1:1 Help Now