NoDough76
asked on
Trojan Horse Problem
I ran my anti virus software and it says I have Trojan horse Downloader.VB.3.BH how do I get rid of it? My anti-virus software won't do it.
Do these
a) Boot to normal mode
go to start --> run--> msconfig
go to startup tab and disable all applications except anti-virus and firewall
go to services tab and check "hide microsoft services" and then uncheck all services there
restart the machine
b) Run these tools both in Normal mode and Safe mode
Download Stinger from here : http://vil.nai.com/vil/stinger/ and run it.
Use this Online virus scanner also : http://housecall.trendmicro.com/
c) Remove temporary internet files, folders and cookies
Also remove windows Temp files going to
1) Start --> run --> typein: %systemroot%/temp
2) Start --> run --> typein: %temp%
d) Some of the experts here have helped in compiling all the important spyware tools and they are listed in this thread
https://www.experts-exchange.com/questions/20975384/Standard-response-material-re-Spyware-Adware-BHOs-and-other-Malware.html
My recommendation would be to start with Spybot ,Ad-ware ,CWshredder.After installing them, First Update them and then run
Once running all the above tools and others given in that thread, download and run Hijackthis.
Download Hijacthis from here http://www.softpedia.com/public/cat/10/17/10-17-69.shtml.
Get the log from Hijackthis and save the log and paste it here http://hijackthis.de/index.php?langselect=english to analyze it. The analyser site is used so that you donot gum up the thread with the entire log.
Remove the bad ones that the site reports. If it says unknown process, then use a search engine to check if those are bad ones. If bad remove them , if you still cannot find then post those files alone here.
Post back if you need more help
SR
a) Boot to normal mode
go to start --> run--> msconfig
go to startup tab and disable all applications except anti-virus and firewall
go to services tab and check "hide microsoft services" and then uncheck all services there
restart the machine
b) Run these tools both in Normal mode and Safe mode
Download Stinger from here : http://vil.nai.com/vil/stinger/ and run it.
Use this Online virus scanner also : http://housecall.trendmicro.com/
c) Remove temporary internet files, folders and cookies
Also remove windows Temp files going to
1) Start --> run --> typein: %systemroot%/temp
2) Start --> run --> typein: %temp%
d) Some of the experts here have helped in compiling all the important spyware tools and they are listed in this thread
https://www.experts-exchange.com/questions/20975384/Standard-response-material-re-Spyware-Adware-BHOs-and-other-Malware.html
My recommendation would be to start with Spybot ,Ad-ware ,CWshredder.After installing them, First Update them and then run
Once running all the above tools and others given in that thread, download and run Hijackthis.
Download Hijacthis from here http://www.softpedia.com/public/cat/10/17/10-17-69.shtml.
Get the log from Hijackthis and save the log and paste it here http://hijackthis.de/index.php?langselect=english to analyze it. The analyser site is used so that you donot gum up the thread with the entire log.
Remove the bad ones that the site reports. If it says unknown process, then use a search engine to check if those are bad ones. If bad remove them , if you still cannot find then post those files alone here.
Post back if you need more help
SR
This trojan mostly resides in System Restore folder, so if u are using WinXP\ME then plzz turn off ur system restore, run ur av scan in safemode and then boot back and enable System restore and create a New Restore point !!
Check if ur av still picks it up or not ??
How to turn off ur System Restore in WinME\XP >> http://www.pchell.com/virus/systemrestore.shtml
Check if ur av still picks it up or not ??
How to turn off ur System Restore in WinME\XP >> http://www.pchell.com/virus/systemrestore.shtml
ASKER
The Virus is still in my system it resides in this location: C:\Documents and Settings\Yusuf\Local Settings\Temporary Internet Files\Content.IE5\1C1GHV2E \UCSearch[ 1].CAB:\UC Search.ocx I typed the file into the hijack this program and it said the file was invalid.
Did you login to safe mode and clear temp internet files and cookies
also remove temp folder contents going to safe mode
also remove temp folder contents going to safe mode
ASKER
sorry about the new question i didn't know if i was supposed to do that or not. to answer your question, I did clear all of the Temp Itnternet files i didn't remove all of the cookies but I will try that now.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks so much! All of you are wonderful. Salaam
NoDough76
So going to safe mode , deleting all the contents of temp folder , didnot work for you ?
So going to safe mode , deleting all the contents of temp folder , didnot work for you ?
Wsalaam :)
glad the issue was resolved for u.... and just try to remember that this Content.IE5 folder can be removed easily, and shud be removed on regular interval to get rid all the junks temporary internet files.... and the best place to remove it is from safemode !! Cheers ^_^
glad the issue was resolved for u.... and just try to remember that this Content.IE5 folder can be removed easily, and shud be removed on regular interval to get rid all the junks temporary internet files.... and the best place to remove it is from safemode !! Cheers ^_^
Shehary ,
if removing the folder and contents are the same , does it mean this comment of mine before yours went unnoticed
Comment from sunray_2003
Date: 10/30/2004 12:43PM EDT
Your Comment
Did you login to safe mode and clear temp internet files and cookies
also remove temp folder contents going to safe mode
if removing the folder and contents are the same , does it mean this comment of mine before yours went unnoticed
Comment from sunray_2003
Date: 10/30/2004 12:43PM EDT
Your Comment
Did you login to safe mode and clear temp internet files and cookies
also remove temp folder contents going to safe mode
sunray plzz dont take it as harsh, just let me explain,,,, :)
u can see that u asked to delete Temp Internet Files and user went and deleted the Temp File from IE,,,, and after ur above comment u can see that he\she returned to tell that he\she has already deleted them and no luck !!
Try it urself, delete ur Temp Internet Files from IE options, then boot into safemode and open C:\Documents and Settings\ur useraname\Local Settings\Temporary Internet Files folder, u will still see that ContentIE folder will still be residing there and even when u will open it, u can see most of the files and pics still there, and most importantly u will see the Index.dat file there which has all the websites stored in it (and most of the malwares take advantages of this thing).
That was the reason i asked to Completely remove this folder manually.... and not to delete the TIF from IE options.
That is all i can say :)
u can see that u asked to delete Temp Internet Files and user went and deleted the Temp File from IE,,,, and after ur above comment u can see that he\she returned to tell that he\she has already deleted them and no luck !!
Try it urself, delete ur Temp Internet Files from IE options, then boot into safemode and open C:\Documents and Settings\ur useraname\Local Settings\Temporary Internet Files folder, u will still see that ContentIE folder will still be residing there and even when u will open it, u can see most of the files and pics still there, and most importantly u will see the Index.dat file there which has all the websites stored in it (and most of the malwares take advantages of this thing).
That was the reason i asked to Completely remove this folder manually.... and not to delete the TIF from IE options.
That is all i can say :)
I am not sure what the user thought about this
>> also remove temp folder contents going to safe mode
It is OK,shehary ..I get frustated when something like this happens..
>> also remove temp folder contents going to safe mode
It is OK,shehary ..I get frustated when something like this happens..
sometimes the confusion between temporary internet files and temp folder can change the whole meaning.... even i thought that u are pointing to local settings\temp folder's contents !! =\
ASKER
Before I Start I just want to say Ramadan Mubarak to Sheharyaar Saahil and then I want to say to sunray that I think that all of the solutions have been helpful in helping me understand the problem. I went to delete my temp internet files and as Sheharyaar said the virus remained. I am truly grateful to all of you and this is an excellent service that you all provide. Salaam
ASKER
Also sunray I tried to split the points because after I did what Sheharyaar said I began to understand what you were saying.
Thanks for coming back. It is just the question of whether deleting the contents of folder helped or the folder itself.
I will just quit here saying , as long as your issue is solved it is fine but give credit to those who helped you in fixing the issue .
The least you can do is splitting the pts. Whether it is relevant here or not depends on you but I see a bad trend going in XP TA now-a-days , where experts comments are not given the proper credit that needs to be given.
I will just quit here saying , as long as your issue is solved it is fine but give credit to those who helped you in fixing the issue .
The least you can do is splitting the pts. Whether it is relevant here or not depends on you but I see a bad trend going in XP TA now-a-days , where experts comments are not given the proper credit that needs to be given.
>> I just want to say Ramadan Mubarak to Sheharyaar Saahil
Thank you and same to u :)
btw its already the 17th one here,,,, im at middle east,,, and u ?? :)
Thank you and same to u :)
btw its already the 17th one here,,,, im at middle east,,, and u ?? :)
ASKER
>> I just want to say Ramadan Mubarak to Sheharyaar Saahil
Thank you and same to u :)
btw its already the 17th one here,,,, im at middle east,,, and u ?? :)
It's the 16th one here,, I am in USA. I hope you are having a good one insha allah.
Thank you and same to u :)
btw its already the 17th one here,,,, im at middle east,,, and u ?? :)
It's the 16th one here,, I am in USA. I hope you are having a good one insha allah.
yeah Alhamdulillah.... they are going good :)
Make sure that you've the latest dat and patches.
Run in safe mode.
That should do the trick