TROJ_SMALL.AAL - removal from /windows/system32/exp.exe and wintask.exe
Hi. I noticed my system running slower and it crashed a couple times today. The black error screen (looks like a dos screen) closed so fast, I couldn't see what the error was.
So I ran complete system tests using V-Com Fix-it - http://www.v-com.com/. It found a virus called trojan_small.aal. I found reference to it in the TrendMicro virus encyclopedia. I tried to follow the manual removal instructions located here http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.AAL
but I couldn't find the files in registry or in processes.
The V-Com Fix-it asks me if I want to delete exp.exe and wintask.exe - which are both infected.
****Is there any reason why I SHOULD NOT delete these two files?****
I'm disappointed in Norton's AntiVirsus (version 9.06.02a ) software as it didn't even detect the Trojan and it doesn't have it in it's virus encyclopedia.
I wonder if I should spend $50 to buy TrendMicro's PC-cillin Internet Security
http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm
I also run and keep updated Aluria Spyware eliminator.
I understand the Troj_Small.AAL may not be the cause of my system crash - but I need to remove it as a first step.
So I ran complete system tests using V-Com Fix-it - http://www.v-com.com/. It found a virus called trojan_small.aal. I found reference to it in the TrendMicro virus encyclopedia. I tried to follow the manual removal instructions located here http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.AAL
but I couldn't find the files in registry or in processes.
The V-Com Fix-it asks me if I want to delete exp.exe and wintask.exe - which are both infected.
****Is there any reason why I SHOULD NOT delete these two files?****
I'm disappointed in Norton's AntiVirsus (version 9.06.02a ) software as it didn't even detect the Trojan and it doesn't have it in it's virus encyclopedia.
I wonder if I should spend $50 to buy TrendMicro's PC-cillin Internet Security
http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm
I also run and keep updated Aluria Spyware eliminator.
I understand the Troj_Small.AAL may not be the cause of my system crash - but I need to remove it as a first step.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You're welcome.
It is common for spyware programs to download/install numerous trojan-like programs in the hopes that you will not find them all. It is best if you can figure which root spyware package was installed and then research specific removal techniques for that package. Otherwise, the "master" program will continuously download/re-install its child programs.
Also, it helps to keep more than one spyware tool available for use. HijackThis and the MS Anti-Spyware programs are popular spyware tools.
Best of luck!
It is common for spyware programs to download/install numerous trojan-like programs in the hopes that you will not find them all. It is best if you can figure which root spyware package was installed and then research specific removal techniques for that package. Otherwise, the "master" program will continuously download/re-install its child programs.
Also, it helps to keep more than one spyware tool available for use. HijackThis and the MS Anti-Spyware programs are popular spyware tools.
Best of luck!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you so much. The Troj_small is gone as far as I can ell - but my computer is still running slow as heck.
I'll run some more tests and post some results.
I have a toshiba satiliate notebook and it's the best computer I've ever had. This is the first time it's ever had troubles. (well, of course I've had virus, spyware before but never any system crashing.)
Well, maybe my Internet Connection (cable) is just slow today - hopefully.
april
I'll run some more tests and post some results.
I have a toshiba satiliate notebook and it's the best computer I've ever had. This is the first time it's ever had troubles. (well, of course I've had virus, spyware before but never any system crashing.)
Well, maybe my Internet Connection (cable) is just slow today - hopefully.
april
If you think the computer is slow: (assuming you have Win/XP SP2)
(1) Task Manager: Check Performance and Network tabs. Check memory usage in Performance tab also.
(2) If any unusual activity in above, get list of tasks and network connections and post it here if not sure:
> tasklist /svc > task.txt
> netstat -ab > net.txt
(3) If nothing suspicious noticed above, then:
(a) Clear all files from Temp folder (under c:\Documents and Settings\Username\Local Setting)
(b) Clear you Internet Explorer Cache
(c) Make sure disk is not too full.
etc.
(1) Task Manager: Check Performance and Network tabs. Check memory usage in Performance tab also.
(2) If any unusual activity in above, get list of tasks and network connections and post it here if not sure:
> tasklist /svc > task.txt
> netstat -ab > net.txt
(3) If nothing suspicious noticed above, then:
(a) Clear all files from Temp folder (under c:\Documents and Settings\Username\Local Setting)
(b) Clear you Internet Explorer Cache
(c) Make sure disk is not too full.
etc.
ASKER
thank you for the reference to the other post.
I'll try it too.
I so appreciate your time and knowledge.
April