cehrnow
asked on
Trojan-Downloader.WinAD.c
How can I get rid of all trace of Trojan-Downloader.WinAD.c ?
Kaspersky AV has deleted it after a full system scan and can now run .exe's okay but still get garbled dialogue boxes on system start-up and when loggin out. No response from Kaspersky support after 4 days !!
Kaspersky AV has deleted it after a full system scan and can now run .exe's okay but still get garbled dialogue boxes on system start-up and when loggin out. No response from Kaspersky support after 4 days !!
Adaware, spybot search+destroy, spyware dr. :) "Spyware Dr." got rid of it on my client's PC, but you need a full version (i.e. pay for it)
ASKER
Have run Adaware.SE which found it and deleted it. But still can't remove the garbled dialogue boxes.
Track em down.
Press ctrl+alt+delete as soon as possible when you start the box.
See what executable starts this. Or narrow it down.
Also run hijackthis.
www.hijackthis.de
analyse the log at the site.
Remove the ones marked nasty.
See if that solves it.
If NOT post a link to your hijackthis log so I can have a look.
Press ctrl+alt+delete as soon as possible when you start the box.
See what executable starts this. Or narrow it down.
Also run hijackthis.
www.hijackthis.de
analyse the log at the site.
Remove the ones marked nasty.
See if that solves it.
If NOT post a link to your hijackthis log so I can have a look.
Get Autoruns from:
http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml
When you run it, it shows a bunch of startups. From the View menu, select everything between "Show Appinit..." to "Hide Microaoft..." then select Refresh.
Examine the list carefully and disable anything that looks suspicious of unnecessary.
Reboot and see if that did it.
http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml
When you run it, it shows a bunch of startups. From the View menu, select everything between "Show Appinit..." to "Hide Microaoft..." then select Refresh.
Examine the list carefully and disable anything that looks suspicious of unnecessary.
Reboot and see if that did it.
ASKER
Have checked and nothing suspicious at all. Tried disabling some anyway but no difference. Does the fact that the box appears before logging in help diagnose ? PS. Using Windows XP Sp2.
What version of Windows are you running?
Did you try Hijackthis?
Don't post the entire log here. Instead send us the link to the on-line log analysis page.
Also, you can save the results of Autoruns using File -> Save as... to a text file and cut and paste those results here, just in case.
When you say the box appears "before logging in" do you mean it appears even before you type in your password?
Did you try Hijackthis?
Don't post the entire log here. Instead send us the link to the on-line log analysis page.
Also, you can save the results of Autoruns using File -> Save as... to a text file and cut and paste those results here, just in case.
When you say the box appears "before logging in" do you mean it appears even before you type in your password?
ASKER
WindowsXP SP2.
Yes, dialog box appears before the list of user names appear and it is necessary to click OK to continue. Some garbled characters in it.
Yes, dialog box appears before the list of user names appear and it is necessary to click OK to continue. Some garbled characters in it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
to mastrominchione: Understood - good advice but frustrating !
to r-k: Services section only has:
CVPND...cvpnd.exe (Cisco Systems VPN Client)
kavsvc....kavsvc.exe (Kaspersky AV)
NVSvc....nvsvc32.exe (Provides system and desktop level support for the NVIDIA display driver)
to r-k: Services section only has:
CVPND...cvpnd.exe (Cisco Systems VPN Client)
kavsvc....kavsvc.exe (Kaspersky AV)
NVSvc....nvsvc32.exe (Provides system and desktop level support for the NVIDIA display driver)
Those all seem OK.
Anything interesting or unknown in the Devices (esp. the non plug-and-play after enabling "show hidden devices")?
Anything interesting or unknown in the Devices (esp. the non plug-and-play after enabling "show hidden devices")?
ASKER
So many and nothing obvious to me..how about ASCTRM, Fips, Klif, Klmc, ksecdd, mnmdd, Null, vsdatant ?
These are all legit drivers, from MS, Kaspersky and Zone Alarm.
ASKER
Still not a complete solution but understand the situation much better now and agree that I should wait a while for a defined solution.
Thanks for your help.
Thanks for your help.