Sheur2.CIXC.Dropper removal

eggster34 used Ask the Experts™
Hi there, a friend of mine received this link on an IM conversation and downloaded a trojan: <URL removed> (it causes you to download an exe file)
his antivirus client did not notice anything (Norton 360 with the latest defs!)
When I click on the same link, my AVG product identifies the file as Sheur2.CIXC.Dropper
How can I remove this file from my friend's PC? I installed AVG on his PC as well and scanned it, but AVG did not identify the virus / worm for some reason though he definitely has it since his MSN IM software keeps sending me the links to this virus in a message like this:

foto   <URL removed>

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Download MalwareBytes Anti-Malware ( or SuperAntiSpyware ( and do a scan. That should fix the problem.

I've just posted similar instructions in another thread which also describes a similar problem lol.
Run a temporary file remover...CCleaner is a good one and it's free.

Download Combofix by sUBs.

Before running Combofix, temporary disable any firewall(s) shield(s) prevent any conflicts with Combofix. After Combofix is done scanning, it will create a log, for futher instructions, save and paste the results by Attach File, or by Code Snippet so other experts can take a look at it. Once after the log looks clean, you may enable your firewall(s) shield(s) ect. Combofix will disconnect your machine from the Internet. Your Internet connection will be automatically restored just before Combofix completes its scan. If Combofix runs into problems, your Internet connection can be manually restored by restarting your machine.

You'll might need to rename the file before saving to your desktop so it will not be blocked.

Please note: Don't run Combofix in Safe Mode.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial