HELP! - Any advice on trojans removal ?

Joined
Jan 8, 2010
Messages
16
Reaction score
0
Hi

Any advice on how best to remove trojans?

BACKGROUND
At the bottom right of my Windows7 screen, the Action Center gave me the following alerts:
- "Remove the W32/Gaobot.worm.genu - Win32/RBot.3eu!Worm virus"
and
- "Remove the Trojan.PWS.Legmir.AD / W32.Ahlem.A@mm virus"

Strangely the anti-virus software that I am running - AVG (Free)(V9-LATEST) - completely failed to find either of these viruses, even though I regularly make sure that it is bang up to date.


STEPS TAKEN SO FAR
I have downloaded SuperAntiSpyware, MalwareBytes, and A-Squared Free(v4.5).
I tried rebooting Windows7 in Safe Mode, by hitting F8 repeatedly during reboot.
However I could not get this to work. The first time I tried all that happened is that Windows7 completely failed to boot! The second and third times simply produced a normal boot.

I then ran MalwareBytes which found some stuff, at which point (very late in the day!) AVG found some stuff too.

So then I tried running msconfig.exe and selected "Diagnostic Startup" and rebooted into a safe mode.

Right now I am running an A-Squared scan and re-running MalwareBytes scan...

...But what is extremely worrying to me, is that I can't get AVG to run a scan right now. if I click on the "Computer Scanner" tab, and then click on "Scan Whole Computer", all that happens is that it says "! There are no active components" at the top of that window. (Is this because I have booted into "Diagnostic Startup" mode?

What should I do?
e.g.
- What else should I use to scan for trojans/viruses?
- How will I know when I have removed all the trojans/viruses?

All advice much appreciated!


Ship
 

Veedaz

~
Joined
Sep 1, 2009
Messages
1,988
Reaction score
374
Hi Ship

1. I take it your running Windows 7 32-bit ?

2. Let your Anti Virus / Spyware apps run and remove any infections they may find.

3. Uninstall AVG.

4. Download Spybot SD > http://www.safer-networking.org/index2.html and install.

5. Turn off System Restore on all drives (you can turn it back on later).

6. Run Spybot in Safe Mode and remove (in Spybot its called FIX) any problems.

7. Run Malware Bytes in Safe Mode and remove any problems.

8. Reboot your PC and turn on System Restore.
 
Joined
Jan 8, 2010
Messages
16
Reaction score
0
P.S. How do I turn off System Restore?

Also, when you say boot in Safe Mode, how do you do that? (F8 failed to do anything so I did then try "msconfig.exe" and rebooted in the "Diagnoistic Startup" - is that the same thing?

FWIW, I am now running a Microsoft Security Essentials scan.
 

Veedaz

~
Joined
Sep 1, 2009
Messages
1,988
Reaction score
374
In msconfig click boot tab > safe boot this will put you in safe mode when you next reboot.
 

Veedaz

~
Joined
Sep 1, 2009
Messages
1,988
Reaction score
374
P.S. How do I turn off System Restore?
Click Start > Control Panel > System > System Protection > System Properties > System Protection Tab > Configure > Turn off System Protection.

Remember to turn it back on after you have finished.
 
Joined
Jan 8, 2010
Messages
16
Reaction score
0
Veedaz

Thanks, but...

> 5. Turn off System Restore on all drives (you can turn it back on later).

How do I do this?

Ship
 

Veedaz

~
Joined
Sep 1, 2009
Messages
1,988
Reaction score
374
Yes you can turn it back on (the reason for turning off SR is because some nasties like to hide in system restore points, turning off SR deletes all restore points, SR can be turned Off /On on each independent drive as seen by your PC)

How to see my last post ^
 
Last edited:
Joined
Jan 8, 2010
Messages
16
Reaction score
0
> Click Start > Control Panel > System > System Protection > System Properties > System Protection Tab > Configure > Turn off System Protection

Sorry I cant get past System (from Control Panel). The only options are: (on the Left)
- Device Manager
- Remote Settings
- Advanced System Settings
- Action Center
On the right:
- Change Settings

Cheers


Ship
 
Joined
Mar 8, 2009
Messages
5,063
Reaction score
1,185
From the Start Menu search box type "System Protection" then click on "Create Restore Point" will take you to the same window. From there you can click configure then turn off System Restore on any drive.
 
Joined
Sep 12, 2009
Messages
133
Reaction score
29
I would advise that you leave system restore running, an infected restore is better than no restore point. If anything should go wrong you can rewind and restart the removal process again. If the restore is off then you could be looking at a reinstall should anything go wrong during disinfection. Once the system is clear, then you can then flush out your old points and leaving only your new clean point.
 
Last edited:

Veedaz

~
Joined
Sep 1, 2009
Messages
1,988
Reaction score
374
Good practise as long as the infection does not have the ability to compromise the Anti Virus / Anti Spyware you may intend running ... some infections can render removal applications useless. Let us know how it goes shiphen.
 
Joined
Jan 11, 2010
Messages
168
Reaction score
10
Shiphen, You said that you have 64 BIT Windows 7. This could be the problem most anti-virus programs are 32 BIT and may not work. I have windows 7 Pro 64 BIT and I had the same problem and couldn't get rid of my virus so I ended up Going to get a 64 BIT one. Note AVG (V.9) is only 32 BIT
 

Ian

Administrator
Joined
Oct 17, 2008
Messages
3,484
Reaction score
632
Shiphen, You said that you have 64 BIT Windows 7. This could be the problem most anti-virus programs are 32 BIT and may not work. I have windows 7 Pro 64 BIT and I had the same problem and couldn't get rid of my virus so I ended up Going to get a 64 BIT one. Note AVG (V.9) is only 32 BIT
Welcome to the forums Coco :). 32-bit software works fine under x64 (including anti-virus apps), so I don't think that would be the problem. The only time that there can sometimes be problems with 32-bit apps in a 64-bit environment is where there are only 32 bit drivers available for specific hardware (often scanners and specialist items).
 
Joined
Jan 11, 2010
Messages
168
Reaction score
10
I searched Microsoft web site and it said 32 bit anti-virus programs and drvers don't work with windows 7 64 bit.:confused::(

Edit: Merge post. - Please don't double post. :)
 
Last edited by a moderator:
Joined
Jan 8, 2010
Messages
16
Reaction score
0
Sorry guys -I have only just discovered Page02 of this thread!
This process certainly is proving to be a UTTER nightmare. Not least because some of these scans off CDs take SEVERAL HOURS to run.

For example Kasperky's Rescue Disk took 11 hours to run on my laptop [which normally runs WinXP]. Worse the same CD fails to intall and run properly on my new Windows7 box. It says it cant find something important... whereas like I say it does run to completion on my laptop. BitDefender's Rescue CD also fails to run correctly on my Win7 PC.

Right now I am running AVIRA's Antivir Rescue System (v3.6.9) on my Win7 PC, and it has already taken about 4 hours... :(
 
Joined
Jan 8, 2010
Messages
16
Reaction score
0
P.S. Re the 64 bit/32bit issue, I notice that MSE (Window Security Essential) comes in 32-bit and 64-bit flavours:


  • Windows XP 32‐bit
  • Windows Vista/Windows 7 32‐bit
  • Windows Vista/Windows 7 64‐bit

Cheers

Ship
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top