1. Home
  2. Networking Firewalls
  3. Trojan won't die

Trojan won't die

Recently I seem to have picked up a Trojan called Downloader.1st.bar. AVG detects this but does not purge it. No-Adware seems to get rid of it but doesn't display its destruction.

Curiously when I run No-Adware a lot of files come up which don't appear to exist on my computer, such as sexy-bedroom.pif, naked-party.pif, webcam.pif and naked_drunk.pif. There was also one which bears the name of John Kerry. I haven't been visiting sex sites. certainly not for the past few weeks, so where can these pe coming from?

The full name of the naked_drunk file for example appears to be

c:\\\\naked_drunk.pif.

Not only can't I find these files with the regular filefind feature but I am a little concerned about c:\\\\

Does this mean that a new, secret directory has been somehow created on my machine? And how do I get rid of this damned Trojan for good? Thanks

Reply to
thedarkman
Loading thread data ...

I'd find someone who knows how to either remove all malware or wipe the drive and reinstall the operating system, and pay them to do it. You might also pay them to show you how not to use Internet Explorer but install an alternative. And also how to run as a user instead of an administrator (if your operating system allows it).

If you had an illness you couldn't get rid of then you'd call a doctor wouldn't you?

If you're not going to call a doctor then a combination of safe mode and the following may help, but no guarantee.

formatting link
Jason

Reply to
Jason Edwards

Try running Spybot in windows safe mode.

Reply to
Adrian

It looks to me like you probably have registry entries pointing to files that do not exist (didn't get downloaded/installed or were deleted). Try a registry cleaner that will remove entries that are broken and see if NoAdware still complains.

Reply to
Renegade

Clean with SpySweeper (webroot.com) and flush your reg with tuneup (tune-up.com).

Nosguy(at)comcast(dot)net Let's kill Spyware everywhere... I recommend:

formatting link

Reply to
a

Clean with SpySweeper (webroot.com) and flush your reg with tuneup (tune-up.com).

Nosguy(at)comcast(dot)net Let's kill Spyware everywhere... I recommend:

formatting link

Reply to
a

I had something similar a day or two ago, with some adware that adaware couldnt remove. it turns out that this was because the processes respawned themselves when killed. After some playing around, I found I could kill them using the task manager's "processes" tab.

Find one of the offending processes, right click on it and "kill process tree". Adaware then worked.

Having said this: I *DONT* know how *YOUR* tronjan will respond to this. It's is *JUST* possible that it will do nasty things. So you have been warned. If you want to try it - dont blame me if it blows up in your face.

--

formatting link
- Write your own packet filtering rules for linux/iptables using a simple scripting language.

Reply to
Chris Lowth

Make sure restore is off and find somthing which cleans the registry to remove all the bad pointers , I use fixit , then if all else fails work out where the file is ( only works in fat 32) then dos floppy boot and remove it or you can drop the drive in another well protected machine and kill it that way if you dont want to format . also try the dos floppy boot and run fdisk /mbr your fat file may be corrupt. good luck

Reply to
atec

I would guess that you have gotten an email worm known variously as laris, ariss, assiral-B or Assiral.c. This is a relatively recent but widespread worm. The nasty thing about this worm is that it downloads one or more secondary worms (including Ist.Bar aka Downloader.1st.Bar) and disables antivirus and anti-spyware software.

I think Symantec also has a removal procedure for it on their web site.

Reply to
Mungo

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.