how can i remove TROJAN HORSE VIRUS???

Question

Norton anti-virus detected that i have a trojan horse virus, and couldn't delete it!!!!
i downloaded spyware doctor, and it deleted it.. the problem is, it keeps on coming back!!!
although i have both softwares wroking!!!
what can i do ??

Answer 1

Try running spybot - search and destroy:

http://www.safer-networking.org/en/index.html

No guarantees, but it may have better luck.

Answer 2

Turn off your system restore. It's probably getting stuck in there.

Go to MyComputer from either the start menu or the icon on your desktop. Right click on it with your mouse, chose Properties. Go to the "SystemRestore" tab and place a checkmark in "Turn off System Restore" click APPLY then OK then YES. Then re-run your anti virus program. Reboot, run the anti virus program again to make sure your clean. If you are clean, turn the system restore back on at the same locaiton, by removing the checkmark.


Good Luck

Answer 3

Download and update ewido. Do not run:

http://www.ewido.net/en/download/


TEMPORARILY SHOW HIDDEN FILES AND FOLDERS.

1. Click Start, and then click Control Panel.

2. Click Appearance and Themes, and then click Folder Options.

3. On the View tab, under Hidden files and folders, click "Show hidden files and folders", and clear(uncheck) the "Hide protected operating system files" check box.

IMPORTANT: Files are hidden by Windows for a very good reason. It is not wise to experiment with these files. Unfortunately, to successfully remove modern spyware we must turn this protection off temporarily. Please turn the protection back on when you have finished cleaning your system.


EMPTY INTERNET EXPLORER BROWSER CACHE:

1. On the Internet Explorer Tools menu, click Internet Options.

2. On the General tab, in the Temporary Internet Files section, click the Delete Files button. Select the Delete all offline content check box in the confirmation dialogue box that appears, click OK. Click OK again.

RESTART IN SAFE MODE:

To do this you need to hold down or repeatedly tap the F8 key while the computer is booting (when the computer is displaying a black screen with white text). When the boot menu appears, use your keyboard arrows to select "Safe Mode."

Safe Mode can look quite ugly. The color may look bad, and all of your desktop icons will be very large. This is normal.



START THE SCAN WITH YOUR PROGRAM(S).



When the scan and removal are completed REBOOT COMPUTER. This will restart you in normal mode.

RESET HIDDEN FILES AND FOLDERS.

The RESTORE POINTS may be infected with the Malware and cannot be used. Delete the old one(s) and make a new one.

CLEAR OLD RESTORE POINT(S). HERE'S HOW:

1. Click Start, and then click Control Panel.

2. Click Performance and Maintenance, click System, and then click on the System Restore tab.

3. Select the Turn Off System Restore check box, click Apply, then restart your computer.

4. Return to the System Restore Tab and turn System Restore back on.


TO SET A NEW RESTORE POINT:

1. Click the Start button.

2. Point to Programs, then navigate to Accessories, then System Tools, then click System Restore.

3. Choose Create a restore point, and then click Next.

4. In the Restore point description box, type a name for your restore point, and then click Next.

5. Click OK.

NOTE: If you are using Windows XP Service Pack 2 (SP2) and are unable to access the Internet after removing Malware, there is a command that may fix the problem. It works by resetting the winsock catalogue. Click on Start, then Run and type CMD in the box. Click OK. Type "netsh winsock reset" (no quotes)into the DOS window that appears.

Answer 4

You need to get the name of it and look up the definition, follow those directions. Some virus's multiply when you attempt to delete it so you need to get the definition first before ever doing anything. Nortons can provide that to you. Have you tried quarantining it for now?

Answer 5

All Trojan horses are hidden files so you would need to go to the Files Option (click the View tab)at Control Panel and uncheck both the *Hide file extension for known file types & *Hide protected operating system files (Recommended)-boxes, then OK yourself out. You will then need to restart your computer and go into SafeMode by HOLDING the F8 key DOWN -(at bootup - after the first screen info - be quick!). [You have to use your keyboard when you're in SafeMode - the keys to use are Ctrl/Alt/Delete (to exit the Help and Support screen) - Tab/Arrow keys/ Pageup/Pagedown/ the Window key(between Ctrl & Alt) & Enter]

So, from the DeskTop screen press the Window key to get Start/ arrow up to Search/ arrow right to For Files or Folders and type up the NAME OF THE FILE & EXT (not downloader.Keennval.B) but the actual name of the file, which would have shown up on your anti-virus software. To delete this file from here just press Page Up to highlight the file and then delete. To get out of Search -Alt F/ arrow down to Close and press Enter.

It will be safe to empty your Recycle Bin in the Normal mode where you can use your mouse.

I have had 4 trojan horses on my C drive and kinda figured out the above method a week ago. I deleted the Temp file (as these keep putting the same files back into your system) from the _Restore folder after unchecking the hidden files boxes, then went to SafeMode to delete what virus files that were still there. My computer is now absolutely FREE of these pests!

PS. I also have AVG 6.0 (the free one) & also the Ad-aware 6 and I use them every day as my kids love to play games from the Internet.

Here is more input:

* Don't try to heal the file... just move it to the virus vault and delete it...it's not important...just spyware clear your cashe and temp internet files...turning off system restore may help as you are clearing it from your computer...run avg again and you will find it is gone..

* Tried avg/panda/avist only avg detected keenval b/e & c but it could not remove it then i tried adaware6/spybot still no sucess, then i used me startup disc with minimal boot typed c:\deltree\restore\temp where avg said virus was, rescaned with avg no viruses detected.

* I have been using AVG anti-virus for quite sometime and never encounter the 'KEENVAL' problem until I installed kazaa. I removed kazaa and the problem went away. Upon reinstalling kazaa, the problem came back.

* I had it as well. I downloaded dietk and it removed all the spyware that came with kazaa.

* when keenval lodged itself into C:\ system volume... I went into safe mode, removed kazaa with the add\remove program (control panel), then re-booted, hit the start task bar button, then all programs button, then hit accessories, system tools and finally system restore. On the left side of the system restore box it says "system restore settings" click on that, then click on the box that says "turn off system restore", let it grind for a few seconds turn off your computer and hopefully keenval is history. Retrace the above proceedure to turn system restore back on. Good luck (windows xp)

* Use AVG 7.0 detected keenval b, c &e this was after the Kazaa experience as well. infected files were in the system restore file as well. avg fixed the probs. nice program.

Answer 6

Stopzilla will remove most all of them. Spybot and AVG did not work on one I got, but Stopzilla removed it.

Answer 7

get a trojan horse remove tool from softonic.com

Answer 8

try also this anti-virus

http://www.grisoft.com/

and this spyware-remover

http://www.wilderssecurity.net/spywareguard.html
http://www.misec.net/

And also the S&D Spybot

http://www.security.kolla.de/

Ive used spybot (and is good) and allso adware (also good)

This is all free BTW :D