Hi
I've being trying to get rid of a virus "download trojan" from my machine
with little success. I've followed all the steps from the Symantic web site
to no avail. Everything to the best of my knowledge is up to date, virus
definition windows update etc.
When I run a full virus scan it shows up nothing. On the log viewer it shows
this virus as repair failed.
It's slowing down my machine with pop-ups etc.
Anyone else experience this? any ideas?
TIA
Bob.

On Thu, 3 Mar 2005 12:02:10 -0000, Bob Reynolds wrote:

> Hi
> I've being trying to get rid of a virus "download trojan" from my machine
> with little success. I've followed all the steps from the Symantic web site
> to no avail. Everything to the best of my knowledge is up to date, virus
> definition windows update etc.
> When I run a full virus scan it shows up nothing. On the log viewer it shows
> this virus as repair failed.
> It's slowing down my machine with pop-ups etc.
> Anyone else experience this? any ideas?
> TIA
> Bob.

Have you tried restarting to Safe Mode and then remove the trojan?

Does the log file tell you where the infected file is located at?

--
Sharon F
MS-MVP ~ Windows Shell/User

yes, Ive disabled sys restore, updated virus def. restarted in safe mode and
ran sys scan and deleted temp internet files. nothing happened. Think I know
where it is, but it won't allow me to delete it.
Thanks for your reply.


"Bob Reynolds" <(E-Mail Removed)> wrote in message
news:OH7kVj%(E-Mail Removed)...
> Hi
> I've being trying to get rid of a virus "download trojan" from my machine
> with little success. I've followed all the steps from the Symantic web
> site to no avail. Everything to the best of my knowledge is up to date,
> virus definition windows update etc.
> When I run a full virus scan it shows up nothing. On the log viewer it
> shows this virus as repair failed.
> It's slowing down my machine with pop-ups etc.
> Anyone else experience this? any ideas?
> TIA
> Bob.
>

On Thu, 3 Mar 2005 23:51:28 -0000, Bob Reynolds wrote:

> yes, Ive disabled sys restore, updated virus def. restarted in safe mode and
> ran sys scan and deleted temp internet files. nothing happened. Think I know
> where it is, but it won't allow me to delete it.
> Thanks for your reply.

Usually a file will not delete if it is "in use." That is why the start to
Safe Mode is usually successful.

There are now viruses and other malware that run two or more processes
simultaneously. One to do the dirty work and the other(s) to check that
files haven't been deleted. When/if that happens, a new "bad" file is
created. This ends up being another round robin when trying to delete a
file.

Suggestions:
-If you are sure you have correctly followed the directions from the
antivirus vendor, send them a sample of this intrusion. They will want to
update their definitions and/or their directions for removal. Directions
for how to do this should be in the help file for the antivirus program. If
unable to find, check their website for submission directions.

-See if you can figure out what process has the "handle" on the file. End
task on that file and then perform the deletion. You can use something like
Process Explorer from www.sysinternals.com for this job.

-Take a look at the "Delete.." topics on this page by MVP Kelly Theriot:
http://www.kellys-korner-xp.com/xp_d.htm
One of those methods may work for you.

--
Sharon F
MS-MVP ~ Windows Shell/User