A Strange Trojan?

[Jay Peterman]

A friend asked if I could take a look at her computer because she
could not access anything by clicking on her desktop icons.

I went over and tried a few different things and could not help. She
constantly downloads (against my advice) small games, flashy things,
etc. She also installed Zone Alarm which I told her gave me problems
in the past. I thought her porblem could have been ZA-related.

After trying several things I decided upon a System Restore. During
the process a message came up that said somethign similiar to
following:

Trojan Horse
Downloader.Wintrim.AD had infected the system in folder
C:\SystemVolumeInfoRestore
(410F1799-A15A-99C7-5c691D1A4D90)RP121\A0025085.dll

Do you want AVG to take care of it?

Of course I say yes then it returns to the System Restore screen and
says nothing has been changed.

I've read about removing the .dll altogether but cannot access the HDD
to find the file to remove it.

Does anyone have any ideas?
Thanks

 

[Phil \(a.k.a. purplehaz\)]

Her machine is probably full of spyware and in the system restore file is a
left over virus. If you restored the computer it may be infected once again.
First turn the firewall back on. You always need a firewall. Then you'll
need to turn system restore off and then reboot. Then run avg(updated) and
clean any viruses. Then run the following tools:
Run these tools weekly
spybot -- http://www.safer-networking.org/
ad-aware -- http://www.lavasoftusa.com/

Then turn system restore back on.
Then goto windows update and install all security related updates.

Recommend you use the immunize function in spybot and/or install a spyware
blocker or you'll just be back over trying to fix it next week.

 

[Jay Peterman]

Her machine is probably full of spyware and in the system restore file is a
left over virus. If you restored the computer it may be infected once again.
First turn the firewall back on. You always need a firewall. Then you'll
need to turn system restore off and then reboot. Then run avg(updated) and
clean any viruses. Then run the following tools:
Run these tools weekly
spybot -- http://www.safer-networking.org/
ad-aware -- http://www.lavasoftusa.com/

Then turn system restore back on.
Then goto windows update and install all security related updates.

Recommend you use the immunize function in spybot and/or install a spyware
blocker or you'll just be back over trying to fix it next week.

Thanks Phil I'll give those a shot. I did run Ad-adware which found I
nothing. She does have the latest AVG updates and said nothing was
found. I started to run it but it took and inordinate amount of time
so I stopped it.

Appreciate your help.

 

[John A. Wolf]

Jay, it sounds to me like the restore point was made while her computer was
infected with the trojan and AVG is detecting the infected file while system
restore is attempting to restore it. I would recommend against using that
restore point as you may reinfect the computer. If you do make sure you run
a full scan afterward to clear out any infection.

Hope that helps.

 

[Phil \(a.k.a. purplehaz\)]

Thanks Phil I'll give those a shot. I did run Ad-adware which found I
nothing. She does have the latest AVG updates and said nothing was
found. I started to run it but it took and inordinate amount of time
so I stopped it.

Appreciate your help.

You're welcome. Sounds like it virus clean, so turning off system restore
and rebooting will get rid of the virus in system restore. Then spybot
should fix you up. It finds things adaware doesn't.

 

[Plato]

After trying several things I decided upon a System Restore. During
the process a message came up that said somethign similiar to
following:

Trojan Horse
Downloader.Wintrim.AD had infected the system in folder

Disable system restore, reboot, then combat the bug.

 

[Jay Peterman]

Disable system restore, reboot, then combat the bug.

Thanks everyone for your help. I'm going to try these things today.

 

[Jay Peterman]

Disable system restore, reboot, then combat the bug.

Just remebered I cannot get to the Control Panel either. I burned
SpyBot on a CD but the CD player does not function either.

If I can find a restore point from way back I may have to do that. The
only other alternative I can think of is reinstalling the OS.

Thanks.