Killing Adware Trojans.

[Deano]

Several online av scans as well as installed programs have indicated
that both of my computers networked at home have specific Adware
trojans. Yet neither Norton AV on one and PC-Cillin on the other will
clean or delete these files automatically. The closest I get is some
long-winded gibberish from Symantec after a scan that I must "manually"
remove them from the registry file. I have no problem with doing so,
but I was hoping there was an easier solution. I would run the Windows
restore program, but I just recently changed ISP's and I do believe that
would get FUBAR'ed at the very least. Any suggestions? Even Panda is
showing infected files that aren't cleaned, and THEY are SO helpful with
using a teeny tiny window interface that WON'T resize to let me see more
info. Thanks. ;-Deano

 

[Ross Durie]

That is the easy way. Follow Symantec's instructions to remove the registry
entries as instructed. If you think that it is gibberish then buy an abacus.

 

[Ross Durie]

P.S. So you are also saying that you can't manually configure a dialer -
takes less than 10 seconds. Is there anything you can do??

 

[Kelly]

Either follow the steps to manually remove them or pay someone else to do
it.

 

[Deano]

Several online av scans as well as installed programs have indicated
that both of my computers networked at home have specific Adware
trojans. Yet neither Norton AV on one and PC-Cillin on the other will
clean or delete these files automatically. The closest I get is some
long-winded gibberish from Symantec after a scan that I must "manually"
remove them from the registry file. I have no problem with doing so,
but I was hoping there was an easier solution. I would run the Windows
restore program, but I just recently changed ISP's and I do believe that
would get FUBAR'ed at the very least. Any suggestions? Even Panda is
showing infected files that aren't cleaned, and THEY are SO helpful with
using a teeny tiny window interface that WON'T resize to let me see more
info. Thanks. ;-Deano

Thanks for all the in-depth help on this. I have no problem with
RegEdit. If my hands and my eyesight were more reliable, I would not
hesitate to jump in and do the manual changes. I guess I should do more
backups so I won't be afraid of screwups. And I have been editing
registry files in one form or another for several years. I'm sorry if
my request for simpler solutions has offended anyone here. ;-Deano

 

[Ross Durie]

If you thought about the problem and how to solve it you would see that any
automated solution is difficult.

 

[Rick \Nutcase\ Rogers]

By thier very nature, most trojans defy automatic removal, hence the fact
that everyone is telling you (both here and on the various AV support pages)
to remove them manually. These are the steps I usually use, and it helps in
ensuring that removal is complete. By the way, System Restore is generally
not the answer, as it often houses backups of the trojans themselves.

Restart in Safe mode by hitting F8 as Windows first begins to load on boot.
Logon as administrator.

Start/search/files and folders, look for <filename> and delete it wherever
it is found.

Start/run regedit, expand the + signs to look under these keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

Look in the right hand pane for the string or strings that load that file.
Delete just those strings that contain the reference. Do not delete other
strings or the keys from the left pane. Close the registry editor when
completed, make sure you check all strings.

Go to the Control Panel/System/System Restore tab. Check the box to "Turn
off system restore on all drives". Click apply/ok. This will remove all
restore points, however you don't want them back as some or all of them will
contain the virus depending upon how recently you got infected.

Restart the system normally. Go back to the Control Panel/System and restart
System Restore.

Update your antivirus software, run a full system scan.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[Guest]

Hi Deano,
There are several removal tools avaiable for free, try and go to
www.your-soft.com and go to download Trojan Guarder Free Edition and that
does a good job in removing from your files and Reg. It also gives good
information on whats running in the background and what ports are being
accessed. There is also Stinger which is at www.vil.nai.com/vil/stinger and
it will remove 45 different Trojans. Good Luck..

 

[Kelly]

Well said, Rick.