Bloody Trojan

[Unhappyrainbow]

Hi all,

Unfortunately, whilst out the other day, the Wife was on the laptop. She said a pop up appeared stating that our computer had 366 viruses and we needed to remove them. She pushed the button saying 'remove viruses'

The programme was called PAV (personal antivirus). I later deleted PAV from the computer and also installed Spyware Detector, which is great as it tells me i have a trojan, but i do not want to pay the £20 to get it removed.

I am now worried as i do not know what the trojan is doing to my computer, obtaining passwords or whatever. Also when ever i open a new tab on my internet explorer, a resident shield alert pops up. It says:-

Threat detected,
File name : C:\windows\system32\winexplorer.dll
Threat name: Trojan horse Generic13.BGQN.

At the bottom there is the option to Heal, Move to vault or ignore. I do not know whether to trust this box or if it is a new naughty one?!

I am using windows vista home premium. I have the free AVG installed.

Any help/advice on how to remove all this garbage would be most appreciated.

Thanks

 

[floppybootstomp]

Don't trust any instructions, it's very likely the rogue software and it may only make things worse.

AVG AV is a bit rubbish, so get shot of that and install Antivir and do a scan with that.

Then also download and install Superantispyware and scan with that.

Either of those programs (both free by the way) may successfully remove your nasty or they may not.

They are the only two protective programs I use (apart from Windows' own and a hardware firewall) and this is not really my specialist area but using those two is definitely worth a shot.

Before uninstalling AVG and installing Antvir by the way, run Superantispyware first, it will possibly have more luck in removing the offensive item than Antivir and this way won't leave you totally unprotected for a short period.

 

[Unhappyrainbow]

Thanks for your reply Floppy,

Before reading your post i installed Avast and ran a scan with that. No threats or viruses showed up. Having read a few reviews, Avast seems to be a decent virus scanner thingy.

Does anyone else have any ideas on what i could do. I decided to bite the bullet and push the button to remove the threat. The logo on the top of the box is the same as my AVG logo so i believe that it is linked somehow. After attempting top remove the infected file, it said it could not delete some files, one of which was the one i wanted it to!

Any more help would be mucho appreciated!

Thanks

 

[Madxgraphics]

Thanks for your reply Floppy,

Before reading your post i installed Avast and ran a scan with that. No threats or viruses showed up. Having read a few reviews, Avast seems to be a decent virus scanner thingy.

Does anyone else have any ideas on what i could do. I decided to bite the bullet and push the button to remove the threat. The logo on the top of the box is the same as my AVG logo so i believe that it is linked somehow. After attempting top remove the infected file, it said it could not delete some files, one of which was the one i wanted it to!

Any more help would be mucho appreciated!

Thanks

Trend Micro Housecall its an online scanner and pretty decent.

Malwasrebytes

And have you tried Super Anti as Flopps suggested..?

Otherwise the only other thing I can suggest is getting over to Bleeping Computer.com Doing a HJT report and posting it to them and see what they can suggest..

 

[Alex A. Obuchowicz]

Houston I got a problem !!

After playing with many software back and forth ,I got some odd situation in my Operative system “windows 2000 pro” which by the way I access to it as Administrator ( with all the power !)

I think that the computer has a virus as someone posted , so I have been had !! but I really do not know.Would someone please help me out in this matter ,please ? I fully appreciate the reading of this despaired message
:

1 ) I can not get access not only into regedit but also in regedt32 and get the message :

“The regedit has been disabled by your administrator” despite of trying several actions taken such us :

a) Script taken from here www.dougknox.com/security/scripts_desc/regtools.htm ( thanks anyway )

b) Playing with the Group Policy Editor gpedit.msc ( User configuration/ administrative templates / system / disable registry editing tools “Disabled” or leaving “not configured “

c ) I “red add” through out the command prompt does not work

d) the following script scrpt neither :

Windows Registry Editor Version 5.00


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableRegistryTools"=dword:00000000


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"**.del.DisableRegistryTools"=-



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableRegistryTools"=dword:00000000


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"**del.DisableRegistryTools"=-


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoSaveSettings"=dword:00000000

2 ) As well as my task manager which is blocked

3) ClamWin antivirus does not START , neither the portable in one of my flash memories

It seems that there is not other trouble hovering around , the rest of the programs work well till now , but due to this inconvenient I can not solve some personal issues I need to get .

Would someone please help me out in this matter ,please ? I fully appreciate the reading of this despaired message

Houston I got a problem !!

Thanks a lot everybody I hope I can get some answer soon

 

[floppybootstomp]

Alex, you'd be better off starting your own thread, this one is already concerned with a different subect and to discuss two here would be confusing.

If you start a fresh thread within 24 hours I will delete this post.

And welcome to the Forum

 

[floppybootstomp]

People ask for advice then do their own thing anyway

Sigh.

Mr Unhappy rainbow (is that a monicker for longevity within a forum?) let me say this, no ifs, no buts, Antivir is the best free AV software there is, independent reports and most importantly of all my own experience confirm this.

If you're happy with Avast, good luck to you and if you choose not to use Superantispyware, your perogative.

Also, you should never run two AV programs together, they clash and kinda nullify each other's usefulness. So if you didn't uninstall AVG before installing Avast, you best do so now.

You've had all the advice I can offer, other members here may offer other advice. If you choose to go your own way, good luck with your problem, sincerely

 

[Unhappyrainbow]

Floppy,

If you read my post correctly, you would see that i installed Avast prior to reading your post re: antivar. I have since installed Anitvar and the problem has gone.

Thanks for your helpful advice, but read previous posts before tutting and sighing!

 

[floppybootstomp]

Thanks for your reply Floppy,

Before reading your post i installed Avast and ran a scan with that. No threats or viruses showed up. Having read a few reviews, Avast seems to be a decent virus scanner thingy.

Does anyone else have any ideas on what i could do. I decided to bite the bullet and push the button to remove the threat. The logo on the top of the box is the same as my AVG logo so i believe that it is linked somehow. After attempting top remove the infected file, it said it could not delete some files, one of which was the one i wanted it to!

Any more help would be mucho appreciated!

Thanks

Floppy,

If you read my post correctly, you would see that i installed Avast prior to reading your post re: antivar. I have since installed Anitvar and the problem has gone.

Thanks for your helpful advice, but read previous posts before tutting and sighing!

You're quite correct and I offer you my apologies. It's late

Still curious as to whether you ran Superantispyware or not.

But whatever, your problem has gone and I'm pleased about that

Hopefully your spowse has learnt something from the experience and now knows not to trust popups.