Can I delete a Windows file to get rid of a Trojan?

A

Alexander Baron

Recently my system has been infected with a Trojan called
downloader.agent which has defied all attempts to get rid of it. It
creates an exe file called polall1l.exe which activies at 00.20. I've
just done a text search and found this string in two Windows files:
user.dat and localnrd.inf.

The latter was last altered September 27 and contains the name only.
Can I delete either or both of these files safely and will this get
rid of the problem?


a_baron[AT]ntlworld.com
 
D

Duane Arnold

(e-mail address removed) (Alexander Baron) wrote in
Recently my system has been infected with a Trojan called
downloader.agent which has defied all attempts to get rid of it. It
creates an exe file called polall1l.exe which activies at 00.20. I've
just done a text search and found this string in two Windows files:
user.dat and localnrd.inf.

The latter was last altered September 27 and contains the name only.
Can I delete either or both of these files safely and will this get
rid of the problem?


a_baron[AT]ntlworld.com
Click to expand...

It seems that you have a *hidden* process that's running on the machine and
all attempts to locate the culprit have failed and it keeps creating the
file.

Maybe, the link and some of the tools being explained like Process Explorer
can help you pinpoint what is doing it. If you have a NT based O/S, you can
also enable Auditing on the computer and it will log programs stopping and
starting on the computer as well that can help you pinpoint it.


http://tinyurl.com/klw1

Duane :)
 
D

David H. Lipman

Assuming you could, that doesn't clean up some of the side effects that some infectors will
leave behind. For example, changes made in the Registry.

Dave




| Recently my system has been infected with a Trojan called
| downloader.agent which has defied all attempts to get rid of it. It
| creates an exe file called polall1l.exe which activies at 00.20. I've
| just done a text search and found this string in two Windows files:
| user.dat and localnrd.inf.
|
| The latter was last altered September 27 and contains the name only.
| Can I delete either or both of these files safely and will this get
| rid of the problem?
|
|
| a_baron[AT]ntlworld.com
 
S

Sunny

Alexander Baron said:
Recently my system has been infected with a Trojan called
downloader.agent which has defied all attempts to get rid of it. It
creates an exe file called polall1l.exe which activies at 00.20. I've
just done a text search and found this string in two Windows files:
user.dat and localnrd.inf.

The latter was last altered September 27 and contains the name only.
Can I delete either or both of these files safely and will this get
rid of the problem?
Click to expand...

Discussed here :
http://forums.afterdawn.com/thread_view.cfm/118211
Someone fixed their PC with this :
http://www.ccleaner.com/
Plus :
CWShredder is updated each week -- keeping it as it is wont help you. -- to
update --> you have to download it again if ever you get infested again.
http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
 
A

Anonymous

Recently my system has been infected with a Trojan called
downloader.agent which has defied all attempts to get rid of it. It
creates an exe file called polall1l.exe which activies at 00.20. I've
just done a text search and found this string in two Windows files:
user.dat and localnrd.inf.

The latter was last altered September 27 and contains the name only.
Can I delete either or both of these files safely and will this get
rid of the problem?


a_baron[AT]ntlworld.com
Click to expand...

no idea what localnrd.inf is, but user.dat is part of windows registry,
delete it and you may be re installing winders
 
D

David H. Lipman

Based upon the Sysclean LOG file you sent me, Sysclean cleaned three different Trojans.

Now use the "other" command Line scanner we discussed.

Dave



| Recently my system has been infected with a Trojan called
| downloader.agent which has defied all attempts to get rid of it. It
| creates an exe file called polall1l.exe which activies at 00.20. I've
| just done a text search and found this string in two Windows files:
| user.dat and localnrd.inf.
|
| The latter was last altered September 27 and contains the name only.
| Can I delete either or both of these files safely and will this get
| rid of the problem?
|
|
| a_baron[AT]ntlworld.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How do I get rid of perfc000.dat ? 2
Can't get rid of Trojan horse Backdoor 5
How to get rid of Trojan Horse 5
How to Delete Trojan Dialer dra.exe? 29
Trojan Horse - Access Denied trying to Delete File 4
Win32:Trojan-gen. {Other} - how do I get rid of it? 3
Okay, how do I get rid of this??? 1
Getting Rid of a Virus\Trojan 13

Top