Krazy said:
I can't run safe mode on my computer, I'm afraid I have a
trojan, and when I scan it is found but can't be deleted.
Also, I was just going to reformat my computer with my
reinstallation CD, but when I click to reinstall windows,
it says that the program I'm running now is a later
version than the one on my CD, what do I do?! Thanks!
If you just want to format and reinstall, reboot the system with the XP
install CD in the drive. Choose installation, and when you are asked where
to install, pay close attention. Choose the drive in question and also
select "format", *not* "leave as is".
This will of course wipe all data on the drive.
There are a couple of other approaches you may want to try first:
You say that the trojan is found, so this should give you an indication of
*where* it is and what the filename is.
1) It can't be deleted because it is running, so start normally and go to
Start, Run, MSCONFIG and turn off everything you can under Startup tab.
Restart, rescan, and you should be able to delete the files.
2) boot to Safe Mode - Command prompt and manually navigate to the file and
delete it.
3) put the drive into another machine as a secondary drive, and scan it that
way. Since the drive's files will not be in use, you can delete whatever
you like.
A variation of this is to just get a brand-new drive, install it as the
primary drive and the original as secondary, do a fresh install of XP to it,
and then scan the secondary drive.
4) turn OFF System restore on that drive. The trojan is probably hiding
copies there.
5) with the drive hosted in another machine or with a "minimal" boot via
MSCONFIG, use Explorer set to display all files and file extensions, empty
all temporary file folders (including Internet caches) and go through the
file lists in the \windows and \windows\system32 folders. Delete or alter
the extensions of suspect files. It is very helpful to have a working
machine handy so you can look up filenames you wonder about.
HTH
-pk
