trojan horse-undeletable or cleanable file

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

im running windows xp, i have had trouble with trojan horses for a while now
but run trend micro housecall and always managed to get rid of them up to
now. yesterday my pc went nuts, it was still crashing and running really
slow so i did another scan today. housecall told me i have a trojan called
"phong" which is in system32 file, it cant be accessed to be cleaned and cant
be deleted as its in use. any ideas please how i can get rid of it? thanks
in advance..
 
You can try two things, try a different AV to see if you it can help
you remove the trojan. I recommend Kaspersky Personal Pro (free 1 month
trial). If that doesnt work you should consider replacing the windows
core files. The best, althouhg not so simple solution would be to do a
fresh install of windows, if that cant be done try replacing.

This is from the Symantec web site:

You can use the automated System File Checker:

1. Click Start, and then click Run.
2. Type: sfc /scannow
3. Click OK. The Windows File Protection dialog box appears and a
system scan begins. You may have to insert your Windows installation
CD.
4. Follow the prompts.

# You can use the File Signature Verification Utility:

1. Click Start, point to Programs, point to Accessories, point to
System Tools, and then click System Information.
2. Click Tools, point to Windows, and then click File Signature
Verification Utility.
3. Click Start. You will be prompted you if any altered or corrupt
files are found that may need to be reinstalled from the installation
CD or other source.


Hope it helps,
Dan
 
thanks for the reply
well i tried avg and avast but they didnt pick the trojan up,only trend did
but ill try the av trial you mentioned. i use spybot and adaware everyday. i
have no recovery disks or anything i bought the pc off someone and windows
was allready on. ive no idea how to replace core files so ill leave that
alone lol! im new to computers ive so much to learn :)
 
need a little more info--for example, did housecall say the filename?

I cannot find any info on this trojan.


Did you try rebooting into safe mode, and deleting the file, as well as the
corresponding entry in the registry where the trojan starts?
Did you try going into task manager > processes and killing any suspicious
processes, then running a av program?
 
Turn off "System Restore" and boot into "Safe Mode with Networking." Go to
Trend Micro House Call and do an online scan then reboot normally and turn
on System Restore.

Disabling or enabling system restore.
http://www.pchell.com/virus/systemrestore.shtml

Entering Safe Mode with Networking
http://support.microsoft.com/kb/315222

Trend Micro House Call
http://housecall.trendmicro.com/


The following are a list of free programs you might look over (McAfee
Stinger is said to remove "phong".


Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html

Ad-Aware
http://www.lavasoftusa.com/software/adaware/

CWShredder
http://www.intermute.com/spysubtract/cwshredder_download.html

McAfee Stinger
http://vil.nai.com/vil/stinger/

HijackThis
http://www.tomcoyote.org/hjt/

SpywareGuard
http://www.javacoolsoftware.com/spywareguard.html
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Trojan Horse 3
Best software for getting rid of particular Trojan Horse 1
Install.exe file with Trojan Horse 1
trojan horses on write-protected files 1
Trojan Horse Viruses 1
trojan horse - sysmon.exe 8
trojan horse in write protected file 7
Trojan horse 6

Back
Top