Trojans Question

[ordos45]

I can't seem to find these listed in any virus libraries I check online, but was wondering if anyone knows about these?  My AVG and McAffee caught them on a deep scan, hidden in what I think was System Restore.

A0020405.exe

A0020461.exe

A0020462.exe

A0020592.exe

A0020610.exe

A0020611.exe

A0026139.exe

A0026350.exe

A0028589.exe

[gryphon]

AVG and McAfee found them an identified them a what kind of trojan / spywire / viri ?

[ordos45]

That picture is the limit of what it told me, you don't get that much in the way of details on the free editions I guess.[attachment archived by Gobalopper]

[syczek]

there are typchica trojans who residenting in your memory and you shall delete infected with trojan files, scan your all discs wit antivirus what u have,

[gryphon]

I guess the healed ok means AVG has removed the trojan ?

[ordos45]

When I consulted the Help section it said Healed OK, meant it did.  Thanks Gryphon, and thanks Syczek (I'll go download the removal tool and run it now just to be on the safe side).

[syczek]

no problem... 

  but you need some beware to entering into unknow sites, in these websites can be hideden trojan or viruses. i using internet just for maintenance of my knowledge(earning science) we shall be carefully . many people having troubles with viruses more dangerous than this virus trojan horse startpage or something.

best dangerous irus is win32.cih.1003 and virus  mydoom .  sometmes i got in my mailbox mydoom viruses , but i always delete these !@#$%

[ordos45]

And dad has managed to download the same one...again...four times.  And of course AVG froze while trying to remove them.  Time go get the specialized removal tool...again.

[Atomic Mitten]

Oh my,if your using windows XP,you have to delete all your System restore points to effectively deal with a virus,because it copies it's self to the restore points folder.

Go to control panel/System then the System Restore tab and put a tick in the box Turn off restore points on all drives.

Then re-boot run AVG and once it'S run go into System/Restore again and uncheck the box.

Voila all will be ok again. :)

[ordos45]

Yep done that too!  I checked the dates and such on our latest two of them, both occurred while I was in school...meaning dad again.  (The man opens attachments, says yes to downloading programs...then complains when I spend so much time cleaning up.)

[syczek]

we needs hijackthis program, www.majorgeeks.com  by this program u can  find some troojans or other bad software. i know how to  "check log" and i can help in deleting unknown registry walues/files

[ordos45]

Thanks for the link last time, but already had most of the freeware. (Yes I am that paranoid..3 Firewalls, 2 virus scanners, and anti-spyware.)

So dad's latest four, including one he's had before that I got rid of.  (And yes, I made sure it was purged from System Restore.)

My AVG Anti-Virus will detect them, then when it tries to quarantine it freezes, and when I try to manually delete they restart Windows.

So, throwing myself upon the more security tech inclined...does anyone know removal tools for the following:

Si1.exe (In Temporary Internet History)

Si2.exe (Temporary Internet History)

XDLDR24.EXE (In System32...infuriatingly I got rid of it the first time he downloaded it)

SXULNSMP.EXE (In Internet Explorer itself)

Thanks for reading this post.

[gryphon]

which anti-spyware programm do you use ?

[syczek]

only one can help here

format c:

format d:

reinstall system , recommended linux knopix 3.2 , but windows xp is cool!

windows easy to blow with wiruses

linux is hard to learn but evry try may success

[gryphon]

I don't think the question to use Linux or not just depends on the fact that Windows is more attractive to virus writers...

[Spectral Paladin]

I 've heard of trojans that "inject" themselves to other program, such as Internet Explorer so that they become invisible to task managers, undetectable by anti-virus and other scannners and unstoppable by firewalls. How can I deal with such one? (discover if I 'm infected and react?)

[gryphon]

not shure. . but think there is always a seperate process for the trojan.

If you should get one that's not, you are either visiting the wrong sites .. and I mean way off. . . or the guy getting it on your system is way to good to protect yourself against.

Just for home-user situations that is and you are using a up to date virus scanner, firewall and non-IE browser with serucity settings on. :)