1. Join Now

    AVForums.com uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

trojan horse virus, can't delete, please help?

Discussion in 'Desktop & Laptop Computers Forum' started by stolt, Mar 29, 2004.

  1. stolt

    stolt
    Standard Member

    Joined:
    Oct 19, 2003
    Messages:
    328
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    rayleigh, essex
    Ratings:
    +1
    Hi I've recently had the following virus alert and its becoming more frequent that the following virus alert pops up on my screen....
    Trojan Horse Krepper.B

    Found in file C.Windows\42j3mbc7vb.exe

    pls run AVG.


    Firstly apologies if this is in the wrong forum...
    I've run AVG and it finds it but can't delete it saying access denied, I've tried spybot and Adaware aswell and it's still there,
    Also had a look in the C drive under windows and can see file 42j3mbc7vb and tried right clicking and deleting but again shows access denied.

    Can anyone offer anyhelp, do I need another programe to download and get rid of it, I think it's affecting the cds I'm trying to burn of family photos etc but these have been taken from a digital camera not from the net, I left a slideshow burning beforwe I went to bed last night when I came down this morning, there was the trojan horse alert plus adaware had been on aswell but the burning had failed I've had this same error message many times before, although playing the disc back this morning alot of the pictures were on there so not sure of what point it failed, because I didnt hav a enough time to watch the disc all the way through.

    Can anyone help.. I'm a novice when it comes to PC's anyway, so anyhelp would be greatly appreciated.
     
  2. Chris Muriel

    Chris Muriel
    Well-known Member

    Joined:
    Jun 14, 2002
    Messages:
    7,127
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Manchester
    Ratings:
    +715
  3. stolt

    stolt
    Standard Member

    Joined:
    Oct 19, 2003
    Messages:
    328
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    rayleigh, essex
    Ratings:
    +1
    hi chris thanks for the reply, this will only detect the virus without removing it, does anyone know of any freeware I can dowwnload...
     
  4. MattB

    MattB
    Standard Member

    Joined:
    May 17, 2001
    Messages:
    189
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    Essex,UK
    Ratings:
    +1
    Try turning off System Restore, run AVG to make sure all is clean, then restart System Restore.
     
  5. stolt

    stolt
    Standard Member

    Joined:
    Oct 19, 2003
    Messages:
    328
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    rayleigh, essex
    Ratings:
    +1
    mattb be where do I go to turn the off the system restore? perhaps I should have said I was an out an out beginner rather that novice when it comes to pcs...
     
  6. UrbanT

    UrbanT
    Distinguished Member

    Joined:
    Jan 6, 2002
    Messages:
    12,881
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    166
    Location:
    Aldershot, Hants
    Ratings:
    +3,038
    Its in Control Panel / System / System Restore Tab :)
     
  7. Zor

    Zor
    Standard Member

    Joined:
    Mar 17, 2003
    Messages:
    185
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    19
    Location:
    Cheshire
    Ratings:
    +0
  8. Mr.D

    Mr.D
    Well-known Member

    Joined:
    Jul 14, 2000
    Messages:
    11,061
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    133
    Ratings:
    +1,149
    AVG probably can't remove it because the virus/trojan is running.
    Identify the executable and then look for its process in the task manager.
    Kill it in the task manager to stop it running then run AVG and it will likely now be able to remove it .

    You might need to be in as admin to do this.
     
  9. Plump

    Plump
    Standard Member

    Joined:
    Feb 22, 2002
    Messages:
    636
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    19
    Location:
    under the bridge
    Ratings:
    +0
    Keith, one more post missing :)

    stolt, if nothing else helps there is always way arounf if you have enough space at the end of the hard drive - install another OS (winNT ot Win2000), boot from that one and clean your standard partition.
    as keith said , you might need to localize which file is running as trojan.

    you might also try to see if it is activated thru registry startup:
    HKEL_LocalMachine/Software/Microsoft/Windows/CurrentVersion/Run and delete suspicious inputs
    If it is not there but in NTUser.DAT you hardly have chance to clean it

    Have Fun! :rolleyes:
     
  10. Chris Muriel

    Chris Muriel
    Well-known Member

    Joined:
    Jun 14, 2002
    Messages:
    7,127
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Manchester
    Ratings:
    +715
    From what I recall ....

    The link I sent does appear to tell you how to implement manual removal.
    It tells you which processes to close and what to remove in the registry.

    It also says that Pest Patrol will remove it.

    Chris Muriel.
     
  11. InsertNameHere

    InsertNameHere
    Active Member

    Joined:
    Sep 17, 2003
    Messages:
    263
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    London
    Ratings:
    +3
    Can you not boot into safe mode and delete the file from there?

    Alex
     
  12. stolt

    stolt
    Standard Member

    Joined:
    Oct 19, 2003
    Messages:
    328
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    rayleigh, essex
    Ratings:
    +1
    many thanks for the reply, been searching round the net while at work today for different programs that could do it rather than trying to do it manually, bearing in mind I have no computer (well very little!) computer experience really wouldnt know where to start and worried I'll end up causing more problems, I have booted it in safe mode and tried to delete the file, but it said access denied.. once gain thanks for all the suggestions going to spend my evening now trying to download more programs/freewares to delete it and the others... i did go on the pest control website and did a free online scan, apparently found 61 different viruses... scary...
     
  13. stolt

    stolt
    Standard Member

    Joined:
    Oct 19, 2003
    Messages:
    328
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    rayleigh, essex
    Ratings:
    +1
    ok I've turned off the system restore, wheres the task manager, can't seem to find it? I think you guys are going to get fed up with me before the night/weeks out!!
     
  14. InsertNameHere

    InsertNameHere
    Active Member

    Joined:
    Sep 17, 2003
    Messages:
    263
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    London
    Ratings:
    +3
    Woah!

    Don't worry about Task Manager lol (which, incidently, can be accessed by pressing Ctrl+Alt+Delete). I'd backup any important files you have on your system (like documents, drivers etc) and do a complete reformat of your hard drive...

    Then invest in an Anti-virus package ;).

    Alex
     
  15. stolt

    stolt
    Standard Member

    Joined:
    Oct 19, 2003
    Messages:
    328
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    rayleigh, essex
    Ratings:
    +1
    well after I did that I ran the AVG again and it found the following

    c:windows\svhost.exe can not be removed
    (trojan horse startpage eq -- still infected)

    c;windows\42j3m6~1.exe can not be removed
    (trojan horse krepper.b - still infected)

    program files\global dialerzdomer00084\gd-dial.exe can not be removed
    (trojan horse dialer - still infected

    does this mean anything to anyone, any clues there....

    insertnamehere... I wouldnt know where to start with refomating the hard drive, is it something I could do with info off the internet or maybe by a book.... is it something a beginner should try..
     
  16. InsertNameHere

    InsertNameHere
    Active Member

    Joined:
    Sep 17, 2003
    Messages:
    263
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    London
    Ratings:
    +3
    Well I'm not sure what operating system you have, but to give you an idea of the procedure, heres a pretty decent step-by-step tutorial on how to install Windows XP (and reformat a Hard drive, of course):

    http://www.winsupersite.com/showcase/windowsxp_sg_clean.asp

    From this you'll see whether this is out of your depth or not. However, if you know how to change the booting order in your BIOS (have a look at your computer manual) and can install the necessary drivers / updates afterwards, then I'd say you won't have too much trouble doing this. BUT, only you will know if you're confident enough to carry this out. If you decide do go ahead with it, just make sure you backup all your important files beforehand (documents, drivers, downloads, e-mail, game saves etc) and you have all the installation discs at hand (Windows, Office etc).

    If you don't feel confident in doing this yourself, perhaps you know a friend that can help you with it? Either way, having 61 viruses on my system would scare me...

    Alex
     
  17. FoxyMulder

    FoxyMulder
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    Surely you run the risk of backing up the virus if you follow those steps ?

    I would imagine you can get the virus off the system without a major re-install.
     
  18. stolt

    stolt
    Standard Member

    Joined:
    Oct 19, 2003
    Messages:
    328
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    rayleigh, essex
    Ratings:
    +1
    once again thanks for the replies, insertnamehere, thanks for the info but being sucha beginner I've leave reformatting to the very last option, I'm just downloaded the free sone alarm firwall (which seems a bit late now but also I'm going to buy the pest control virus jobbie about $20.00 when I did the free scan that seemed to show alot of them, one thing I now have the AVG resident sheild keep poppin gup shhowing trojan virus startpage.eq found in c:\windows\svhost.exe, this seems the only one that is causing me greif, anyone know where I should look for this, again if i run AVG it finds it but says access is denied, feels like I'm running round in circles... thanks
     
  19. brifobwad

    brifobwad
    Standard Member

    Joined:
    Nov 29, 2002
    Messages:
    68
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    11
    Location:
    Rosyth
    Ratings:
    +1
    There is a free anti trojan program at http://www.emsisoft.com/en/ Look for a2free. You must manually update this. Try this before you shell out money for something that may not work the way you expect it to.
     
  20. InsertNameHere

    InsertNameHere
    Active Member

    Joined:
    Sep 17, 2003
    Messages:
    263
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    London
    Ratings:
    +3
    Sure. But it looks like the viruses he's obtained are executables which reside in the 'Windows' folder – something which you obviously wouldn't backup. I highly doubt any of these viruses have manipulated any of the files he's downloaded and provided they were obtained from a reputable source, they aren't going to contain any in the first place. However, there might be a few in your email (in the form of attachments). Either way, after carrying out a reformat, you'd have completely cleaned your hard drive, and once some anti-virus software has been installed, you can determine what files are safe to put back on your system (which should be most of them). Either way, you haven't lost anything (i.e. you still have your data on disc) but I wouldn't be comfortable knowing there were (and still could be) 61+ viruses on my system. Not to mention any spyware, keyloggers etc there might be as well. But that’s just me…

    Alex
     

Share This Page

Loading...