Norton AV detected a trojan horse on my comp that has infected a file called helpexp.exe.

Now when i run a scan it detects it and i quarantined the infected file and then deleted it from norton av.

But when i restart my comp norton av gives a msg telling me that the same file has been infected and if i want to quarantine it so i quarantine it again and delte it and when i restart my machine i am back at the same problem.

I downloaded Tauscan but that doesnt seem to detect it at all or remove it.

I am not sure if the file is still on my machine or not? I followed the part to the file but a folder in that path seems to be missing?

What should i do?

Hi John,
Windows Me has a restore function,i think the virus has copied itself in that folder and cannot be deleted as long the restore is not disabled.Download,update and run Trojan Remover(it's free for a month)
http://www.simplysup.com/tremover/download.html

John, your problem is not an easy one.
Hopefuly we can walk you through
this.

Download 'Hijack This!'. http://www.tomcoyote.org/hjt/
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Abnormal

Guys thanks for responding. I downloaded Trojan Remover and it didnt detect the virus at all.

But while Trojan remover was scanning the folder that had the infected file it kept pausing at a particular file and norton av popped up and gave me the same msg that i got b4 asking me to quarantine the file.

so i deleted the file where Trojan remover kept pausing and everything is back to normal and its weird the file i deleted wasnt the one that was supposed to be infected but after deleting that file i dont get that msg when i restart the comp.

Is this a good sign or is there somth suspicious?

My comp fine so it doesnt matter but pls let me know.

Thanks for ur help guys, this forum is really good!!

Uninstall Alset Help Express via Add/Remove Programs.

hello, this is very curious Trojan Remover didn't reconize a trojan signature, this program has two scan, one to check into your Memory RAM, the second after the fist scan to detect where is hidden the worm into your hard drive partition C.
It's possible you already deleted the memory tag which belong's to the trojan itself, then of course the file is not dangerous anymore, but still there....

The thirty-second fix. Go to control panel, add/remove programs, and uninstall Helpexpress. No more trojan horse on next antivirus scan. Sounds too good to be true, but it worked for me on Windows 98.

I am anxious to see a response to Response 6. I am running Windows XP and found a Trojan Horse virus in my HelpExp program tonight.
Is this program necessary? Will uninstalling the program eliminate the virus?

I just found this last night - in fact, I was
sitting at my computer when the damn
thing loaded itself - wasn't even online!
Norton found it, but could neither
quarantine nor delete it. It gave the file
location as
C:\recycled\nprotect....something, but
when I used Tools to try to find it, no such
directory existed. I then Add/Remove
uninstalled BOTH Helpexress AND
Attune, which Norton indicated was the
program which pulled this virus in
through an update, but Norton still says
my PC is infected. I THEN used a spybot
search and destroy app that I
downloaded from a Symantec site which
said this would fix it, but it didn't find the
infected file. My PC is STILL infected, any
ideas? (I'm running Windows 98.)

Also, is Response 2 complete? I don't
understand what you mean by "copy
here," and the response does not appear
to include any instruction which actually
changes anything...

I also recieved Trojan Horse virus in "helpexp.exe" file. Norton will not let me fix, quarantine, or delete. I uninstalled it from my computer. But when online, certain links on various pages causes site to "freeze" and I must re log-on. It happens mainly on javascript files. Are the 2 problems related? Thanks

P.S. Also getting a lot of ISTBar errors. Then Internet Explorer must shut down....

I finally fixed it last night! I did the registry
edit "fix" to get rid of all the alset and
helpexpress keys, but that didn't work.
Then I took another look at the directory
for the infected file, and after doing some
research, realised that the file HAD been
deleted, but - because Norton Antivirus
creates a sort of buffer limbo for deleted
files - it was STILL on my hard drive. So I
emptied out my Recycle Bin and, for good
measure, used Norton's Wipe It feature,
and voila, no more Trojan Horse! So, the
moral of the story is, even though you use
Add/Remove to get rid of programs, their
files may still be on your hard drive.

BTW, if you read about extended
applications of Norton Antivirus and the
definitions of virus, worm, and trojan
horse on the Symantec site, you will see
that Norton isn't supposed to be able to
quarantine or delete trojan horses.
Apparently, Norton can only do so for
PARTIALLY bad code, not for a file that
consists entirely of bad code. This makes
no sense to me - if I slice an apple in half
and see a rotten spot, I cut it out; if I slice
it in half and find it's all rotten, I throw it
away. How hard is that? Especially if you
have a constantly updated list of what
constitutes "rotten." Nevertheless, Norton
is unable to deal with trojan horses, so
don't feel upset and frustrated as I did
when it doesn't work for you, either.

Some Trojan Horses were extremely malicious and cause many serious damages to the system files. While most virus scanners (NAV, McAfee VS et al) detect and delete them, however it's almost impossible to determine if the malicious virus still remaining or not on the entire O/S. In many several cases, it's strongly recommended to format the disks and re-install Windows to prevent a wide spread infection of your PC. But if you've previously created a Norton Ghost image or partition, you can restore the system to the last good known configuration by opening the GHO executable file from your "remote" disk or Flash USB storage device. After restoring Windows to the last known good system configuration status, Norton Ghost will prompt you to restart your computer. So t'was done. A message should appear now on the bottom of the screen: "New Device Installed. Your new device was now installed but might not working until you reboot." Reboot the computer. Enjoy!

The Other day i was on my computer and all of a sudden the Pc turned off, so i ran Norton AV and it had detected a virus, Called Trojan Horse.
I deleted the file but still my Pc turns off? i even tryed downloading a patch or even software against this virus but the pc then crashed everytime i turned it on, i then had to re-boot the system, but still the same thing happens, can anyone help me?