Hi, I'm a complete novice so bear with me. I'm pretty sure I have a Trojan on my pc - I run windows xp. I can't access msn sites, hotmail, my norton antivirus refuses to run, can't get windows updates etc.Downloaded a free antivirus product and it finally found 'trojan tr/forten.java.2'but couldn't get rid of it. My problem is that I'm not too hot with computers, can't get my antivirus to zap it and don't seem to be able to download exe files either. Anybody help?

Hi, your trojan is an alias for Java Byteverify A Try to download update and run the following free programs Spybot S&D CWShredder Trojan Remover http://spybot.safer-networking.de/ http://www.simplysup.com/tremover/download.html http://www.spywareinfo.com/~merijn/ If all this doesn't help download Highjack This from site above,scan your pc and post the log on this board

Hi, Thanks that's extremely helpful - ran both spybot, which found loads of things and deleted them) and cw shredder (worked but didn't find anything) but still no access to msn sites, hotmail etc so I guess it's still there: Trojan Remover just didn't find it (?) The log you recommend I post is here: Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\AVPersonal\AVGUARD.exe C:\Program Files\AVPersonal\AVWUPSRV.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Real\RealPlayer\realplay.exe C:\Program Files\Winamp3\winampa.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\AVPersonal\AVGNT.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Gsp\Gspmenu.exe C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.exe C:\DOCUME~1\Default\LOCALS~1\Temp\HijackThis.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.40.21.68/search.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://66.40.21.68/search.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.netscapeonline.co.uk/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Future Publishing R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.uk.netscape.com/keyword/%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.254.32.4:8080 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.exe /min O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: Lotus SmartSuite Release 9 Registration.lnk = C:\lotus\register\remind32.exe O4 - Global Startup: GSP Menu.lnk = C:\Program Files\GSP\GSPMENU.exe O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2B17BAB1-C6F9-40A9-9AF0-3B1F2DB2C7E7}: NameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CS1\Services\Tcpip\..\{2B17BAB1-C6F9-40A9-9AF0-3B1F2DB2C7E7}: NameServer = 194.168.4.100 194.168.8.100 Hope this means something to you! Thanks again

Hi i just started to learn to read this HT logs and am not sure which ones to "fixed checked" However before the real tech wonders start to answer i can tell you this :following 2 lines looks suspicious R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.40.21.68/search.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://66.40.21.68/search.php Run HT again and check this O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup I didn't found what Gsp is but if you recognize it,the following lines should be ok C:\Program Files\Gsp\Gspmenu.exe O4 - Global Startup: GSP Menu.lnk = C:\Program Files\GSP\GSPMENU.exe Much is to learn from the HT tutorial http://www.spywareinfo.com/~merijn/htlogtutorial.html And make sure your windows version is ip to date

Gsp is known to me; well not known but it's ALWAYS been there so I guess it's fine. The O2 line doesn't give much away when I checked it (but then I don't know what I'm looking for), when I checked O4 the result looked a bit more ominous (but again without it saying 'delete me!' in bright red letters I'm none the wiser) You've been super helpful though, if anyone can complete this riddle I'd be really happy

Help uninstalling new.net How can I fully uninstall the New.net plug-in? To uninstall the application, please follow the steps below: 1. Click on Start. 2. Select Settings. 3. Click on Control Panel. 4. Double-click on the Add/Remove Programs icon. 5. Select the New.net Application. 6. Click on the Add/Remove button. 7. Once the program has uninstalled, click on the OK button. After completing all of these steps, please reboot the computer. This will have removed the New.net application from your system. The above steps will fully remove the New.net plug-in. However, the Windows operating system will retain a record that the New.net plug-in previously had been installed on your computer in "C:\Windows\Downloaded Program Files." This file is harmless, but can be removed by following the steps below: 1. Click on Tools. 2. Click on Internet Options. 3. Under the General tab, click on the Settings button. 4. Within the Settings window, click on the View Objects button. 5. Within the Downloaded Program Files window, locate and delete Tldctl2c Class. 6. Close the Downloaded Program Files window. 7. Click on the OK button within the Settings window. 8. Click on the OK button within the Internet Options window. 9. Close Internet Explorer. More info; http://www.cexx.org/newnet.htm

Thanks for that, for some reason it isn't in either place, I'll keep looking!