Hello, I opened up a website in Mozilla Firefox earlier and suddenly AVG Resident Shield popped up telling me that "Virus Trojan hotse Downloader.VB.R is found in file C:\DOCUME~1\RICHTOP~1.000\LOCALS~1\Temp\2xy3hnoa.exe" and to run AVG to remove the virus. So that's what I did. I ran a complete scan in AVG, and my virus database is up-to-date, and absolutely nothing was found. A bit strange considering it alerted me of the trojan the second I obtained it. After this I ran a virus check in 3 anti-spyware programs and 2 other anti-virus programs, and still nothing found. There are no new processes running that I can see, and like the many other variants of the 'Downloader' trojan I've had, everything seems to be okay with my computer (but I still hate the idea of having something like this on my computer, whether it isn't working or not!). I am running on Windows XP and my system restore has been turned off for a week. Any ideas on how I can remove this trojan?

hi topper, lets try this to see if you do indeed have that trojan: go to your start button and go to Run in your Win xp box. hit Run, and then type in the word "command" (without quotes), a box will open up and where you see the cursor flashing, type in "netstat -an"(without quotes). you will then see it open up with the title of active connections with 4 columns: proto, local address, remote address(foreign address), state. if there is anything in the remote address column, then you should make note of the address and port in the remote address section, if it says established in the state column, you may have some trojans. next go to www.thepublicworks.com, security section, and link to Tantalo Ports, put the port number you noted down and click on search. it should tell you if you have a trojan, and where to find info on it. if you are trojaned, get the latest anti-virus, anti-trojan, spybot, and adaware definitions. next: since you disabled your system restore, you have flushed out your restore folder of all virii, and other malware. then.... go to safe mode, and scan your machine with the scanners, make note of and delete all files they come up with. next: delete everything in your cookie folder, recent folder, .tmp files in your temp folder, and everything in your temporary internet folder, and also clean your recycle bin. reboot your computer into normal mode and do a search for those files and delete them. also check your task or process list by clicking control alt delete and end task on any file you find that are in the list you noted. re enable your system restore. all the best, murve

Topper, Do you have the link to the page which caused the prob? I wonder if a script created the exe on your drive. It's odd that AVG is giving you truncated directory names, as in "C:\DOCUME~1\" but that's a separate issue. As to deleting the exe, how about: del 2xy3hnoa.exe ### Murve, Good stuff. This link: http://www.tantalo.net/ports did a meritorious 'not found' I'll try later. M2

At the moment I am unable to try these methods but I will get around to it very soon, and I definitely appreciate the help. The website that caused AVG Resident Shield to pop up with the virus alert was www.letssingit.com, a lyrics website. Obviously I wouldn't suggest going there!

Hi, No, I wouldn't send anybody there either. I'll check it out. I looked at it. Nothing obvious. If anybody wants I can post the source. M2

Does anyone know what this Trojan does, is it a keylogger? Thanks.