Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
A recent scan with norton showed that i have a Trojan Horse (type not specified). It is in my sys32 folder and has a cryptic name zqxcgr.exe r. Norton will not quarantine or delete it. (???)! I followed the instructions on the symantec website to remove a Trojan Horse - update anti-defs, turn off system restore, restart in safe mode, scan, delete infected file, enter regedit and delete infected file in system registry, clear temp internet folder including offline content, exit, and restart in normal mode.
With this process i always find the infected file in the sys32 folder and i delete it. However, whenever i restart my computer i get another Trojan Horse alert on start up and it is always in the sys32 folder but with a different cryptic name (such as gwspzns.exe r, or wborci.exe r, or jhykve.exe r, etc etc). The thing keeps reappearing with a new name everytime i restart and i can not seem to get rid of it.
What am i doing wrong? is there some trojan program running somewhere in my system that i am unaware of? And how did this get through to my computer even though my anti-defs are current and the computer did recognize and classify it as a virus?
Someone please please help. i am tired and exasperated and at a loss.
any advice is much appreciated
eden
Have you run msconfig to see what is running on startup? If not, check that out. If you are not sure what is suppose to start up in msconfig, then post back the programs that are starting up.
0 
You dont have a trojan/virus, yours is spyware. Do a search for a file called nail.exe or aurora.* If you have one of those then do a google search or search this site for removal istructions. These can be a B!TCH to get rid of as they randomly change names every time you delete it. if you have these and do a google and go to a site that says it can fix it with pctuneup, run away as fast as you can as this makes it worse. I got this one when it frst came out when there were no tools for it.
0
Thank you so very much Dave and Mike.
You are right, i have noticed that an irritating aurora pop-up has started appearing when i first log onto the internet and i can't seem to block it. I will do as you suggest (your caution noted) and will let you know if it works.
Thanks againeden
0
If you have a second computer available:
Load it up with as many spyware removal and anti-spyware tools that you can get. Make sure they are updated.
Make sure the infected pc does not have anything fish in the startup folder or other startup/boot areas.
Attach the HD in the infected PC as a slave in the second, then scan it with everything you've got.
> PLEASE CONTRIBUTE to Computing.net - Report back which suggestions did/didn't help. <
0
If Norton can't delete or quarantine something, this is what I do:
You'll notice that Norton specifys where it found the file? You can just browse there in explorer and just try to delete the file yourself. 9/10 times that normally works.
AMD Athlon XP 1.8GHz
1GB RAM
120GB HDD SATA
GeForce 4 Ti4600 128MB
Nvidia nforce2 chipset w/ soundstorm
Pioneer DVD/RW
ABIT NF-7S Rev 2 Motherboard
0
Thanks to everyone who responded to my problem. I took your advice and perused your site to find out what could be done to get rid of aurora. Since it kept 'rebirthing' after each delete, i ended up having to run spybot S&D, nailfix, cclean, ewido, and HijackThis (from spywarewarrior) and that finally got rid of it. Phew!
My thanks to computing.net and all you savvy ones helping. I am very grateful.eden
0
You may want to post your recent log
over there, just to make sure you did not miss anything.I see you need to visit windows update or
you will keep getting these problems.
0
thanks again. throughout all this i discovered by windowsxp SP2 had been disabled (???) and would not reinstall. microsoft has since fixed the problem and i am once again updated and currrent. will post a new log as you suggest just to be sure i did not miss anything.
eden
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
