I have been searching the net for almost 1 month now trying to find a answer on how to get rid of it!I guess I found it the day after I received my comp. back from loaning it out. Becuase I have AntiVir6.0,Spybot Search and Destroy,and SpyBlaster on this comp and set to scan on start up. And Supposedly AntiVir6.0 is supposed to be running in the background helping to prevent infections. Well I can see how well it was prevented. All 3 programs are free with online updates and for the most Part The first 2 are the better ones.
Mine was in the temp folder as well and I deleted cookies , deleted all offline and temp internet files, and all information as to where has been on the net trying to get rid of it. And went into the windows program and deleted the Temp folder, I have a regestery cleaner that works great! in the Spybot search and destroy program that repaired 6 infected regestery paths from TR\Dldr.Bety.A but can't seem to get rid of this trojan. It hijacks my browser to other pages it slows downloads of pages and I get continual pop ups even though I have Googles Pop up killer on ( and yes It does a very good share of Killing the Pop ups) It wreaks havoc on trying to read mail, by clicking on subjects to read // It hijacks the browser and takes you to other pages and when you get back to what you were doing it trys again but takes you to a unknown page and you have to back up, And it takes several minutes to work the scroll button after everything is supposedly done loading, This lil computer Thankfully is not my main computer but its still a good one I do alot of html and web page design on it. I know where I got the trojan but have yet to be able to block all of the url's Oh and it hijacks the browser to "We know your home page has been changed and you have a trojan on your system Download this program and it will be cleaned up". A Pop up page, I don't think so not that stupid! And about 1 out 10 pop ups are of Porn sites. I allowed a friend of mine to barrow this comp for about a week while his was in the shop and when I got it back I have all kinds of porn site url's in the regestery. Now I know why his comp. is in the shop!!! Most Porn sites put a string of malice code together and if you continually visit more and more they infect your system with malice softwars and codes to make trojans.I have reformatted (EEEWWW Bad word ) this comp allready and it is still there!! AntiVir6.0 has detected a trojan TR\Dldr.Bety.A and has deleted it but it keeps poping up, I'm beging to think its a permanet resident in this comp now.

Life isn't measured by how many cups of sugar it takes to sweeten up your friends but by how many friends are still alive after they eat your cooking!

Hey Nightrider, youve had some fun, huh? You said you have reformatted. Before you did that, did you run FDISK /MBR ? Lots of that junk hides in the master boot record and that's the only way to get rid of it. ALso, have you run HijackThis? It may show where more of the files are. Also, don't overlook using google to find others with the same trojan. It can be cleaned up, it just takes time. And, of course, not loaning your PC out. LOL

Hope this helps. Bob :)

Try this.
https://onesecond-128.bit-encryption.net/swatitdownload.html

Per )ok I downloaded the swatit and slowly went thru each folder on this system and checked it for viruses and it said there was no trojans, I ran it thru my c drive , I ran it thru the windows programs and everything else i could think of and it said 0 trojans ok kool i shut it down last night and rebooted this morning and it went off on its usual browser hijacking and Vir6.0 popped up with this: C:\WINDOWS\TEMP\DRTEMP\THNALL2C.EXE
Is the Trojan horse TR/Dldr.Bety.A
The file has been moved to the quarantine directory.
no further action has taken place
I went to temp folders and the drtemp foldrs and found a version of it in the cookies section deleted it and rebooted and its still saying same thing even if there is no file on this comp. anymore with that name.
So no it didn't work thanks for the thought.

Life isn't measured by how many cups of sugar it takes to sweeten up your friends but by how many friends are still alive after they eat your cooking!

PC BOB no I didn't I didn't even know of that lil tid bit , so does this mean i will have to do that and then reformatt again ?

Life isn't measured by how many cups of sugar it takes to sweeten up your friends but by how many friends are still alive after they eat your cooking!

You may have to turn off system restore and run it. It may be hiding in there. Don't forget to turn it back on.

Uh Guys that has been off for almost 2 weeks now.(It is recommended that only advanced users and system administrators change these settings "box is checked" for Disable system restore)

Life isn't measured by how many cups of sugar it takes to sweeten up your friends but by how many friends are still alive after they eat your cooking!

yes I just turned it back on and rebooted and the first thing I saw was C:\WINDOWS\TEMP\DRTEMP\THNALL2C.EXE
Is the Trojan horse TR/Dldr.Bety.A
The file has been moved to the quarantine directory.
no further action
So no the trojan doesn't look like its leaving anytime soon.

Life isn't measured by how many cups of sugar it takes to sweeten up your friends but by how many friends are still alive after they eat your cooking!

Try BHODEMON from google.

C:\Windows\System (trgen.dll-trgen5.dll) Trojan?I downloaded BHODEMON and this and 2 for google toolbar came up, trgn5.dll is unknown and I can't disable it. I even tried to delete it and was told "unable to delete desired dll it may be in use"
Next lol

Life isn't measured by how many cups of sugar it takes to sweeten up your friends but by how many friends are still alive after they eat your cooking!

Have you tried all in the safe mode? Also search in the registry for them. Also HJT here.
http://www.hijackthis.de/index.php?langselect=english

Have allready tried hijack this lol Like I said in the first string I have been on google for awhile looking to kill this :\Windows\System (trgen.dll-trgen5.dll) Trojan? I can't go into safe mode becuase I use a usb mouse and it doesn't work in safe mode allready tried that one,And neither does the cursor buttons

Life isn't measured by how many cups of sugar it takes to sweeten up your friends but by how many friends are still alive after they eat your cooking!

Usually a usb mouse comes with a ps2 adapter.

Usually but not in this case lol But I no longer have the browser Hijacking thanks to the BHODEMON I disabled the bho and havent had any more trouble with that but I do still have the BETY.A trojan

Life isn't measured by how many cups of sugar it takes to sweeten up your friends but by how many friends are still alive after they eat your cooking!

Have you tried trendmicro.com and run housecall?

I just found this site. Supposed to be one of the best. http://www.ravantivirus.com/scan/indexie.php