Need Help To Defeat a Trojan

Custom / CUSTOM
March 26, 2009 at 16:41:55
Specs: Microsoft Windows XP Professional, 2.999 GHz / 3582 MB
I have been struggling with a trojan for two days now. I would normally just reinstall a fresh copy of windows but the virus really got a hold into my computer. Here are the symptoms:
I cannot paste anything (copy =>paste will not not for anything, files or text)
Windows Explorer has reverted to classic style, All other themes have been deleted.
The task bar doesn't show up when I start my computer, I can see the top of it but cannot drag it up to make it visible. It is not locked. I can make it visible by getting to the task bar properties checking then unchecking "Show Quick Launch". Also no programs running show up on the task bar.
I cannot install Windows SP3, which might fix the problems, but everytime I try it has a Cryptography error.
I cannot start any services (hence the cryptography error) when I do try and start it says missing needed files, or something along those lines.
I am unable to install many programs, I tried to install: Malwarebytes' Anti-Malware, since I read on a site that it might help. When I try to run it,it says "Failed to load control Vbalgrid, from vbalsgrid6.ocx, and it goes on from there.

I have Kaspersky Anti-Virus running, which found it when it was running gave me the option to stop, which I said stop and quarantine, but it still managed to load.
I would copy and paste the log but paste doesn't work(see above)
The virus infected the files:

Kaspersky recognized the virus as: Trojan.Win32.patched.aa

As Well as tons of registry values

I had a old backup of the registry which I used to fix the registry values.
Also, I used windows recovery tool to copy all of those files from the servicepackfiles folder to replace the files corrupted.
However all of my attempts have lead me nowhere.

I am looking for any suggestions on what anyone thinks should be done.
Thank you for your time,

See More: Need Help To Defeat a Trojan

Report •

April 8, 2009 at 06:11:19

collect a SVCHOST.EXE from a working XP computer with the same service pack.

Reboot the problematic computer in safe mode (F8 during boot) and replace SVCHOST.EXE with the one previously collected.

Then reboot in normal mode, and repeat a full scan of your system with an updated antivirus software.

Good luck ;)


Report •

April 8, 2009 at 07:22:16
Thanks for the reply. I actually already tried something like that. I used Windows recovery tool to replace my SVChost/explorer/winlogon/plus a few others with copies from my CD. This however did not work. I think it had some kind of start-up script that corrupted the files every time windows started.
I actually ended up fixing the problem by doing a repair install of windows and that fixed 95% of the problems.

Report •

Related Solutions

Ask Question