trojan horse

Discuss general web development questions. Help others and get help from others.

Moderator: kfury77

trojan horse

Postby vusigaga » Tue Feb 01, 2011 11:48 am

How do I permanently remove a trojan horse from my computer? I have Avast! antivirus and it says that I have a trojan horse. So I quarantined it since that was the recomended action. The file name of the virus is nwinnldt.exe and the description is win32:downloader-ib[trj]. The antivirus quarantined kerell.dll, winsock.dll, and wsock32.dll along with it. Everytime I restart my computer the antivirus tells me that the same trojan horse is back in the same location. How do I remove it?
____________________________
Last edited by vusigaga on Fri Feb 04, 2011 7:19 am, edited 1 time in total.
vusigaga
 
Posts: 1
Joined: Sat Jan 29, 2011 7:32 am

Re: trojan horse

Postby mapleleaf » Tue Feb 01, 2011 6:54 pm

vusigaga wrote:How do I permanently remove a trojan horse from my computer? I have Avast! antivirus and it says that I have a trojan horse. So I quarantined it since that was the recomended action. The file name of the virus is nwinnldt.exe and the description is win32:downloader-ib[trj]. The antivirus quarantined kerell.dll, winsock.dll, and wsock32.dll along with it. Everytime I restart my computer the antivirus tells me that the same trojan horse is back in the same location. How do I remove it?


This is like going to the doctor and telling him/her that you are sick.
If you donot tell where when,why then how can a doctor provide the treatment.

You fail to indicate
    1. the name of the trojan
    2. what file appears to be the cause
    3. eliminate the possibility of a 'false positive'
    4. used another virus scanner to duplicate result
    5. check for a possible 'root-kill' presence
    6. checked the registry for its presence

It is simply a matter of 'tli' as opposed to 'tmi'

tli = too little information
tmi = too much information

I do suspect that the issue may lie in your registry and it is therefore prudent to give as much as possible information.
For the most part this type of an infection is created by a configuration entry in the Windows Registry in order to make these programs start when your computer starts.
Thus, it will reappear again and again if it is not removed from the registry. Therefore, by giving the name of the infected file one should also search the registry for any of its entries.
However, and please note playing with the registry can have disastrous consequences IF it is not done properly.

I suggest get help from someone that knows how to handle the registry.


mapleleaf

http://www.mirana.net
User avatar
mapleleaf
 
Posts: 121
Joined: Thu Oct 14, 2010 2:21 am
Location: Ashcroft, BC Canada


Return to Web Developer Talk

Who is online

Users browsing this forum: No registered users and 1 guest

cron