Page 1 of 1

trojan horse

PostPosted: Tue Feb 01, 2011 11:48 am
by vusigaga
How do I permanently remove a trojan horse from my computer? I have Avast! antivirus and it says that I have a trojan horse. So I quarantined it since that was the recomended action. The file name of the virus is nwinnldt.exe and the description is win32:downloader-ib[trj]. The antivirus quarantined kerell.dll, winsock.dll, and wsock32.dll along with it. Everytime I restart my computer the antivirus tells me that the same trojan horse is back in the same location. How do I remove it?
____________________________

Re: trojan horse

PostPosted: Tue Feb 01, 2011 6:54 pm
by mapleleaf
vusigaga wrote:How do I permanently remove a trojan horse from my computer? I have Avast! antivirus and it says that I have a trojan horse. So I quarantined it since that was the recomended action. The file name of the virus is nwinnldt.exe and the description is win32:downloader-ib[trj]. The antivirus quarantined kerell.dll, winsock.dll, and wsock32.dll along with it. Everytime I restart my computer the antivirus tells me that the same trojan horse is back in the same location. How do I remove it?


This is like going to the doctor and telling him/her that you are sick.
If you donot tell where when,why then how can a doctor provide the treatment.

You fail to indicate
    1. the name of the trojan
    2. what file appears to be the cause
    3. eliminate the possibility of a 'false positive'
    4. used another virus scanner to duplicate result
    5. check for a possible 'root-kill' presence
    6. checked the registry for its presence

It is simply a matter of 'tli' as opposed to 'tmi'

tli = too little information
tmi = too much information

I do suspect that the issue may lie in your registry and it is therefore prudent to give as much as possible information.
For the most part this type of an infection is created by a configuration entry in the Windows Registry in order to make these programs start when your computer starts.
Thus, it will reappear again and again if it is not removed from the registry. Therefore, by giving the name of the infected file one should also search the registry for any of its entries.
However, and please note playing with the registry can have disastrous consequences IF it is not done properly.

I suggest get help from someone that knows how to handle the registry.


mapleleaf

http://www.mirana.net