VIRUS Trojan Horse DOWNLOADER removal

  mikemike2004 18:38 01 Oct 2007

Dear all,

Today, I had a rare moment of being a naibe internet surfer, downloaded an mysterious .exe file and thought 'what the heck' and installed it. Quite regretfully, it was a fully functioning trojan and so I found myself in deep trouble. I have scanned my PC with Norton Antivirus 2005(fully updated and functioning) but all it does is deleting all the adwares that the virus downloads to my PC but not the virus itself.

I have tried deleting all the temporary files, cookies..etc. and it doesn't help.

FUnny thing I notice is the virus comes alive only when I open up my Internet Explorer because my Norton Antivirus would say it blocked three malicious files in a steady interval if my IE is opened.

Question is, HOW DO I GET RID OF THIS VIRUS without having to format my drive?



  beynac 19:05 01 Oct 2007

It's hard to say how best to get rid of it without knowing what it is. However, it would be worth installing AVG Anti-Spyware and running a scan.

click here

Make sure that it is updated, then click on the Settings tab and select "Quarantine" under "How to act?".

  mikemike2004 19:12 01 Oct 2007

I have already installed the AVG anti-spyware before posting this thread. All it did was finding and deleting the malicious softwares downloaded on to my PC by the damn virus...sigh

  chocolate cake 19:18 01 Oct 2007

It might seem daft but, does the trojan appear in add/remove programs at all.

  FreeCell 20:13 01 Oct 2007

Try click here anti-rootkit
(Note this is not AVG antivirus)

Run Hijack This
click here

and register on the forum and post results hereclick here

  mikemike2004 07:22 02 Oct 2007

I've ran the anti-rootkit, nothing found. Ran the Hijack This programme as well. One symptom I notice is the virus keeps creating new BITXXX.tmp files in my C:\WINDOWS\TEMP directory. I also notice that my registry has been infected or tempered with. WHAT CAN I DO!? PLEASEEEEE

  Probabilitydrive 09:50 02 Oct 2007

You could try a system restore (use 'safe mode'). Without knowing what exactly you might have on your system its impossible to give you an easy 'click here and its sorted' answer.

Best shot is to follow FreeCells advice and post your Hijack results in their forum. Be patient and wait till one of the guys guide you through a thorough process of analyzing and removing potential nasties.

Be prepared to spend some time doing that.

  FreeCell 11:44 02 Oct 2007

BITXXX.tmp files can also be created by auto-updaters so may or may not be sign of a virus.

The symptoms of a virus should be contained in your Hijack This report but interpretation can be difficult which is why it's best to post in one of the specialist forums. People will then direct you to download software that will remove any specific virus you may have.

As Probabilitydrive says, be patient and follow the instructions given. Virus writers don't make them easy to remove.

  mikemike2004 18:44 02 Oct 2007

Norton Antivirus2005 detects and deletes BITXXX.tmp files everytime I open my browser and internet connection. It says it has detected a virus called Downloader and the file has been deleted. However, that message pops up 1,000,000,000,000 times, it's annoying... By the way Freecell, how long do they take to reply my post on the site you gave me because I've submitted my HijackThis log file on the site but no response so far. Worried my post might get pushed to some unknown page and won't be read.


  Probabilitydrive 19:01 02 Oct 2007

Hmmm, shouldn't take too long. However, this site click here
will deal with your Hijack log as well.

Generate a fresh log and post it there.

  Probabilitydrive 19:10 02 Oct 2007

As an afterthought. Its always good to have some idea what your Hijack files are. Copy and paste your file click here and you get an idea. (Use it only an an information tool !!)

I strongly recommend not to start deleting anything based on the analysis. Leave that to the helpful people who guide you through a cleaning process.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Dell XPS 13 9370 (2018) review

Creative studio Omnibus' brand identity for We Said Enough, a non-profit against sexual misconduct

What to ask Siri on the HomePod

Meilleurs VPN (2018)