techie ppl read please....

[Don Rizzle]

ok i had a trojan which trys to steal passwords, bank info etc. called PSW.banker.AN (AVG) or PWS.kudan.A (norton), i tried everything to get rid of it but could only partially remove it and parts kept reapearing cos it was in the start up files. now yesturday i had an idea of how to remove it i had a password box open then ran avg after norton 2004 didn't detected it (wtf? i thaught it was more thorough considering it takes 3 times as long) and it couldn't heal the infected files so it put them in its virus vault. but i think they are important files! i am now worried about restarting my computer and it not working. i'll list the effected files below, what should i do?
docs and settings/startmenu/progs/startup/RUNDLLW.EXE
windows/1.exe (also had a 2.exe which wasn't detected and was created around when i got the trojan so i deleted that myself)
windows/DLLREG.EXE
windows/system32/LOAD32.EXE
windows/system32/VXDMGR32.EXE

btw forgot to say i run XP

[Throwback]

format your pc, thats what i do when i have a virus that wont go away

[Don Rizzle]

I have removed it, the problem is that the files i removed i think are important. formatting my hdd is a last resort and one i would rather not use due to the amount of stuff i would lose.

[Don Seer]

ok...


DLLREG.EXE >> definitely a baddie

LOAD32.EXE >> also definitely a baddie

VXDMGR32.EXE >> also definitely a baddie - vxd's under windows nt based OS? yeah right... just sounds bad..

RUNDLLW.EXE... this is pretending to be RUNDLL32.exe (which is legit..) ... also bad


for these kinda things just put the exe name in google.. and they show up



shit is getting out of control with virus's these days.. have had a few dodgy ones myself and had to help opti the other day as she got loooooooads.


also.. do windows update as the infection methods are often old backdoors in windows.

[Montana00]

http://www.simplysup.com/tremover/details.html

first try this. you gotta pay for it, but you can just use the free trial and then uninstall it. i used it about a year ago when i had a trojan and it worked to perfection.

If you want to change what loads at startup go to Start>run>type "msconfig" no quotes.

then click on the startup tab. Make sure only the stuff you need are checked.

and btw, norton cant remove and viruses while your on windows because windows is using the trojans. So your gonna have to boot into safemode to get rid of all the viruses. so when your computer is booting just keep pressing F8 until a little menu pops up and click on Boot into safe mode.

then do a scan.

hope that helps

[Don Seer]

not free though...

the other day while i was looking around i saw a link to one a lot of people recommended, but i dont think i saved a link though (and i'm at work now anyways...)

[Montana00]

You can download a free fully-working evaluation copy of Trojan Remover by clicking on the download link below. The program will work for a full 30 days, after which it will expire - registration costs $24.95*, which is a one-time only fee with no further charges to pay for upgrades and updates.

yea i know its a trial, but all you only need it once.

[Don Rizzle]

thankyou everything is sorted except a couple of registry changes which i'm doing now.