» Security » Virus »

Trojan Downloader & Spyware (10 posts)

Gavin Mott Posted 7 years, 10 months ago Joined: 12 years, 5 months ago

Every time I open up Internet Explorer my anti-virus software warns me about a Trojan horse Downloader.Agent.BF.

After I run the virus scan and remove the virus everything's okay until the next time I run IE when the same thing happens.

Also, when I open up IE, my homepage has been hijacked to this: res://svwzh.dll/index.html#96676

I've also run Spybot Search & Destroy and it got rid of a lot of stuff, but when I look in Add/Remove Programs, I've noticed the following programs:

Home Search Assistant
Search Extender
Shopping Wizard

When I try to remove/uninstall these, I get the following message:
Unable to open "http://looking-for.cc/uninstall/HomeSearchAssistant.html"

I don't know a huge lot about these things, and I'm not sure if the Trojan horse and the Spyware are one and the same. What I'd like to know is how to permanently remove them from my system, since both my anti-virus software and anti-spyware software seem unable to do so.

Dick Tracy Posted 7 years, 10 months ago Joined: 12 years, 5 months ago

Re: Trojan Downloader & Spyware

Gavin,

Open Windows Explorer (NOT IE) and search for suspicious-looking folders or folders containing the files and delete them there. This should solve some of your problems. When you restart your machine, go into the Add/remove programs and select remove. You should be presented with a message that the program is not found and asks if you want to remove it from your list. Click 'OK' and the program should then be completely removed.

I would then do another scan of your system to see if any of these nasties are still present. I would believe that they should not appear.

Hope this helps you resolve the issue.

Roy Smith Posted 7 years, 10 months ago Joined: 12 years, 5 months ago

Re: Trojan Downloader & Spyware

Hi Gavin,

Have you visited your Anti Virus software provider's web site and searched for information on the trojan? They may have a removal tool available and instructions on how to use it or on how to manually remove the trojan.

How to do it will depend on the trojan and what operating system you have, so I can't be specific. But typically it may involve downloading the tool to a floppy and booting from the floppy and following prompts and then restarting. Or it may involve disabling System Restore and starting in Safe Mode, before editing the registry.

As to the home page being hijacked, you can reclaim the page you want by editing the registry. Best do this after removing the trojan, etc. In Windows XP Click Start > Run and type regedit and Enter. Browse to HKEY_CURRENT_USERSOFTWAREPolicies MicrosoftInternet ExplorerControl Panel.

Then, in the right panel look for a DWORD called Homepage (you may need to create it if it doesn't exist), right click, select Modify and enter the URL of your desired Homepage.

You can also prevent malicious programs effecting changes through IE's Tools, while still being able to change things yourself through the Control Panel.

This time go to HKEY_CURRENT_USERSOFTWARE Policies MicrosoftInternet ExplorerRestrictions. Create or edit a DWORD value named NoBrowserOptions, right-click, select modify and set the value to 1. After this change selecting Options from the Tools menu in IE will result in an alert saying that this has been disabled.

Hope this helps and best wishes in removing the trojan.

Roy

Anonymous Posted 7 years, 10 months ago Joined: N/A

Re: Trojan Downloader & Spyware

Fist thing first, if you are mucking around in your registry keys - make sure that you back it up. Just in case. If you type in wrong entries or delete the wrong key, then disaster looms.

Now, I suspect that these spyware and trojan are embedded in those registry keys. You will need to find out about each spyware - google for results or see if the search engine in your anti-virus, anti-spyware, anti-trojan software manufacturer has any information about them. Thats why when you delete these apps from the Remove Programs in Control Panel, it just reappears next time.

You could search thru your files for any of them containing those names of these spyware/trojan but simply deleting those files won't be enough to clean your system. These spywares embed itself in numerous places so you won't get them all - and they have unrecognisable file names. Again be careful what you delete.

Charmianne Dempsey Posted 7 years, 10 months ago Joined: 12 years, 5 months ago

Re: Trojan Downloader & Spyware

The advice from both Dick and Roy is very sound and well worth following. I just have one additional suggestion. You may have acquired this thing as a side effect of installing some kind of software (I installed Incredimail once and got stuck with IGet, and got the MySearch toolbar,and whatever else, from another freeware app) so have a think about when you started having this problem and whether it was around the same time as running some new program.

It may keep reappearing while you have the offending program running, so you may have to uninstall something else first. I'm sorry I can't be more specific, but it just sounds like something that happened to me once.

You could try Googling the trojan name and you may get information on how it could have appeared as well as finding a fix.

Joe Gellatly Posted 7 years, 10 months ago Joined: 12 years, 5 months ago

Re: Trojan Downloader & Spyware

Boy you need lots of luck. I had the same thing a week ago. As I remember you have to

1. Turn off System Restore
2. look in CWindowsSystem32 for a file that has todays or the date you first had the problem.
3. Run your virus removal tool.
4. Reboot in safe mode and then
5. Rename this file to .old or similar
6. Reboot to normal and
7. Go here

http://www.techsupportforum.com/forumdisplay.php?forumid=50
8. Resore System Restore.

Finally I may have got the order slightly wrong. If I can ever find the piece of paper I printed it on I will put it up for you.

john mckiernan Posted 7 years, 10 months ago Joined: 12 years, 5 months ago

Re: Trojan Downloader & Spyware

Hi Gavin!

Firstly get yourself the trial version of TDS-3 from DiamondCS web page. it is the best trojan killer available, and is fully functional for 30 days. download the current database as well.

Also get Spybot Search and Destroy(freeware), it knocks out the spyware.

If running Windows XP , you will have to disable "system restore" for the initial scan(you will lose all restore points). The programmes can then cleanse the whole system as not even your anti virus can touch the system restore files.

Do the full system scan, then enable your system restore once again. I also use tracks eraser pro 5 for getting rid of cookies-internet cache-temp internet files etc. It has a function for IE that will stop anything taking over Internet Explorer.

Regards

john mckiernan

Michelle Griffiths Posted 7 years, 9 months ago Joined: 12 years, 5 months ago

Re: Trojan Downloader & Spyware

I see you have been getting lots of worthy suggestions, but no one has asked you if you had been connected to the Internet at the time you tried to remove the 3 listed entries from the Ad/remove applet.

Many of these Applets which have been installed from the Internet while you been downloading something else or have been clicking on something, will only uninstall if you are connected to the Net. But if you are not connected to the Net then you get an error message similar to the one you have described.

This is an easy thing to try and should be the first step in the solution finding procedure. It will either work and let you remove these entries while connected to the Net. But if you still get the same error message then try all other suggestions.

Good luck

Michelle

Anonymous Posted 7 years, 7 months ago Joined: 12 years, 5 months ago

Re: Trojan Downloader & Spyware

A guide on removing this infection can be found here:

http://www.bleepingcomputer.com/forums/topict3341.html

CheettyMuch0401010 Posted 10 months, 1 week ago Joined: N/A

I don't miss to hear what doctors say, they about anything out of the mainstream is bunk. But I am intrusive if anyone has employed

this exact scour, and what they brooding of it. I appreciate that there is moot about cleaning the colon, but it sounds

like the purify fractional helps your ensemble body. Thoughts?

Post a Reply

Posting as an anonymous user (Sign in if you have an account, or register to create one)

Most Popular

What's the difference between an Intel Core i3, i5 and i7?
How do I connect my TV to the Internet?
Samsung Galaxy S III vs. HTC One X: Head-to-head
Apple iPad 2 vs Samsung Galaxy Tab 10.1: Tablet showdown
Nokia smartphone buying guide

Plan Comparison

Prev Next
Loading...
Deals powered by WhistleOut

Best Deals on PCWorld

Mobile PhonesView all »
NotebooksView all »
TabletsView all »
Printers & ScannersView all »
Networking, Wireless & VoIPView all »