After reformatting Trojan is still there

[hero182]

I reformated my computer and i still have the trojan virus. Can anyone help me? I reformatted my computer then install AVG then AVG's resident shield pop up with

Infection: Trojan horse BHO.GKO
Object: C:\windows\system32\sw20.exe
Result: Moved to Virus Vault
Object Type: File
Process C:\WINDOWS\system32\MRT.exe

then i tried another reformat and the same thing poped up. So i left it to avg and heal it. But soon after another trojan popped up when i havn't done anything.

Threat name Trojan Horse BHO.GKO
Process Name: C\Program Files\Spyware Doctor\pctsSvc.exe

so i click heal and I scanned again with avg and nothing came up but as avg was done scanning it froze..
can anyone tell me how to fix this??

 

[kimsland]

Instead of "formatting"
Please start the Windows Xp setup from CD
But when prompted regarding the Partition Please remove it
Once the partition is removed, continue installing Windows (note: Windows will automatically create a partition, and format the partition to NTFS filesystem)

Obviously back up first, as "formatting" or rather "partitioning" will remove all your data presently on the drive

 

[hero182]

i boot my computer with the window cd, then i removed the partition and set up new partition but still the same thing appears. I always do it this way but for some reason the virus is still there. Please help me. I also provide logs so can someone please see what's wrong?

 

[kimsland]

It's not possible

Unless after you installed Windows, you then either:
1. Went to a infected website, and\or downloaded infected files
2. Used an infected CD or any other infected external media
3. Had extra partitions present, that also had infection
4. Connected to an infected Home\work network
5. Received an infected email, or other download source

Please remove the Partition(s) again
Then only browse, known authentic pages, until your system has had a good Antivirus installed and updated

 

[hero182]

do you mind checking the logs to see if there is anything wrong? Because i have been reformatting my computer the whole day. The second time it happened was when it was updating window's update and when it got to window malicious removal tool the resident shield popped up with that first trojan. Because so far i used avg, spyware doctor, spybot search and destroy, super antispyware to scan and only cookies adware show up. Could it be something related to window? because the process C:\WINDOWS\system32\MRT.exe is the window malicious virus removal tool. Also the only thing i can think of is that avg may be too sensitive but i don't want to leave it at that. Because I'm very paranoid that my computer is infected by trojan. I want to be sure that there isn't any and that avg gave me a false positive

 

[kimsland]

I've read your post, and last edit
And still recommend, removing the partition and starting again

 

[hero182]

i just did some research that sw20.exe is a driver....for msi video card. Currently i am using a msi video card and saw some website say that sw20.exe and sw24.exe is a driver interface
would you still recommand me to removing the partition and starting again?
Also if the problem persist after the format what would you recommand?
sorry for all the question. and Thank for your help.

 

[rf6647]

User observation: related to D/L or execution of MS malware removal tool
and consideration that this is false indication from AV protection.

We only recognize logs from MBAM, SAS, HJT, This gives us a "normalized" view of the infection.

After viewing those logs, other tools are brought in to go deper, when indicated.

[original portion - radical idea; this has not been validated as a threat source]

Partition & reload as described by kimsland.

Configure your home network making this the only computer (connected after hard reset) using the router and/or modem.

Additionally perform hard resets on the router - this load factory defaults.
Often this means depressing a microswitch for 30 seconds.

Connect computer to the router.

Add a password to the router different than default from the brand.

Resume Updates.

(note: hard reset of ADSL modems may require ISP assisstance to re-authorize the network connection)

 

[Blind Dragon]

This is a false positive

Threat name Trojan Horse BHO.GKO
Process Name: C\Program Files\Spyware Doctor\pctsSvc.exe

 

[kimsland]

I stand corrected

You presently have two Antivirus programs installed
Norton and AVG
I would recommend un-installing both, and then download; install; update Avira free Antivirus

 

[Blind Dragon]

actually they are all false positives

Command: "C:\WINDOWS\system32\MRT.exe"
Description: Microsoft' Malicious Software Removal Tool.

Object: C:\windows\system32\sw20.exe
I am pretty sure this is from the game half-life2

 

[hero182]

so my computer is fine? meaning no trojan/virus...etc? So this means avg is too sensitive? i don't have half life 2 on my computer....I scanned with avira and only got 1 warning...

 

[hero182]

reformatted my comp again and the same thing happened again. The resident shield pop up as it was installing/downloading window's update malicious virus removal tool

 

[Blind Dragon]

yes, it is being overly sensitive

It wasn't half life 2 sorry - it's Related to Dynamic_Overclocking_Technology
http://www.hardocp.com/article.html?art=ODAwLDI=

I would venture to say that you have an MSI graphics card?