Trojan Horse Downloader.Generic2.GHN

[Shad]

Google Brings up nothing about this.

It effects 3 files which i keep deleting from c:\recycler which moves them to the System Volume folder.... fine, reboot in safe mode and remove them. GONE.

Then as soon as anyone uses Internet Explorer they apear again, obviously the virus is still sitting somewhere ready to launch when IE is used, but anyone know where.

I scan with AVG which brings up these

C:\System Volume Information....... Virus Found Win32/PEPatch Infected, Embeded Object
C:\System Volume Information....... Trojan Horse Downloader.Generic2.GHN Infected, Embeded Object
C:\System Volume Information....... Virus Found Win32/PEPatch Infected, Archive

Also handy to mention that Symantic does not pick this up when scanning. Like i say, i delete these files but then they re-apear when IE is launched

Can Anyone Help ??

 

[Peddant]

Go HERE follow the instructions,and post an HJT log in the Security forum.

Use Firefox or Opera as your main browser,in future.

 

[Shad]

HJT log ???? i cant use firefox or Opera as this is the company computer

 

[Peddant]

HJT stands for Hijackthis.It`s a program that shows you all the processes
running on the computer.All the info you need is in that link.

Tell your IT people,that if they force people to use the least
safe browser,then they`re not very good IT people.

 

[Shad]

there are only about 5 people who actually use it, so theres not much need for confusing people

 

[howard_hopkinso]

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Run a full system scan and delete whatever is found.

Reboot into normal mode and turn system restore back on.

Go and read this thread HERE. Post a HJT log into this thread, only after doing the above.

Regards Howard