# trojan horse virus

By bolun · 12 replies
Apr 3, 2006
1. i have avg 7.1, and when ever i start up my comp, it says that i have a virus:

i click on heal, and it says it healed it succesfully, but when i restart again, still there. i did the Trend Houscall online scanner, but it showed up nothing.

what should i do?

2. ### PeddantTS RookiePosts: 1,446

Hi bolun,and welcome to Techspot.

You have to do all scans in safe mode otherwise it will always return.

Here is the official Techspot malware thread - http://www.techspot.com/vb/topic30213.html

Follow the steps exactly and post an HJT log (all instructions in the thread)

3. ### bolunTS RookieTopic StarterPosts: 18

for the link you gave me, do i follow those steps in safe mode? Because it doesn't say anything about safe mode in there.

5. ### howard_hopkinsoTS RookiePosts: 24,177   +19

Hello and welcome to Techspot.

Go HERE and follow the instructions.

Then post a fresh HJT log, only after doing the above.

Regards Howard :wave: :wave:

6. ### bolunTS RookieTopic StarterPosts: 18

alright did all that in safe mode, and i turned system restore back on.
avg still detects the virus at startup.

i attached a log file after done all that.

7. ### howard_hopkinsoTS RookiePosts: 24,177   +19

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel. Uninstall anything to do with(if there).

C:\Program Files\??pPatch

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

rundll32.exe

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135396918\ee\AOLSoftware.exe

O4 - HKCU\..\Run: [Cafdy] C:\Program Files\??pPatch\rundll32.exe

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold file(if there).

C:\Program Files\??pPatch\rundll32.exe

Reboot into normal mode and turn system restore back on.

Get yourself some antivirus protection and a firewall.

AVG free and Zonealarm free are very good. Just Google for these.

Regards Howard

8. ### bolunTS RookieTopic StarterPosts: 18

Thanks a lot, my system is fine now. I appreciate it. I was just wondering, how do you guys know all this? Did you learn it from somewhere? or is it just from experience? Like how can you pick out exactly whats bad from the log.

9. ### howard_hopkinsoTS RookiePosts: 24,177   +19

I learned an awful lot from RBS. He is one of the Techspot mods.

Youre quite right about the experience thing. You just get used to what should and what shouldnt be in a HJT log. Google is a great source of info for malware etc.

Regards Howard

10. ### SpikeTS EvangelistPosts: 2,168

It's a combination of knowledge, experience, and a question of knowing where to look if you don't know something (which then becomes knowledge and experience )

I know Howard in particular has hundreds if not thousands of these HJT logs fixed. Sometimes, he can really work miracles, and fix things just by knowing the symptoms and doing a little guess work. RBS is the same.

Me, I used to be reasonable at it, but I stopped doing them and it's as though everythings changed infectionwise these days, So I'm just learning all over again - a bit like riding a bike really. You never forget, but when you stop any length of time, you're not as good as you used to be, but will pick it up pretty quickly again, depending on how good you were before.

edit: Howard got there first - again. lol

11. ### bolunTS RookieTopic StarterPosts: 18

which virus protection is better?
AVG 7.1 Email server edition or AVG free, just for a personal computer.

12. ### SpikeTS EvangelistPosts: 2,168

AVG, because it doesn't cost anything, and it's a personal computer rather than an email server

13. ### howard_hopkinsoTS RookiePosts: 24,177   +19

I only use the free version and have had absolutley no problems. I cant comment on the 7.1 version as Ive never used it.

If its for private home use, go with the free version, unless youve got some specific reason for wanting the 7.1 version.

Regards Howard

Edit Damn, Spike got there first

Topic Status:
Not open for further replies.