Spread the love! TechSpot Tech Gift Shortlist 2017

After reformatting Trojan is still there

By hero182 ยท 13 replies
Nov 21, 2008
  1. I reformated my computer and i still have the trojan virus. Can anyone help me? I reformatted my computer then install AVG then AVG's resident shield pop up with

    Infection: Trojan horse BHO.GKO
    Object: C:\windows\system32\sw20.exe
    Result: Moved to Virus Vault
    Object Type: File
    Process C:\WINDOWS\system32\MRT.exe

    then i tried another reformat and the same thing poped up. So i left it to avg and heal it. But soon after another trojan popped up when i havn't done anything.

    Threat name Trojan Horse BHO.GKO
    Process Name: C\Program Files\Spyware Doctor\pctsSvc.exe

    so i click heal and I scanned again with avg and nothing came up but as avg was done scanning it froze..
    can anyone tell me how to fix this??
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Instead of "formatting"
    Please start the Windows Xp setup from CD
    But when prompted regarding the Partition Please remove it
    Once the partition is removed, continue installing Windows (note: Windows will automatically create a partition, and format the partition to NTFS filesystem)

    Obviously back up first, as "formatting" or rather "partitioning" will remove all your data presently on the drive
  3. hero182

    hero182 TS Rookie Topic Starter

    i boot my computer with the window cd, then i removed the partition and set up new partition but still the same thing appears. I always do it this way but for some reason the virus is still there. Please help me. I also provide logs so can someone please see what's wrong?
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    It's not possible

    Unless after you installed Windows, you then either:
    1. Went to a infected website, and\or downloaded infected files
    2. Used an infected CD or any other infected external media
    3. Had extra partitions present, that also had infection
    4. Connected to an infected Home\work network
    5. Received an infected email, or other download source

    Please remove the Partition(s) again
    Then only browse, known authentic pages, until your system has had a good Antivirus installed and updated
  5. hero182

    hero182 TS Rookie Topic Starter

    do you mind checking the logs to see if there is anything wrong? Because i have been reformatting my computer the whole day. The second time it happened was when it was updating window's update and when it got to window malicious removal tool the resident shield popped up with that first trojan. Because so far i used avg, spyware doctor, spybot search and destroy, super antispyware to scan and only cookies adware show up. Could it be something related to window? because the process C:\WINDOWS\system32\MRT.exe is the window malicious virus removal tool. Also the only thing i can think of is that avg may be too sensitive but i don't want to leave it at that. Because I'm very paranoid that my computer is infected by trojan. I want to be sure that there isn't any and that avg gave me a false positive
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    I've read your post, and last edit
    And still recommend, removing the partition and starting again
  7. hero182

    hero182 TS Rookie Topic Starter

    i just did some research that sw20.exe is a driver....for msi video card. Currently i am using a msi video card and saw some website say that sw20.exe and sw24.exe is a driver interface
    would you still recommand me to removing the partition and starting again?
    Also if the problem persist after the format what would you recommand?
    sorry for all the question. and Thank for your help.
  8. rf6647

    rf6647 TS Maniac Posts: 829

    User observation: related to D/L or execution of MS malware removal tool
    and consideration that this is false indication from AV protection.

    We only recognize logs from MBAM, SAS, HJT, This gives us a "normalized" view of the infection.

    After viewing those logs, other tools are brought in to go deper, when indicated.

    [original portion - radical idea; this has not been validated as a threat source]

    Partition & reload as described by kimsland.

    Configure your home network making this the only computer (connected after hard reset) using the router and/or modem.

    Additionally perform hard resets on the router - this load factory defaults.
    Often this means depressing a microswitch for 30 seconds.

    Connect computer to the router.

    Add a password to the router different than default from the brand.

    Resume Updates.

    (note: hard reset of ADSL modems may require ISP assisstance to re-authorize the network connection)
  9. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    This is a false positive

    Threat name Trojan Horse BHO.GKO
    Process Name: C\Program Files\Spyware Doctor\pctsSvc.exe
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    I stand corrected :eek:

    You presently have two Antivirus programs installed
    Norton and AVG
    I would recommend un-installing both, and then download; install; update Avira free Antivirus
  11. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    actually they are all false positives

    Command: "C:\WINDOWS\system32\MRT.exe"
    Description: Microsoft' Malicious Software Removal Tool.

    Object: C:\windows\system32\sw20.exe
    I am pretty sure this is from the game half-life2
  12. hero182

    hero182 TS Rookie Topic Starter

    so my computer is fine? meaning no trojan/virus...etc? So this means avg is too sensitive? i don't have half life 2 on my computer....I scanned with avira and only got 1 warning...
  13. hero182

    hero182 TS Rookie Topic Starter

    reformatted my comp again and the same thing happened again. The resident shield pop up as it was installing/downloading window's update malicious virus removal tool
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...