Trojan help

[hoshmosh]

I have a trojan in windows media player. When ever it is opened it starts to download random songs. I don`t know anything about it because I am computer retarded

gimmie as much info as possible please. I will try to answer any questions about it that i can. thnx.

 

[hoshmosh]

rawr

why is no one replying :dead:

 

[j4m32]

Well ...

First, I don't use Windows Media Player.
Obvious thing is to get a Virus Scanner and run it.

Some tools:

Antivirus

• Avast Home Edition (Free
• AVG

Deleting Malicious (In-use) Files

• Dr Delete

Tools

• Security Task Manager
• PsTools

Personally I use Avast - but don;t have it active 24/7.
If you Register, Download, Install it will ask you if you want to "schedule a boot time scan", you can choose that option.
But do not tell it to "Restart" the Computer once you've installed.

Why?

Because the chances are that it needs to be Updated else it won't be as effective as possible.

So then once installed, Load it up and click the "Lightning" Button to allow it to update.

Using Security Task Manager you might find suspicious Modules loaded by Processes

[ and if fussy, confirm by using PsTools - ProcMon to check if they're in use / loaded / playing around with your system ]

If you find any sticky files like these, you will probably need something like Dr Delete to Remove them easily.

Hope that helps.
.
Jim,

 

[hoshmosh]

I have mcAfee. Will a normal scan on the computer at least quarantine it?

 

[j4m32]

McAfee Wont do you any favors if it cannot schedule a boot time scan

if this thing is going to Replicate it might be a waste of your time,
it also doesn't mean that it'll clear things which are active in memory immediately.

Avast does a Memory scan as soon as you load it so ... it's a double whammy in my view...

Key areas to Scan if you do choose to use McAfee by preference:

• C:\WINDOWS\* [Particularly System32 and the files in the root of WINDOWS]
• C:\Documents and Settings\Username\* [Maybe not My Documents, uncommon location]
• Possibly: C:\Program Files\Suspicious Directories [Not every directory]

I doubt McAfee will be able to read things which are part of the File System which are usually unreadable by Explorer - like the System Volume Info / Restore locations..

**
I missed some info off of the previous post!

There maybe Registry Entries for some of these malicious files.
So to keep the Registry Tidy you can remove them manually by using RegEdit
[Start -> Run -> "regedit" -> CTRL + F -> name of the file]

if you use Security Task Manager to find any malicious files...
You want to delete as much as you can manually,
as Dr Delete requires a Restart for it to "Delete" the files upon start of next boot.

**
Hope that helps!

Jim,