|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Rad2
Cadet
Premium Member
Joined: Jul 14, 2004
Posts: 1
Location: Australia
|
 Posted: Wed Jul 14, 2004 5:50 am Post subject: Need help. Trojan Horse Downloader.Crypter.C only AVG finds |
|
|
Hi gang, first off I'm not to savy on computer lingo so please explain correct procedure thanks in 3 year old language 
Problem: I have AVG telling me every 10 minutes another virus found and its this same one all the time with a different number associated to it.
wnk80.exe each time it will be a different number 8, 8c,90 etc.exe
Avg says its a TrojanHorse Downloader.Crypter.C
Now I don't have the faintest idea to get rid of this, I have the pro version of AVG, I have paid version of XoftSpy plus Spybot and Stinger but not one of these can get rid of this thing it just keeps re-appearing.
Please help me here people, and explain in layman terms the best way to get rid of it.
All help much appreciated.
|
|
| Back to top |
|
 |
Donna
Colonel
Premium Member
Joined: Apr 12, 2004
Posts: 2508
Location: Macau
|
| Posted: Sun Aug 08, 2004 3:25 pm Post subject: |
|
|
Hi Rad2,
Not sure if you still need help but in case you need....
First, you should get rid of XoftSpy. It is not recommended to use. See http://www.spywarewarrior.com/rogue_anti-spyware.htm
Before removing the trojan, it is recommended to disable System Restore if you are using Windows ME or XP.
Next, empty your temporary internet files. Go to Start>Run then type %temp% then hit OK. Delete all the files in that folder then close it.
Next, open Task Manager>Processes tab. Look for wnk80.exe (or whatever random number that it is using). End the task of this wnk80.exe. Close Task Manager.
Now, run a full system scan using AVG. Either delete what it detected or put to AVG vault.
If AVG still can't get rid of it. You have other options:
Either remove it manually:
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
and remove any reference to any file you deleted.
Close the registry editor.
Editing Win.ini
At the taskbar, click Start|Run and type Sysedit. Bring Win.ini to the front. In the [windows] section, search for a line beginning with 'Run=' and delete any references to the files you removed. Delete only that reference, not any other text.
Reboot your computer.
See http://www.sophos.com/virusinfo/analyses/trojcrypterc.html
Or run an online scan using Housecall - http://housecall.antivirus.com/housecall/start_corp.asp
_______________________________________
NOTE FROM FORUM HOSTS: This thread is now closed. Should you need it reopened, please PM a Host/mod. Everyone else having a similar issue, please launch a new topic for yourselves. Thank you.
.
_________________
It is common sense to take a method and try it; if it fails, admit it frankly and try another. But above all, try something. --Franklin D. Roosevelt
|
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
