Re: How do I remove Downloader virus??? Help!

BrianNo@xxxxxxxxx wrote:

Hi. I tried your Sysclean software, and I followed the directions, but
the software didn't find any infections on my computer. When I
restarted my computer on normal mode, NAV said that I still have the
"Downloader" virus.

Also, that's the only name NAV will give me. All it says is that it's a
Trojan Horse virus and that it's called "Downloader".

Perhaps there's another way to remove this virus before it wreaks havoc
on my computer?

What happens when you try to delete the autlog.dll file? If you get an error
message, what does it say? Are you using a current version of NAV (2005/06)
with updated virus definitions?

Things to try:

1. Right-click on the file and look on the Version tab if it exists. This
can help get information about where the file came from, although most
malware doesn't have it.

2. If I were working on the machine and was *very* sure the file was malware
(and since I'm not and can't see your computer please take this advice with
that caveat):

a. If the file is in use and can't be deleted or renamed in Safe Mode, I
would try Safe Mode Command Prompt. Navigate to the file location and try
deleting it from the command line.

b. If that didn't work, I would boot the system outside of Windows with
either a Bart's PE or other professional tool and delete the file that way.
You may or may not have the ability to do this; there is no way for me to
know.

3. Have you run Ewido as I suggested? I would. Make sure you update it and
then boot into Safe Mode to scan.

4. If Ewido doesn't find anything, do as I also suggested and run HijackThis
and post your log to one of the following specialty forums (not here,
please):

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42
http://aumha.net/viewforum.php?f=30
http://castlecops.com/forum67.html
http://spywarewarrior.com/viewforum.php?f=5
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

5. Send the autlog.dll to VirusTotal to see if they can identify it.
http://www.virustotal.com/flash/index_en.html

6. Take the machine to a professional computer repair shop (not a big box
store) where someone skilled in virus/malware removal can look at it.

Malke
--
MS-MVP Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"
.

Relevant Pages

  • Re: TrojanDownloader Virus
    ... I got lucky and found my config utility in my help support ... Then I used my NAV to scan my virus holding file, it did and quarranteed it, ... > Various systems may boot in safe mode using different keys. ...
    (microsoft.public.security.virus)
  • Bloodhound.exploit.6 Trojan
    ... NAV and Yahoo Anti-spy and spyblocker. ... program informed me I had a virus on my computer called ... start/run/type regedit I found the HKEY_LOCAL_MACHINE ... into safe mode. ...
    (microsoft.public.security.virus)
  • Re: Downloader.Trojan
    ... Disable System Restore. ... Update the virus definitions. ... Restart the computer in Safe mode or VGA mode. ... On selecting ' delete' NAV is unsuccessful. ...
    (microsoft.public.security.virus)
  • Re: Cant Run Regedit
    ... I can run "regedit" in the safe mode. ... Virus Name: Backdoor.Hacarmy.C. ... I have previously gone to the NAV website and followed the advice ...
    (microsoft.public.windowsxp.general)
  • Re: PL HELP!!!my system is infected with winavxxx and many more spywar
    ... You were given magnificent advice by 'Kayman' - it may all be absolutely correct. ... the web searching for a medicine properties and I guess it was when the virus ... detect the Trojan nor it avoided its entrance. ... When I started in Safe Mode, I was not able to see the Control Panel icon ...
    (microsoft.public.security.virus)