well after seven years i finally get a virus (trojan) on my pc, but i'm having a big problem eradicating it! My anti viral software successfully cleans all the infected files except one which cannot be accessed as it is constantly "in use by windows" it cannot be deleted for the same reason. I've researched the virus in trend micros online virus encyclopaedia and followed their instructions referring to deleting it in the registry, but the files they say should be deleted are not there, or are under a different name. I hope i don't need to get the HD cleaned down and everything reinstalled. Any help/suggestions/ideas appreciated.

Whats the spec of your machine? I will assume Windows.

Try rebooting your PC and loading it in safe mode (do this by pressing F8 when it boots up near the start). Then run the antivirus program. Doing this may stop the virus from running when you load up.

Secondly, when in Windows, press Ctrl+Alt+Del and have a look at the list of things running to see if anything suspicious is in there.

Failing this, and bearing in mind that you have tried the removal advice from the relevant website, a fresh install of Windows is a better solution.

Regards

Maz

is it hiding in system restore?
if so you will have to turn sytem restore off reboot then turn it on again but remember to set a new restore point

Private jet,

Knowing which Malware was on your computer would help for getting a removal tool too. ;)

Take Care,

Richard

Hi PJ,

Please download 'Hijack This!' from here (http://www.thespykiller.co.uk/), unzip, and place it in it’s own folder, (not in the temp folder, or on the desktop) doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply.

This will give us a rundown of what’s going on in your PC. One of us here will be glad to analyse it for you. Don’t fix anything yourself yet, as a lot of the stuff on that list will be harmless or required.

Cheers

Liam

reboot your computer in safe mode, and then run your AV prog, the trojan wont have loaded so will be able to be removed. Also shut down System restore (this will clear out anything saved in the restore area,) then restart it again. you should be better now.

It can't be deleted 'cos windoze is using it!!

Press control/alt/delete at the same time then select processes in the task manager. Find the name that cannot be deleted, click it and then click 'end process'. You should then be able to delete the file with your virus program.

Hello everyone

Last night I had a similar situation where 2 viruses decided to very kindly make their home on my computer. :mad: One was a Trojan Horse and the other was Bloodhound.Exploit.6.

Both files were detected by my up to date Norton Anti-Virus, however the log file states that access to both files was denied and therefore the repair failed. Since then I performed a scan with both NAV and Trand HouseCall-both found no viruses. I have also ran HijackThis and there was one dodgy looking entry, so I fixed that. I have also deleted my Temporary Internet Files folder because this is where the Trojan Horse was located.

I still have that niggling feeling though that there is something still lurking in the background. :confused: Surely Norton Internet Security should have prevented those things in the first place? My security settings seemed to have changed though since installing Windows XP SP2.

Is there anything else I can do to double check my system?! Also any ideas on how to further increase the security on my PC would be greatly appreciated!:ok:

JustAnotherVictim,

From the log file in NAV, you could get the names and locations of the Malware Files. Then, in Windows Explorer (make sure you have Explorer set to show Hidden and System Files) look to see if the files are still on your computer.

One other program that you could use along with a fully updated NAV and HouseCall is:

McAfee AVERT Stinger (http://us.mcafee.com/virusInfo/?id=stinger)

Between the three, you should have a good idea if there is Malware on your computer. ;)

Take Care,

Richard

Hi JustAnotherVictim,

Can you reboot (in case you normally leave the machine on) and then post up the HJT log (disable smilies before posting). I'll have a look through it for you. If you can remember the name of the file you deleted, it would help. It may of course show up again anyway.

Cheers

Liam

Thanks for all your suggestions.

Tried the "safe mode" thing, but on start up with CTRL or F8 held i end up in BIOS setup menu and not Windows startup menu and it says nothing about safe mode in any of the options! I'm not a computer guru so any simple language would be much appreciated! this is driving me nuts

Depending on which version of Windows you're running, it is sometimes possible to rename an "in use" file that you can't delete. So the process is:

(1) rename the file to something completely different
(2) reboot
(3) delete the renamed file.

(Of course, if you do this to a file which is a legitimate and essential part of Windows then your computer won't reboot.)