I have recently done a full format and new reinstall of Windows XP Home Edition and updated to SP3, it’s an original copy. All programs are either downloads from well known sites, or original. Before reformat Malwarwbytes (free) was showing I had two Trojans, I never wrote the names down as it removed them and the next day they were back. Turning off system restore made no difference.

I am now using AVG 9 and Malwarebytes with the new install. Lots of restore points made. Two Trojans are found by Malwarebytes names Trojan.autorun in HKEY_CLASSES_ROOT\exefile\nevershowext and Trojan.agent in C;\Windows\explore.exe. Removed yesterday, back today.

My question, are these real items or something found to encourage me to buy the full version of the program.

Have a look at this link, and also follow the links there in, it should help. Autorun.inf remove [Solved] (http://en.kioskea.net/forum/affich-47361-autorun-inf-remove)

Malwarebytes is a reputable application, so yes, I would take this seriously.

SD

Thanks for the info, I will let you know how it goes. A wedding to attend first.

I would be concerned that this virus re-appeared so soon after you re-installed windoze. It normally takes some time for such a virus to find an infectable machine and infect same. Is there a possiblity that one of the programmes that you have downloaded is infected? Also, you don't say what form of virus protection you are using. If you haven't got one working - which should be the first job after windoze has been re-installed the recommended free one here is Avast. You never know where viruses are going to come from these days. Our local super-luxury hotel website became infected a few months ago. I e-mailed the management and they got it fixed PDQ. Two weeks later the infection returned! I think that they have got it permanently fixed now.

P.P.

P.Pilcher,

He states that he is using AVG 9. Of course, the problem might be that it is not being updated.

SD

Just back from the trip to the volcanoes and reading up on the messages. I loaded AVG off the web straight after I got the massive number of updates from Microsoft site. Yes I am concerned where the virus reappered from so fast. My son and daughter also use this computer but have Limited Accounts, I normally also use a limited account except when I am in need of loading a program or twiddling. After this is sorted I will have an extreme sort through any back up files. For years my son had used an English Grammar CD which passed AVG scan OK, then after about three years after I had done a first antivirus check it suddenly showed a trojan when I tried to use it.

S.D: One day, in my advancing years I will clearly have to take some reading lessons!

However, from what piggybank has now told us, about the only way that this infection has got in is through the pogrammes he has installed after he rebuilt his Windoze O.S.

P.P.

I am still working on this and finding a distinct lack of success so far. Yes, firewall enabled and only the basics allowed in. There is one 8MB partition which I don't know why it is there but as it was small did not bother with deleting. maybe a mistake.

Some of the advice I have come across seem draconian, I have lost the copy I made of the web page. It involved three different stages, using three different anti virus programs and a big list of files to delete one including Powerpoint.exe

Yes, this one is real pain and I only have three days to fix it.

Anti virus programs updated daily. Thanks for the advice so far. One web page said 'buy a new computer' and that would be nice I must admit.

Well - a new hard drive won't cost a fortune, but I would have thought that a full re-format of your old one should have the same effect.

P.P.

You are probably right about the new hard drive. My concern then is find where the trojan is lurking in my saved files.

You should be able to scan each file individually using your antivirus and spyware programs

Piggy - if you are still seeing 'autorun' in the Malwarebytes scan you may wish to try

Autorun Eater - Free software downloads and software reviews - CNET Download.com (http://download.cnet.com/Autorun-Eater/3000-2239_4-10752777.html)

CNet are a reliable download source.

Have you run MWB in Safe mode?

Thanks for all the valid points given. I will print the lot out for my future use.

I had to go to Jakarta yesterday, and bought a genuine copy of Kapersky AV2010. Here in Bali an original would cost treble and take a week of more to arrive.

First jobs last night were to wipe AVG and Malwarebytes. First reason was to avoid program conflict. I really appreciate those companies supplying a free program but in my particular case AVG missed the interlopers and Malwarebytes told me they were there but could do nothing about it.

Kapersky found the Trojans as Trojan-Downloader.Win32VB.aza no doubt other companies have their own name for it. There was an odd one 'PDM. Worm(dot)P2P(dot)generic' in 'ADOBEPIF' but I suppose it got planted there as the worm/trojan became active. My dots to avoid the invalid hash message.

Hopefully this is the end of the problem. Certainly as well as paying attention to all the advice given I will be checking every file on every disk and flash stick I have.

Thank you one and all. Tomorrow back to the swamps of PNG.