I'm in Jersey says:
you busy?
Stu says:
Just cooking, what's up man?
I'm in Jersey says:
my flat mate has a trojan
dunno how to get rid of it
he's got a trial version of some software that's detected it but aint deleting/quarantining it
wont let him check his yahoo inbox
it says: "variant of the Trojan.win32.obfuscated.gx (porn adware)
w32/annew-fam read the link, allows remote access
spyware compnent related to downloadware and found in program filesKFH
I been trying to find it and delete it myself with no luch
only thing I can think of is to get him to download firefox and use that instead?
Stu says: http://downloads.malwareteks.com/FixIEDef.exe if he downloads and runs this it will scan for the trojan and remove it
Then get him to download and run HiJackThis and post it up on AltNation for him/send me the text file it creates just incase it's spread anywhere else.
I'm in Jersey says:
he's french
ok
searched it
done the scan and nothing came up?
Stu says:
That's weird, HijackThis should pick it up then.
http://download.hijackthis.eu/hijackthis_199.zip
It's not actually a virus, it's usually just a wee program that keeps making popups so that someone will buy the software it recommends.
I'm in Jersey says:
yeah
that's the one
i think he downloaded it as well
Stu says:
You could remove it manually if you want the instructions
I'm in Jersey says:
yeah batter on
Stu says:
Open up a command window (start -> run, type cmd and click open)
I'm in Jersey says:
i'm on vista
how do I run?
Stu says:
ah
hit the windows button and r
then type cmd and hit okay
I'm in Jersey says:
ok
got the command screen
Stu says:
then you want to type in “regsvr32 /u windivx.dll" and hit enter
I'm in Jersey says:
ok
Stu says:
and the same "regsvr32 /u ecxwp.dll", "regsvr32 /u stream32a.dlll", "regsvr32 /u vipextqtr.dll".
I'm in Jersey says:
"to register a module you must proivde a binary name"
Stu says:
the software must still be running that he downloaded.
to be entirely honest the easiest thing to do is probably to just roll back using system restore to a few days ago.
programs - accessories - system tools - system restore
I'm in Jersey says:
how the fuck do i get programs on vista?
Stu says:
oh yeah, vista sorry
in the start menu search box just type restore
or you can type rstrui into the search box and hit enter, up to yourself
I'm in Jersey says:
rstrui doesn't come up with anything
tried restore again and it says it's already running
cool
system restore is running now
Stu says:
excellent
does he know when it installed?
I'm in Jersey says:
so this will take his pc back to a couple of days ago and it'll be cool?
he says today
Stu says:
it'll roll back the drivers/things installed, but not damage any files he's made like a word document or anything.
I'm in Jersey says:
alright
so this will be back to a couple of days ago once he restarts?
Stu says:
Whatever date you pick, aye.
There's the recommended restore, or you can chose a different date.
I'm in Jersey says:
recommended was 28th
used that
Stu says:
Aye, that should be fine then.
I'm in Jersey says:
right cool
cheers
Stu says:
No problemo, I'm away for my steaks.
