Infected with Trojan Horse

clylbw

Well-known member
454 4
Hi,

A scan with Symantec indicates that a file in my machine, svchost.exe, is infected with a Trojan Horse. I could not delete it as access was denied, and I went to Task Manager and tried to end its process first in order to be able to delete it.

Then strange things happened. Each time I tried to end the process in svchost.exe-there are quite a few of them under this name, according to Task Manager-the following error message came up: Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly. Then it automatically shut down and restarted again in 1 minute’s time.

I wonder how to deal with this problem? My OS is XP and the file system is NTFS. In the past I had ended the process through Task Manager and then deleted the infected file, but it does not work this time.

BTW, is there a better firewall and anti-Horse software? I use Sygate but it seems to have failed this time.

Please let me know ASAP. Thanks indeed.
 

ilia king

Well-known member
327 0
Clylbl, is the trojan, trojan.tofger? Because I think that that is the trojan that I still have, lol. Not too bothered as I dont use this pc for trading. Not sure if this will work but try starting the pc in safe mode.

Good Luck

Ilia
 

clylbw

Well-known member
454 4
Hi Skim, ilia king,

I think it is svchost that was indicated by Symantec, as there is no scvhost in the Task Manager. But I am doing another scan now, and am waiting for confirmation.

I was first allerted yesterday when the speed of my Internet connection slowed mysteriously. I then did scans with both Household Call and Micro Trend, but nothing was found. I did a Trojan Horse scan just now with Symantec, and it indicated the infection.
 

clylbw

Well-known member
454 4
Scan Result with GFI TrojanScan:

'Unable to scan C:\System Volume Information - Access is denied.'

What is the problem? :(
 

clylbw

Well-known member
454 4
Hi ChartMan,

Thanks indeed.

I suppose I need to take the following steps to clean my computer. Am I right in each of them?

1. Disable the Remote Procedure Call (RPC) service so that I can end the process of svchost.exe without having the machine being rebooted.

2. End the process of svchost.exe. There are 4 of them in the Task Manager, two of which are under the username of System, another under the username of Network Service, the last one under the username of Local Service. Do I need to end the processes of ALL of them?

3. Romove svchost.exe. I wonder whether I should do it manually by going to Start-Search, finding out all the files/folders under the name of svchost.exe and deleting all of those files? The website of Symantec requires subscription of its software for the removal. As I do not use Symantec's software, can I still remove the virus? Or do I have to subscribe to Symantec for removal?

4. Symantec also recommends removal from the registry. Do I have to do this? I would prefer not to touch the registry as I know little about the backup aspect.

Thanks indeed.
 

oatman

Senior member
2,879 22
Don't stop any svchost until you know which one. To stop rebooting Go to run and type shutdown -a This will temporarily disable the RPC which reboots you.
You must try and find the name of the virus/troj, so you can stop the correct process.
Try some more online scans.
Try and download and run these 2
http://vil.nai.com/vil/stinger/
http://www.avast.com/i_idt_1060.html
Remember to disable System Restore if you're running XP or ME
Let us know how you get on
 

oatman

Senior member
2,879 22
BTW, is there a better firewall and anti-Horse software? I use Sygate but it seems to have failed this time.
I doubt Sygate is to blame. Your AV should pick it up but it's your decision ultimately on what to let in. What AV prog are you using? Are you current with Windows critical updates? What other anti spyware/hijack etc are you running?
There's a bit of info here
http://www.computercops.biz/postt7736.html
 

wheezergeezer

Well-known member
368 8
Virus help, for free downloads, go Supanova.org then goto Apps, windows, norton everything (4th on list)and download, I believe its anti-virus software,plus other useful items, I haven't used it myself so I'm not recommending, but it may provide a solution and get rid of your virus, Good luck
 
  • Like
Reactions: wasp

clylbw

Well-known member
454 4
Many thanks to all of you indeed.

I did scans using Stinger and Avast. Neither of them found anything, but Symantec insisted there was a Trojan horse. Is it possible that Stinger and Avast only scanned for 'virus', while Symantec scanned for 'virus AND Trojan horses'?

Thanks indeed.
 
  • Like
Reactions: wasp

Similar threads


AdBlock Detected

We get it, advertisements are annoying!

But it's thanks to our sponsors that access to Trade2Win remains free for all. By viewing our ads you help us pay our bills, so please support the site and disable your AdBlocker.

I've Disabled AdBlock