Trojan Horse help needed

Somehow I have picked up a Trojan horse BackDoor Agent and it is driving me nuts. I always keep AVG up to date and also use Ccleaner on a very regular basis. I also use a registry scanner/cleaner regularly.

AVG's Resident Shield is picking up the BackDoor agent in the file C\windows\System32\use​rinit.exe which is a genuine windows file and cannot be deleted or healed - It is also turning off the Windows Firewall (which I turn back on again).

Anyone know how to get rid of this virus ?

P.S. when I run a full AVG scan it does not pick anything up

Have you googled the trojan name for removal instructions?

In2Photos wrote in post #7510238
Have you googled the trojan name for removal instructions?

Yep, i have googled myself to death for a couple of days trying to find a solution but have got nowhere, the solutions either do not work or they do not make sense.

Roy C wrote in post #7510209
Anyone know how to get rid of this virus ?

P.S. when I run a full AVG scan it does not pick anything up

Well, you at least you're getting what you paid for then...

Try the Kaspersky free online virus scanner and see if that'll zap it for ya.

I would reformat.

But if you are adamant about trying to clean the OS without having to reformat+reinstall, I would:

1. Download and use the clamav live cd to scan the host for viruses and clean from a clean boot environment.

2. Start computer in native OS. Install all patches.

3. Rescan using clamav live cd.

4. Check for Services that do not belong. Check Service dependencies. Remove/delete any services that are malicious and the respective binaries.

5. Check for spyware. Important to get one that will scan for keyloggers.

6. Check to see if there are any created user accounts on the host that do not belong. Remove them.

7. Change passwords for all accounts on the host.

Roy C wrote in post #7510209
P.S. when I run a full AVG scan it does not pick anything up

This is why I quiet using AVG and moved up to ESET NOD32. Yeah it cost but so far has been worth every penny of the $29.95 I paid for a two year subscription, which was a special promotion at the time.

NOD32 runs circles around around AVG.

Tsmith wrote in post #7512030
This is why I quiet using AVG and moved up to ESET NOD32. Yeah it cost but so far has been worth every penny of the $29.95 I paid for a two year subscription, which was a special promotion at the time.

NOD32 runs circles around around AVG.

It doesn't find everything though.
I have been here all day trying to get rid of a Win32/Spy.Zbot.AE
trojan on my machine. NOD32 sees it trying to do something and quarantines it but it's still on the PC.

I use a combination of Malwarebytes Anti- Malware and SuperAntiSpyware. Each scans differently and if up to date then catch a lot of the Trojans that are prelevant. You may need to run Malwarebytes in Safe Mode if it can't get rid of the virus/trojan. I usually run one then the other, then reboot and run again.

Wardie

Zepher wrote in post #7513667
It doesn't find everything though.
I have been here all day trying to get rid of a Win32/Spy.Zbot.AE
trojan on my machine. NOD32 sees it trying to do something and quarantines it but it's still on the PC.

Well its quarantined the file so that's a plus. Have you contacted ESET support for their input on removal?

Roy C wrote in post #7510209
Somehow I have picked up a Trojan horse BackDoor Agent and it is driving me nuts. I always keep AVG up to date and also use Ccleaner on a very regular basis. I also use a registry scanner/cleaner regularly.

AVG's Resident Shield is picking up the BackDoor agent in the file C\windows\System32\use​rinit.exe which is a genuine windows file and cannot be deleted or healed - It is also turning off the Windows Firewall (which I turn back on again).

Anyone know how to get rid of this virus ?

P.S. when I run a full AVG scan it does not pick anything up

Try Malwarebytes. Great free software

I would just reformat. Viruses are now getting to be something you can't just remove. ( and I would run away from anyone that says they can remove any virus)The newer ones are no longer one file in one place. The writers have learned how to divide up the program into several places. And some can regenerate the missing parts that do get removed. While some can be simply removed. I would not take the chance. Just reformat. Then be better at what you do online.

Method of replacing userinit.exe here http://www.f-prot.com …indows/fpwin_fa​q/106.html
Brian V.

A couple of cases at the AVG free forum on this right now with no responses.....

They seem fussy about following this simple rule... http://freeforum.avg.c​om …p?15,132356,bac​kpage=,sv=

http://freeforum.avg.c​om …,176118,176125#​msg-176125

Just an update to the situation Guys. I have installed and run, Stinger, Malwarebytes and SpyDoctor all tried in Safe mode and with the sytem retore tuned off. Each time it picks up the trojan(s) but fails to remove - it is looking like a complete sytem reformat

Sorry to hear. Looks like a reformat is the way to go Make sure you have everything important backed up!