A few days ago, my PC got infected with a Trojan Horse. It kind of bypassed Trend Micro Officescan. Trend Micro could only detect and block the internet access for the Trojan, but it didn't remove the virus.
So I downloaded AVG Anti-Virus Free version and scanned the PC. AVG detected the virus (Trojan Horse PSW.Agent.7.L , a type of Win32 Trojan W32.Popwin by Symantec Norton's term, in the form of auto.exe) in all partitions and USB drives too, and it removed them. However, I had to remove other associated files and fix the registry settings manually. It took me many hours to remove it.
The symptoms of the Trojan are:
- A pop up might show up unusually from a pop-up free site such as Google.
- A warning message asking you to install a spyware detection tool might come up.
- If you check the process list by pressing Ctrl + Alt + Delete, you will see a process with 8 random character name.
- When you right-click your hard drives, the first item you see is "Auto" instead of "Open".
- You cannot view hidden files by changing the settings from Tools >> Folder Options >> View >> check "Show hidden files and folders". It will go back to "Do not show hidden files and folders" option as soon as you close the Folder Options.
The steps to remove the Trojan are:
- Download and install AVG Anti-Virus for Free.
- Scan your pc including all partitions/drives/USB keys. That will delete the viruses including auto.exe , and will solve the symptoms 1-3. You need to fix the rest of the symptoms manually. If you click on C:\ drive "Choose Program" dialogue box will appear instead of opening the drive.
- From Start >> Run >> type regedit. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL and right-click on CheckedValue and choose Modify. Change the value to 1 (it may be set by the virus to 2).
- Now you should be able to view hidden files by changing the settings from Tools >> Folder Options >> View >> check "Show hidden files and folders".
- Go to C:\ drive by right-click >> Explore. Delete autorun.inf. Repeat it for all other drives.
- Alternatively you can run command prompt and go to C:\ drive. Then type "attrib" without the quotes. Then you will find autorun.inf and can remove it.
Now your PC should be free from the Trojan. Anyway, prevention is better than cure so make sure you install a good anti-virus software (I'm very happy with AVG). Create an image of your system by using Norton Ghost or Acronis True Image so that you can easily restore your PC in a few minutes.
0 comments
Post a Comment