I have been infected with atrojan but i can detect it.
and i have detected Hoon trojan and deleted it ,but the symptoms of the trojan is still on my pcs network
"
all driver have an autoplay (right click by mouse)
and it gives my this message by d-click on any driver
**************
SYS.EXE


the virus was detected and deleted from all drivers:
C:\sys.exe
D:\sys.exe
E:\sys.exe
F:\sys.exe
G:\sys.exe

????????

iam using Mcafee Virusscan enterprose and is up-to-dated.
if any1 have any idea , please post


thanks in avance.

Joe

That sounds like a bit (alot) of a problem if you ask me.

Trojans (when I get them) usually lead me to formatting my computer.

Where in the computer is "sys.exe" meant to be from anywhere?
is it a system file or something?
because if it is then that probably means a problem.

Also look here:
http://www.f-secure.com/v-descs/wallon.shtml
http://www.processlibrary.com/directory/files/sys/

You should use avg antivirus Free edition to remove this type of trojan. I've had this before i I used that program to remove it. It acctually works. If you need a link to the software, let me know!

Mike

AVG ... i heared about it , but is it realy good ,i mean for enterprise Co.
you had that virus ?? ... and it didnt Write your reg (registry) .... becaus my antivirus deleted the trojan but it had written the registry and aday later it got a complete control over my pc leading me to format all my drivers .
now iam looking for blocking reg writing.

so i think iam gona give it a try .

Joe

I really get rid of trojans when I'm using AD-AWARE

Here is some information for everyone since I haven't seen anything posted with these tips yet. First of all, there is not one single anti virus/adware control that can find and solve every problem. However, here are three of the best I've ever seen and used. Used in conjunction with each other, I've been virus and adware free for well over three years.

Also before I give the names of these products/services, there are some additional actions that should be taken before and after the removal of any files from your computer. Always make a backup of your registry prior to removing the files in question. After the removal is complete, you should clear your computers cache (memory, history, recycle bin, etc.) since the virus and or adware remover will continue to detect it as a threat while in reality the threat has been isolated. Also be sure to set up all of the security options to keep problems from occuring. Last but not least update you virus and adware programs frequently or set them up to update automatically. I try to do it once per week but no longer than once a month.

Anyway, the three best removers that I have used are; AVG, Spybot and Panda online.

AVG has a free version of anti virus and a free version of adware remover. The anti virus allows you to set up an option to immediately notify you in the event that you pick up a virus and you can terminate the virus before it becomes a problem. They also have an extensive virus encyclopedia with definitions and removal instructions for those stubborn viruses.

Spybot is basic when it comes to adware removal. However it finds problems that most do not. In addition, Spybot will also automatically make a list of websites known for bad behavior and block those sites and or any downloading from those sites from occurring, plus an internet bad download blocker and a protection over all system setting which must be activated manually.

Panda has developed a system whereby they check your system remotely from their servers. Again, they don't find everything but they find more than many others combind. Scans, disinfects and eliminates over 185,000 viruses, worms and Trojans from all system devices, hard disks, compressed file and all your email. It incorporates a powerful heuristic system
that is enhanced with technologies, to detect unknown malware. It is updated at least once a day to detect the latest viruses and spyware to appear. You do not need to install any programs. Simply connect to the Internet and click whenever you want a second opinion on the security of your PC.

Just one last thing before I sign off. No matter what protection you use, it won't work if there's a hole in it So set it up properly and completely. I'm sure that you'll have the same success that I have had keeping my computer running clean quickly and smoothly.

Good bye and good luck to all

Dominus

Panda required me to download and install an ActiveX plug-in. It's getting updates as we speak. I'll let you know of anything else.

I thought first of all, you need to boot to Safe Mode to remove the trojan? I don't see anyone does that. Anyway, I've infected by Trojan previously and don't have to completely reformat my PC. There's a few steps I did.

1. First, download a McAfee Stinger from the website. Get the latest version so that they have all the latest trojan remover.

2. Get the Latest Trend Virus Pattern Files from Trend Micro. This virus pattern file are updated pretty often. So it will contain all the latest reported worm and trojan. These two are good enough. If not,

3. Get the free Ad-Aware SE. Nothing to lose. (You need to install it before going to the next step. And of course UPDATE IT)

4. Disable you System Restore.

5. Reboot your PC and enter safe mode. (If anyone doesn't know how, press F8 at startup and a black screen should appear, choose Boot to Safe Mode)

6. When you are at windows, run the 3 programs that you've downloaded. Always perform Full Scan for all drives you have.

7. After you've done your scan, run regedit.exe and see whether the file 'sys.exe' still in your registry. If there isn't, restart your windows to normal mode.

8. When your windows is loaded, run the 3 programs again. Remember Full Scan.

These are the steps I did to remove worms and trojans from my PC. It works for me. But of course other trojans and worms might not be effectively removed by these steps. There are some trojans that need specific procedures to remove.

Cheers.

......
He says his antivirus has already detected and deleted the virus...
but he has the problem that when he double-clicks any drives it autoplays/autorun ....

To solve the autorun problem try this.
goto START > RUN and type command
after the command prompt is open

type these commands

c:
attrib autorun.inf -r -h -s
del autorun.inf
d:
attrib autorun.inf -r -h -s
del autorun.inf
e:
attrib autorun.inf -r -h -s
del autorun.inf
f:
attrib autorun.inf -r -h -s
del autorun.inf
g:
attrib autorun.inf -r -h -s
del autorun.inf


or if you dont know to use command prompt...
reply me and tell me how many drives you have...
and which drives give you this problem of autoplay.

If you feel / know that the trojan is spreading on your network.
You can try using Avast Anti-Virus Home Edition (its free)
After you install it it will ask you to scan HD during boot time. (when the virus is not avtive)
And set Network Shield at high.


This post has been edited by L33t BoTz: Aug 12 2007, 03:23 AM