Trojan Downloader help needed

aaf

Hi. I came across a trojan downloader on a pc in work yesterday and can't get rid of it. It's called Downloader.Dyfia.2.R. AVG antirius software is popping up a message about it. I ran Ad-aware SE, Spybot Search & Destroy, HijackThis and I had a look at RegCleaner. I got rid of about 150 pieces of spyware with those tools but the message for the trojan appeared again this morning. I looked it up on the web and didn't find 1 reference to it at all. Running XP Professional. Any ideas?

Champ

Hmmm; wild guess is that maybe it's cached in the user profile browser settings? Run Disk Cleanup? I would probably nab the latest Windows updates as well ASAP.

If it's got a direct connection to the internet consider a firewall. Even if your utilising NAT it wouldn't hurt.

From what i've read in your post the only thing that's going wrong i would think is that your treating the symtoms not the causes.

Serbian

Looks like this person was having the same trouble as you. It also looks like they had a lot of fun removing it!

Serb

aaf

Champ wrote:

Hmmm; wild guess is that maybe it's cached in the user profile browser settings? Run Disk Cleanup? I would probably nab the latest Windows updates as well ASAP.

If it's got a direct connection to the internet consider a firewall. Even if your utilising NAT it wouldn't hurt.

From what i've read in your post the only thing that's going wrong i would think is that your treating the symtoms not the causes.

Cheers for the advice. I've being doing a bit of research. I'm gonna disable System Restore at lunch time and update the virus definitions. I then have to restart the pc in Safe mode and run a full system scan. I might even have to edit the registry and look for any instances of the trojan. Got the info which is a little more detailed than that on Symantec.com. Will let you know how it goes

aaf

Serbian wrote:

Looks like this person was having the same trouble as you. It also looks like they had a lot of fun removing it!

Serb

Read that yesterday. That's the only reference to Dyfia on the net! And mine is a different flavour. I'll try the steps outlined above and hopefully that'll get rid of it.

Champ

Oh yes forgot to mention;
Be sure to check out your list of running services; thats one of the more common ways to run programs discreetly in the background.

Here's some info you might find useful on services:
http://www.tweakhound.com/xp/xptweaks/supertweaks6.htm

Remember though that things like firewalls and antivirus probably have their own services but are fairly obvious what they're called.

Apart from that; i don't know about XP but in 2K you can also specify items to start at load time in the following registry locations:
MyComputer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

MyComputer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

MyComputer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Might be worth checking to see whats in them.