AVTC - Anti-Virus Technical Coop
General Process for Removal of a Trojan Virus - and Anti-Virus Procedure 
  AVTC Home
  Spyware Removal Tools
  Stop Spam Email
 Anti-Virus Protection
 Trojan Horse Virus Removal
 A General Trojan Removal Process
 Anti Virus Software Comparisons
 
 
 
You are your best protection against viruses and spam! 
 
 
 

 
We warned about the difficulty in removing Trojan horse viruses, But we still get asked how to do it. Below is the "general" process for removing these nasty things...

Trojan Removal - A General Process

#1  If you are using and operating systems such as Windows XP or ME, you MUST disable your System
Restore before attempting any removal! After successful removal, you can re-enable System Restore. Here is how to turn off System Restore:

For Windows ME
  1. Right-click the My Computer icon on the Desktop and click Properties.
  2. Click the Performance tab.
  3. Click the File System button.
  4. Click the Troubleshooting tab.
  5. Select Disable System Restore.
  6. Click Apply > Close > Close.
  7. When prompted to restart, click Yes.
  8. Press F8 while the system restarts.
  9. Choose Safe Mode then hit the Enter key.
  10. After your system has restarted, continue with the scan/clean process. Files under the _Restore folder can now be deleted.
  11. Re-enable System Restore by clearing Disable System Restore and restarting your system normally.

For Windows XP

  1. Log on as Administrator.
  2. Right-click the My Computer icon on the desktop and click Properties.
  3. Click the System Restore tab.
  4. Select Turn off System Restore.
  5. Click Apply > Yes > OK.
  6. Continue with the scan/clean process. Files under the _Restore folder can now be deleted.
  7. Re-enable System Restore by clearing Turn off System Restore.

 

#2  Make absolutely sure you have the latest "paid for" versions of removal tools such as Ad-aware and Spybot Search & Destroy.

#3  Reboot your system in "safe mode". Here is how:

 Windows 98/Me

  • Restart the computer.
  • Just after the POST diagnostics and memory count, start pressing the F8 key
  • On the Startup Menu, choose Safe Mode

OR you may use the System Configuration Utility Method.

  • While in Normal mode, Close all programs.
  • Click Start, Run and type MSCONFIG in the box and click OK
  • In the System Configuration Utility, on the General Tab,   click the Advanced Button
  • In the Advanced Troubleshooting Settings dialog box, check Enable Startup Menu. Click OK. Click OK again when the System Configuration Utility reappears.
  • You will be prompted to restart the computer. Click Yes. The computer will restart in Safe mode.
  • When you are finished with troubleshooting in Safe mode, open MSCONFIG again and uncheck "Enable Start-up Menu." under the Advanced Menu, then click OK and restart your computer

Windows 2000

  • If the computer is running, shut down Windows, and then turn off the power
  • Wait 30 seconds, and then turn the computer on.
  • When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key. The Windows 2000 Advanced Options Menu appears.
  • Ensure that the Safe mode option is selected. In most cases, it is the first item in the list and is selected by default.
  • Press Enter. The computer then begins to start in Safe mode.
  • When you are finished with all troubleshooting, close all programs and restart the computer as you normally would.

Windows XP

If Windows XP is the only operating system installed on your computer, booting into Safe Mode with these instructions.

  • If the computer is running, shut down Windows, and then turn off the power
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • When you are finished with all troubleshooting, close all programs and restart the computer as you normally would.

#4  In "safe mode", run Ad-aware, and if still needed, Spybot. If you have the "paid for" versions of these products, make sure you install the "add-ons" they have. For example, Ad-Aware has a special add-on to help remove a very nasty Trojan named VX2 (or Transponder).

#5  Reboot your system in normal mode and rerun Ad-Aware and Spybot. Hopefully you will get a clean report...

#6  Once your get a clean report, use the same System Restore procedure as above, but this time turn System Restore back on.

If This Process Does Not Take of the Problem, prepare for some more difficult work.  Because there are so many Trojan variations (with new ones showing up every day) the Trojan and anti-virus removal tools may be unable to perform automatic removal. If this is the case, we recommend the following process:

You must be fairly technical to get through the following advanced process. If you are not at all technical, you have only two other choices: 1) If you have a "paid for" removal product contact their technical support; and 2) Buying some more good removal tools and trying them (working with technical support of course) until you fix the problem. We know this is a disconcerning statement, but the fact is that THERE IS NO ONE TOOL that does it all.

The More Technical Approach  
#1  Search Google using the following search term: "hijackthis home page". You should find a site from which you can download a tool called HiJackThis.

#2  Download, install and run HiJackThis. This toll generates a report (called a log) that contains tons of information on programs (Trojans) that exist on your system. That's the good news -- the bad news is that it is not a very good removal tool.

#3  Go to a site like http://forums.majorgeeks.com/ register, log on and post your HiJackThis report (log) to a forum thread like: 
Spyware Specific 
Problems removing spyware, analyzing Hijack This! threads, etc.

#4  If your get somebody to analyze your log, they may tell you specifically what you need to do. It may be technical and difficult, but it is one good solution for the more technical person.

If all else fails, you may also be able to help on the log from a Google engineer -- they typically charge for this service, but it may be well worth the charge. From what I have seen they charge very reasonable amounts. If you decide to go this route check out: http://answers.google.com/answers/

 

A Few Things to Think About...  
It happened to you once so it's likely to happen to you again. And the next virus or Trojan could be more harmful than the last. With this in mind, we are going to repeat something we stress throughout this site:

  • Buy GOOD ANTI-VIRUS / TROJAN SOFTWARE so you get good tools AND TECHNICAL SUPPORT.
  • With this kind of software the ole saying about "you get what you pay for" is especially true!
  • Considering what a virus or Trojan can do to your system, even the best trojen/anti-virus removal and protection software systems are cheap by comparison.

Sponsored Ads 
We listened to your concerns and although the process we offer does not work in all cases, it is a good guideline for removing the nasty viruses.

Please.. 
Remove 
My Trojen  

Get Antivirus 
Protection  

 

© 2004 ATVC (Anti Virus Technical Coop). All rights reserved. Terms of Use and Disclaimer