| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 94367 | 2008-10-26 22:09:00 | trojan or virus? | k8smum (6062) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 714966 | 2008-10-26 22:09:00 | Hi Trend has reported distr[4]1.exe as a virus. Problem is, I can't delete it. Does anyone know what this is/how I can get rid of it? Thanks. |
k8smum (6062) | ||
| 714967 | 2008-10-26 22:29:00 | Disable system restore. It maybe in the SR folder/s If that file is running now, open task manager and kill its process Then delete it If that doesnt work boot into safe mode and delete it (keep system restore disabled) I would use something like trojan remover below. See if it put anything in the registry / elsewhere. Then select all options under the utilities menu in TR |
Speedy Gonzales (78) | ||
| 714968 | 2008-10-27 00:54:00 | The only bolded dates in system restore are yesterday and today - the .exe file described earlier was first identified yesterday. I am unable to select any other restore points or change the month in SR from the current (Oct). I looked at SR because I thought it might be an idea to try that first. Obviously if only yesterday/today are available there would be no point in doing that. | k8smum (6062) | ||
| 714969 | 2008-10-27 00:58:00 | So is that file still there now? If it is,right mouse on my computer on the desktop. If its there / properties / system restore. Turn SR off Kill that file's process if its running then delete the file, then reboot, then do another scan |
Speedy Gonzales (78) | ||
| 714970 | 2008-10-27 01:02:00 | So far I've done nothing other than look at SR. As I said, there are no restore points before yesterday so I figure if the file arrived on my PC yesterday there's no point in doing SR to the same date the PC was infected. | k8smum (6062) | ||
| 714971 | 2008-10-27 01:04:00 | Don't run system restore- disable it | Blam (54) | ||
| 714972 | 2008-10-27 01:07:00 | Yup I'm talking about disabling it, not running it, or going back to a previous date | Speedy Gonzales (78) | ||
| 714973 | 2008-10-27 01:08:00 | It's disabled. Have run PC in safe mode. I can't locate the dist[4]1.exe file to delete it. What now? | k8smum (6062) | ||
| 714974 | 2008-10-27 01:12:00 | If SR is still disabled boot into normal windows and do another scan. If it cant be found disabling SR probably removed it. If it was in the system restore folder Did the previous scan, when it was picked up, tell you WHERE it was?? If it did go to the folder, and see if its still there |
Speedy Gonzales (78) | ||
| 714975 | 2008-10-27 03:09:00 | Trend reported the file in temporary Internet Files\...\Local Sett... wth the rest of the path truncated. The file is called distr4[1].exe not distr[4]1.exe as reported in earlier message. | k8smum (6062) | ||
| 1 2 3 | |||||