how to remove a trojan


  #1  
Old 04-03-10, 05:12 PM
S
Member
Thread Starter
Join Date: Jul 2006
Location: USA
Posts: 163
Received 0 Votes on 0 Posts
how to remove a trojan

My neighbor got a computer from his mother in law that has a problem, he was only going to take ram out for his own computer but not the same type. So I said maybe I could redo this one for him instead cause its newer an going to be faster. The problem it has is worm.win32.netsky, when you start it screen just stays black, i can get it to start in safe mode but i need to get it gone . I downloaded avg it ran in safe mode not sure if it removed it, this comp is full of junk. Can I run my recovery disks I created from my hp into that comp it is a acer aspire m1100 with vista.
 
  #2  
Old 04-04-10, 05:36 AM
R
Member
Join Date: Apr 2007
Location: Near Buffalo, NY
Posts: 4,233
Received 1 Vote on 1 Post
A low-level format of the hard drive and reinstall of the operating system is probably the best bet. Do you have the original program CDs that came with it?
 
  #3  
Old 04-04-10, 05:51 AM
S
Member
Thread Starter
Join Date: Jul 2006
Location: USA
Posts: 163
Received 0 Votes on 0 Posts
I will check to see if she ever made them. If not is there any way to get around it.
 
  #4  
Old 04-04-10, 06:28 AM
the_tow_guy's Avatar
Group Moderator
Join Date: Feb 2001
Location: SW Fla USA
Posts: 12,019
Received 67 Votes on 56 Posts
Try Googling "worm.win32.netsky removal", you may find a solution like shown here:

Worm.Win32.Netsky Removal Process - PCHubs.com

Just be aware that some of the "help" will be come-ons to purchase commercial removal products, but I think you will be able to find free removal help with a little research.
 
  #5  
Old 04-05-10, 04:04 AM
R
Member
Join Date: Apr 2007
Location: Near Buffalo, NY
Posts: 4,233
Received 1 Vote on 1 Post
Even then ... a machine that's "full of junk" will never run the same as a fresh install. Besides, I wouldn't want someone else's old stuff hanging around on my new computer.
 
  #6  
Old 04-05-10, 04:14 AM
the_tow_guy's Avatar
Group Moderator
Join Date: Feb 2001
Location: SW Fla USA
Posts: 12,019
Received 67 Votes on 56 Posts
Agreed; I missed that line about "junk".
 
  #7  
Old 04-05-10, 04:13 PM
S
Member
Thread Starter
Join Date: Jul 2006
Location: USA
Posts: 163
Received 0 Votes on 0 Posts
When I mean junk it just that she download what seem to be anything and everything, I think she one over those belivers that thinks all is true so she clicks it.
 
  #8  
Old 04-05-10, 09:01 PM
the_tow_guy's Avatar
Group Moderator
Join Date: Feb 2001
Location: SW Fla USA
Posts: 12,019
Received 67 Votes on 56 Posts
That being the case, nothing ventured nothing gained on the trojan issue; might as well try to get it out and see what happesn from there.
 
  #9  
Old 04-07-10, 03:34 AM
S
Member
Thread Starter
Join Date: Jul 2006
Location: USA
Posts: 163
Received 0 Votes on 0 Posts
Can any of this be done through safe mode the main regular screen wont come up it stays black, if so which safe mode can i go use?
 
  #10  
Old 04-07-10, 04:34 AM
the_tow_guy's Avatar
Group Moderator
Join Date: Feb 2001
Location: SW Fla USA
Posts: 12,019
Received 67 Votes on 56 Posts
Probably any mode that will get you to the desktop; probably just have to use trial & error.
 
  #11  
Old 04-08-10, 02:29 PM
ek_skotous's Avatar
Member
Join Date: Apr 2010
Posts: 3
Received 0 Votes on 0 Posts
Trojan Removel

I do computer support for a living and have dealt with Nesky before. Although I don't off hand remember the exact nature of its infection I do recall it being one of the nastier ones out there.

That said these types of infections can almost always be removed without resorting to a format and reload of windows

The first problem with most viruses/malware is that they place themselves into several places on the system (usually within the Windows Registry) so that they will automatically run when the computer boots up in normal mode.

Once they are running they will often self replicate (often using random files names) so they can be very hard to remove. Even some of the best commercial anti-virus programs can have trouble getting rid of an active infection

One of the best ways to be able to remove such an infection is to boot the system into "safe mode" by pressing F8 while the system is booting and choosing "safe mode" from the startup menu. "Safe mode" intentionally bypasses most of what would otherwise automatically start and can thus prevent the virus/malware from starting up as soon as the computer is booted

Once in safe mode the entries that are launching the virus/malware each time the system boots in normal mode can then be removed. Because the virus is not running you can also delete the actual virus files while you are in safe mode (in normal mode these files are often in use and can't be deleted)

Its often help to have a good clean PC you can use to research things while working to clean up the broken PC.

Running a full scan with a good Anti-virus or AntiSpyware program from safe mode can often help remove the infection. I personally use AVG on my home PC for viruses and also recommend the free version of LavaSoft AdAware and the free Safer Networking program called "Spybot Search and Destroy"

You just have to be carefully when searching for these programs as there are LOTS of fake Anti-virus and AntiSpyware (Malware) programs out there that try to imitate the good free tools and will give you fake results to try to entice you into buying their program

Another great free tool is something called HiJackThis.EXE
With that tool you have to run a report and then post the report in one of several PC specific bulletin ports to get guidance on what to remove with the tool. If you search for HiJackThis.EXE you will see lots of examples of posted reports and some sites on which many experienced PC support individuals will post exceptions.

Basically any of these tools can help find the places the virus/malware is using to launch itself when the PC boots into normal mode. Once those entries are cleaned up the virus wont be running in memory on the PC and then then a full scan of the system will usually be able to locate and delete any virus files.

You can also try searching a commercial anti-virus site like Symantec.com. They have information about most known viruses along with manual removal instructions for those viruses. If you are an experienced PC user the manual instructions can be very helpful. They sometimes even offer a free removal tool for some of the more common viruses.

In fact, here is a page I found with instructions and a link for a free Nesky removal tool from Symantec

W32.Netsky@mm Removal Tool | Symantec
 
  #12  
Old 04-12-10, 04:09 PM
S
Member
Thread Starter
Join Date: Jul 2006
Location: USA
Posts: 163
Received 0 Votes on 0 Posts
I downloaded malwarebytes an ran that in safe mode an it seems to be gone. I also installed AVG, an spybot, it seems to be working good. I gave it back to ny neighbor an so good so far.
 
 

Thread Tools
Search this Thread
 
Ask a Question
Question Title:
Description:
Your question will be posted in: