recurring Trojan Horse

Toggle sidebar Toggle sidebar
S

smokeykent

Distinguished
Nov 27, 2011
3
0
18,510
there is a folder in my users/name/appdata/local called jyms jzba. Everytime I use my computer there is several trojan horse files in one of the cache folders. It is quarantined by Microsoft essentials. I tried to delete it could not because file in use. what is going on?
 
Solution
tigsounds
Go HERE, download the tool, run it and be done with that problem.

This program does not get installed in your computer, it just runs. To use it again, just re-launch the same downloaded file.
Sort by date Sort by votes
smorizio

smorizio

Titan
Jan 22, 2010
30,984
9
125,315
you may have to turn off windows backup to stop it from remaking your files in your user folder or boot into safe mode to remove it. i would also go to one of the big anti virus comp and download from a clean pc there virus recovery iso. boot from there usb iso stick and do an virus scan.
 
Upvote 0 Downvote
koolkid

koolkid

Reputable
Apr 25, 2014
7
0
4,510
I may not have the perfect answer, but it worked for me. I had a persistent recurring Trojan, that would reappear and reinfect my Windows on every restart. I ran software by Hitman Pro, McAfee and Malwarebytes, which quarantined the Trojan, but the virus kept coming back. My Trojan was also in users/name/appdata/local. Time to think outside the square.

Method 1. Using your Windows setup, I use Windows 8.1
Run Windows setup, but do not install. Select "Repair your computer". From "Choose an Option", select "Troubleshoot". Select "Advanced options", then "Command Prompt". You will be presented with cmd, Administrator:X:\windows\SYSTEM32\cmd.exe. In X:\Sources>, enter c: enter.
I found, trying to delete the Trojan folder or name did not work, but renaming the folder or Trojan name did work.
For this example, I will call the virus folder or name, "trojan". Note: space in description means keyboard space.
Type "cd space users", enter, to create users directory. Then "cd space name", then "cd space appdata", then "cd space local".
You should now see on line, "users\name\appdata\local".
Then type "rename space trojanname space anyname" (you pick). You may be presented with error, "The system cannot find the path specified".
Then type "dir" and enter. Under users directory, your Trojan name will be gone and now be called the new folder or file name you renamed.
Exit and reboot into Windows and with luck, you should now be able to delete the renamed Trojan file from the user directory.

If you have a persistent Trojan, it may come back. If it can't be deleted, then try my Method 2.

Method 2. I only use Windows 8, but should also work with Windows 10.
Go to search and type "signin", then select "add, delete and manage other user accounts". This method worked for me, because I only had my name and guest as Window logins. If this is the case for you, just create a user account as "Administrator". Windows will now create a new login. This will bypass your old "users/name/appdata/local" and now boot to "users/administrator/appdata/local and viruses will no longer appear under local directory. As "Administrator". you should be able to delete any viruses manually from the old name\local directory. If any viruses do reappear, I have manually deleted them under Administrator. When infected, I had over 120 viruses. Malware Bytes now only finds 1 or 2 on every scan.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom