Sign in with
Sign up | Sign in
Your question

Trojan Infection

Last response: in Windows XP
Share
Anonymous
April 2, 2005 12:29:03 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I ran all of the step-by-steps to try to delete a trojan infection, but
nothing has worked so far.

Supposedly the infection is in C:windows\dlm.html

How do I delete this, clean it up, etc.

I've been running circles for hours trying to find the right help area but
have not had any luck

Please help

More about : trojan infection

April 2, 2005 1:03:38 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

srnewman wrote:

> I ran all of the step-by-steps to try to delete a trojan infection,
> but nothing has worked so far.
>
> Supposedly the infection is in C:windows\dlm.html
>
> How do I delete this, clean it up, etc.
>
> I've been running circles for hours trying to find the right help area
> but have not had any luck
>
> Please help

Unfortunately, since you didn't tell us what all of the "step-by-steps"
you performed, there is no way to guess what you've done and how you've
done it. Start by running TrendMicro's Sysclean in Safe Mode.

TrendMicro's Sysclean is an extensive antivirus tool which has the
advantage of not needing to be installed. It requires two parts - the
scanning engine and the virus pattern files. Delete all Temporary and
Temporary Internet Files before running the program. For a more
automatic method, you can try Dave Lipman's Sysclean_FE from:
http://www.ik-cs.com/got-a-virus.htm

1. Create a new folder on your Desktop or the C: drive named something
useful like "Sysclean".
2. Go here and download the two parts of the program to that folder:

http://www.trendmicro.com/download/dcs.asp - Sysclean
http://www.trendmicro.com/download/pattern.asp - virus pattern files

The pattern files will be zipped - extract them with your unzipper (like
WinZip) or if you have XP, you can just open the folder. You need to
put the extracted files in the Sysclean folder you made.

3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
tapping the F8 key as the computer is starting up to get to the proper
menu.
4. Go to the Sysclean folder you made and double-click on sysclean.com.
Start the scan. After the scan is finished, look at the log. You may
need to make a note of where any viruses were found if they were not
able to be removed so you can manually delete them.

After you have scanned with Sysclean, update your full-featured
antivirus (if you do not have one installed, get one, install it, then
update it) and do a thorough scan in Safe Mode.

Malke
--
MS MVP - Windows Shell/User
www.elephantboycomputers.com
In Memoriam - MVP Alex Nichol
The world is diminished without him.
Anonymous
April 2, 2005 4:07:13 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "srnewman" <srnewman@discussions.microsoft.com>

| I ran all of the step-by-steps to try to delete a trojan infection, but
| nothing has worked so far.
|
| Supposedly the infection is in C:windows\dlm.html
|
| How do I delete this, clean it up, etc.
|
| I've been running circles for hours trying to find the right help area but
| have not had any luck
|
| Please help

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus


You don't mention what Trojan. You don't mention what steps were take. You don't mention
what software.

Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Trend Sysclean Method 1
---------------------------------------
Create a directory.
On drive "C:\"
(e.g., "c:\sysclean")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt530.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

Trend Sysclean Method 2
---------------------------------------
The utility SYSCLEAN_FE in "Procedure 1" at the following URL
http://www.ik-cs.com/got-a-virus.htm automates the download and execution process of the
Trend Sysclean Package.

2) Update Ad-aware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
4) Reboot your PC into Safe Mode and shutdown as many applications as possible
5) Using both the Trend Sysclean utility and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point

* * Please report back your results ! * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Related resources
Anonymous
April 6, 2005 11:47:04 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi,
I read your reply with interest - I also think that I may have a similar
problem.
I did as you said, created the folder on C/, downloaded the two files from
Trend and put them in the folder, unzipped the vp files into the same folder,
restarted in safe mode and clicked on sysclean.com. Result - my screen went
black for a couple of milliseconds but nothing happened. No scan, no report,
nothing!!!
What an I doing wrong? I have WinXP home and was connected to the net when i
ran the program.
Thanks in advance for any light that you can shed on my problem.
Peebs

"Malke" wrote:

> srnewman wrote:
>
> > I ran all of the step-by-steps to try to delete a trojan infection,
> > but nothing has worked so far.
> >
> > Supposedly the infection is in C:windows\dlm.html
> >
> > How do I delete this, clean it up, etc.
> >
> > I've been running circles for hours trying to find the right help area
> > but have not had any luck
> >
> > Please help
>
> Unfortunately, since you didn't tell us what all of the "step-by-steps"
> you performed, there is no way to guess what you've done and how you've
> done it. Start by running TrendMicro's Sysclean in Safe Mode.
>
> TrendMicro's Sysclean is an extensive antivirus tool which has the
> advantage of not needing to be installed. It requires two parts - the
> scanning engine and the virus pattern files. Delete all Temporary and
> Temporary Internet Files before running the program. For a more
> automatic method, you can try Dave Lipman's Sysclean_FE from:
> http://www.ik-cs.com/got-a-virus.htm
>
> 1. Create a new folder on your Desktop or the C: drive named something
> useful like "Sysclean".
> 2. Go here and download the two parts of the program to that folder:
>
> http://www.trendmicro.com/download/dcs.asp - Sysclean
> http://www.trendmicro.com/download/pattern.asp - virus pattern files
>
> The pattern files will be zipped - extract them with your unzipper (like
> WinZip) or if you have XP, you can just open the folder. You need to
> put the extracted files in the Sysclean folder you made.
>
> 3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
> tapping the F8 key as the computer is starting up to get to the proper
> menu.
> 4. Go to the Sysclean folder you made and double-click on sysclean.com.
> Start the scan. After the scan is finished, look at the log. You may
> need to make a note of where any viruses were found if they were not
> able to be removed so you can manually delete them.
>
> After you have scanned with Sysclean, update your full-featured
> antivirus (if you do not have one installed, get one, install it, then
> update it) and do a thorough scan in Safe Mode.
>
> Malke
> --
> MS MVP - Windows Shell/User
> www.elephantboycomputers.com
> In Memoriam - MVP Alex Nichol
> The world is diminished without him.
>
Anonymous
April 7, 2005 3:25:40 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "Peebs" <Peebs@discussions.microsoft.com>

| Hi,
| I read your reply with interest - I also think that I may have a similar
| problem.
| I did as you said, created the folder on C/, downloaded the two files from
| Trend and put them in the folder, unzipped the vp files into the same folder,
| restarted in safe mode and clicked on sysclean.com. Result - my screen went
| black for a couple of milliseconds but nothing happened. No scan, no report,
| nothing!!!
| What an I doing wrong? I have WinXP home and was connected to the net when i
| ran the program.
| Thanks in advance for any light that you can shed on my problem.
| Peebs

Peebs:

Download the Sysclean Front End utility ( SYSCLEAN_FE ) at the following URL, SYSCLEAN_FE
automates the download and execution process of the Trend Sysclean Package.
http://www.ik-cs.com/got-a-virus.htm

Direct URL:
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

Execute; SYSCLEAN_FE.EXE
Choose; Unzip
Choose; Close

There is a PDF file that will be placed in c:\sysclean to assist you.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Anonymous
April 7, 2005 6:39:06 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

David, many thanks for your quick response.
I did as you suggested, downloaded sysclean.fe, unzipped it into the
c:/sysclean folder. I followed the pdf file and executed the sysclean_fe.exe
from the sysclean folder. Ithen got a box saying something abot downloading
files and then got a black dos screen with an error message saying something
like vp files cannot be opened to read. The screen dissapeared very qickly
and that was that.
What am I doing wrong???
Regards,
Peebs

"David H. Lipman" wrote:

> From: "Peebs" <Peebs@discussions.microsoft.com>
>
> | Hi,
> | I read your reply with interest - I also think that I may have a similar
> | problem.
> | I did as you said, created the folder on C/, downloaded the two files from
> | Trend and put them in the folder, unzipped the vp files into the same folder,
> | restarted in safe mode and clicked on sysclean.com. Result - my screen went
> | black for a couple of milliseconds but nothing happened. No scan, no report,
> | nothing!!!
> | What an I doing wrong? I have WinXP home and was connected to the net when i
> | ran the program.
> | Thanks in advance for any light that you can shed on my problem.
> | Peebs
>
> Peebs:
>
> Download the Sysclean Front End utility ( SYSCLEAN_FE ) at the following URL, SYSCLEAN_FE
> automates the download and execution process of the Trend Sysclean Package.
> http://www.ik-cs.com/got-a-virus.htm
>
> Direct URL:
> http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe
>
> Execute; SYSCLEAN_FE.EXE
> Choose; Unzip
> Choose; Close
>
> There is a PDF file that will be placed in c:\sysclean to assist you.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
Anonymous
April 7, 2005 12:40:44 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "Peebs" <Peebs@discussions.microsoft.com>

| David, many thanks for your quick response.
| I did as you suggested, downloaded sysclean.fe, unzipped it into the
| c:/sysclean folder. I followed the pdf file and executed the sysclean_fe.exe
| from the sysclean folder. Ithen got a box saying something abot downloading
| files and then got a black dos screen with an error message saying something
| like vp files cannot be opened to read. The screen dissapeared very qickly
| and that was that.
| What am I doing wrong???
| Regards,
| Peebs


Peebs:

Make sure you logon as the ADMINISTRATOR or with an account with administrative rights.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Anonymous
April 7, 2005 1:35:01 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi dave,
Yep, I am signed on as an administrator. Still can't get passed the error
message.
Any further suggestions?
Many thanks,
Peebs

"David H. Lipman" wrote:

> From: "Peebs" <Peebs@discussions.microsoft.com>
>
> | David, many thanks for your quick response.
> | I did as you suggested, downloaded sysclean.fe, unzipped it into the
> | c:/sysclean folder. I followed the pdf file and executed the sysclean_fe.exe
> | from the sysclean folder. Ithen got a box saying something abot downloading
> | files and then got a black dos screen with an error message saying something
> | like vp files cannot be opened to read. The screen dissapeared very qickly
> | and that was that.
> | What am I doing wrong???
> | Regards,
> | Peebs
>
>
> Peebs:
>
> Make sure you logon as the ADMINISTRATOR or with an account with administrative rights.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
Anonymous
April 7, 2005 5:55:27 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "Peebs" <Peebs@discussions.microsoft.com>

| Hi dave,
| Yep, I am signed on as an administrator. Still can't get passed the error
| message.
| Any further suggestions?
| Many thanks,
| Peebs
|

Please captture the error message and paste the text in your reply or email me with a screen
capture of the error message.
Just remove ~nospam~.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Anonymous
April 8, 2005 4:53:05 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Good morrnig David,
i ran the prog again in Safe mode.
I get a screen that says "Downloading Trend Micro System File ............."
This dissappears in about 5 secs and is replaced bya black DOS type screen
that says "Sysclean\Pattern.xt not opened for READ, error code[0]".
This also dissappears after a few seconds - too quick to paste but i ran it
several times and copied what it said.
Sorry, but what did you mean when you said "Just remove 'no spam'"?
Hope this helps.
Regards,
Peebs

"David H. Lipman" wrote:

> From: "Peebs" <Peebs@discussions.microsoft.com>
>
> | Hi dave,
> | Yep, I am signed on as an administrator. Still can't get passed the error
> | message.
> | Any further suggestions?
> | Many thanks,
> | Peebs
> |
>
> Please captture the error message and paste the text in your reply or email me with a screen
> capture of the error message.
> Just remove ~nospam~.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
Anonymous
April 8, 2005 8:20:13 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "Peebs" <Peebs@discussions.microsoft.com>

| Good morrnig David,
| i ran the prog again in Safe mode.
| I get a screen that says "Downloading Trend Micro System File ............."
| This dissappears in about 5 secs and is replaced bya black DOS type screen
| that says "Sysclean\Pattern.xt not opened for READ, error code[0]".
| This also dissappears after a few seconds - too quick to paste but i ran it
| several times and copied what it said.
| Sorry, but what did you mean when you said "Just remove 'no spam'"?
| Hope this helps.
| Regards,
| Peebs


The objective is to perform the download in Normal Mode and run SYSCLEAN.COM in Safe Mode.

Otherwise you have to choose Safe Mode with Networking.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Anonymous
April 9, 2005 5:07:03 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi David,
Tried doing it in normal mode, got exactly the same error message. When i
tried to close the black dos type screen with the error message it restarted
my computer!!!
Any ideas??
Peter

"David H. Lipman" wrote:

> From: "Peebs" <Peebs@discussions.microsoft.com>
>
> | Good morrnig David,
> | i ran the prog again in Safe mode.
> | I get a screen that says "Downloading Trend Micro System File ............."
> | This dissappears in about 5 secs and is replaced bya black DOS type screen
> | that says "Sysclean\Pattern.xt not opened for READ, error code[0]".
> | This also dissappears after a few seconds - too quick to paste but i ran it
> | several times and copied what it said.
> | Sorry, but what did you mean when you said "Just remove 'no spam'"?
> | Hope this helps.
> | Regards,
> | Peebs
>
>
> The objective is to perform the download in Normal Mode and run SYSCLEAN.COM in Safe Mode.
>
> Otherwise you have to choose Safe Mode with Networking.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
Anonymous
April 9, 2005 2:02:48 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "Peebs" <Peebs@discussions.microsoft.com>

| Hi David,
| Tried doing it in normal mode, got exactly the same error message. When i
| tried to close the black dos type screen with the error message it restarted
| my computer!!!
| Any ideas??
| Peter


No, it is totally abnormal and could be indicative of greater problems with the computer.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Anonymous
April 9, 2005 4:03:01 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi David,
Let me give you a bit more background on this situation.
I have WinXP home and NIS Prof which i keep absolutely up to date. I also
Have Adaware v6.0 and the new beta version of MS anti spyware which is also
current.
Up until 2 months ago I had ADSL but following a move I have to fall back to
dial up usinf a 3com US Robotics 56k Message Plus modem. I had problems with
the modem and so bought a PEABIRD v92 usb MODEM which is not digitally signed
and has been a PITA ever since. It works OK when first initialised but a few
hours later when asked to connect goes to "Opening Port"and hangs my system.
Only way out is a complete disconnevt and restart.
This was the environment that I was using to try the Trend sweep.
As of today I have reinstalled my old USR modem which seems now to work OK
and to be much more stable - it seems to connect no matter how long I leave
it.
With the USR modem set-up I just tried to re-connect to Trend and still got
the same error message. Obviously something is still wrong.
My scans by NAV, AdAware 6.0 and the beta version of MS Spyware all return
nothing found but my system seems to be slow. I use the Norton Firewall and
have disabled the WinXP firewall.
Based on the above do you have any ideas?
Peebs
"David H. Lipman" wrote:

> From: "Peebs" <Peebs@discussions.microsoft.com>
>
> | Hi David,
> | Tried doing it in normal mode, got exactly the same error message. When i
> | tried to close the black dos type screen with the error message it restarted
> | my computer!!!
> | Any ideas??
> | Peter
>
>
> No, it is totally abnormal and could be indicative of greater problems with the computer.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
Anonymous
April 9, 2005 7:39:52 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "Peebs" <Peebs@discussions.microsoft.com>

| Hi David,
| Let me give you a bit more background on this situation.
| I have WinXP home and NIS Prof which i keep absolutely up to date. I also
| Have Adaware v6.0 and the new beta version of MS anti spyware which is also
| current.
| Up until 2 months ago I had ADSL but following a move I have to fall back to
| dial up usinf a 3com US Robotics 56k Message Plus modem. I had problems with
| the modem and so bought a PEABIRD v92 usb MODEM which is not digitally signed
| and has been a PITA ever since. It works OK when first initialised but a few
| hours later when asked to connect goes to "Opening Port"and hangs my system.
| Only way out is a complete disconnevt and restart.
| This was the environment that I was using to try the Trend sweep.
| As of today I have reinstalled my old USR modem which seems now to work OK
| and to be much more stable - it seems to connect no matter how long I leave
| it.
| With the USR modem set-up I just tried to re-connect to Trend and still got
| the same error message. Obviously something is still wrong.
| My scans by NAV, AdAware 6.0 and the beta version of MS Spyware all return
| nothing found but my system seems to be slow. I use the Norton Firewall and
| have disabled the WinXP firewall.
| Based on the above do you have any ideas?
| Peebs

Ad-aware6 is no longer supported nor updated. It has been superceded by Ad-aware SE v1.05

Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
!