Identifying a trojan.

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hey there, I have a "trojan" (I think) on my system. Found that in the
system32 folder there is a file, keeps renaming itself stuff like oeookg.exe,
idogga.exe, ofrcrn.exe, bukpuge.exe... etc. Everytime I delete the process,
it comes back as another process and re-names the file. I have tried deleting
it in safe mode but the file still says in use. I have installed Symantec
Corporate 9.0, but it doesn't pick it up. If anyone knows of a way to remove
this, or a fix, please let me know. Thanks a lot for your help! Sincerely,
Geoffrey.
11 answers Last reply
More about identifying trojan
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Geoffrey" <Geoffrey@discussions.microsoft.com>

    | Hey there, I have a "trojan" (I think) on my system. Found that in the
    | system32 folder there is a file, keeps renaming itself stuff like oeookg.exe,
    | idogga.exe, ofrcrn.exe, bukpuge.exe... etc. Everytime I delete the process,
    | it comes back as another process and re-names the file. I have tried deleting
    | it in safe mode but the file still says in use. I have installed Symantec
    | Corporate 9.0, but it doesn't pick it up. If anyone knows of a way to remove
    | this, or a fix, please let me know. Thanks a lot for your help! Sincerely,
    | Geoffrey.

    Please submit a sample EXE file to Virus Total --
    http://www.virustotal.com/flash/index_en.html
    The submission will then be tested against 18 different AV vendor's scanners.

    Another way to submit is to send the suspect file to the following email address
    scan<at>virustotal.com
    { replace <at> with @ } with only the word SCAN as the subject.
    Then you will know what you are really deakling with if it is n ot detected by your Symantec
    software.

    Please post back the EXACT results.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Geoffrey" <Geoffrey@discussions.microsoft.com> wrote:

    >Hey there, I have a "trojan" (I think) on my system. Found that in the
    >system32 folder there is a file, keeps renaming itself stuff like oeookg.exe,
    >idogga.exe, ofrcrn.exe, bukpuge.exe... etc. Everytime I delete the process,
    >it comes back as another process and re-names the file. I have tried deleting
    >it in safe mode but the file still says in use. I have installed Symantec
    >Corporate 9.0, but it doesn't pick it up. If anyone knows of a way to remove
    >this, or a fix, please let me know. Thanks a lot for your help! Sincerely,
    >Geoffrey.

    Norton/Symantec is a mediocre antivirus program with minimal
    spyware/trojan protection capability.

    Get the free Microsoft Antispyware beta from
    http://download.microsoft.com and let it scan the computer.

    Follow this up with AdAware (free) from www.lavasoft.de and SpyBot
    Search & Destroy from http://www.safer-networking.org/

    Good luck


    Ron Martell Duncan B.C. Canada
    --
    Microsoft MVP
    On-Line Help Computer Service
    http://onlinehelp.bc.ca

    In memory of a dear friend Alex Nichol MVP
    http://aumha.org/alex.htm
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Just for the record, there are many in the community who do not feel that
    Norton Antivirus is a mediocre product. At any rate, what you have is not a
    virus, but a Trojan, and best dealt with in the manner that Ron suggested.

    Bobby

    "Ron Martell" <ron.martell@gmail.com> wrote in message
    news:1fvra15eee0q661i3s1fkontu043h6ft2p@4ax.com...
    > "Geoffrey" <Geoffrey@discussions.microsoft.com> wrote:
    >
    >>Hey there, I have a "trojan" (I think) on my system. Found that in the
    >>system32 folder there is a file, keeps renaming itself stuff like
    >>oeookg.exe,
    >>idogga.exe, ofrcrn.exe, bukpuge.exe... etc. Everytime I delete the
    >>process,
    >>it comes back as another process and re-names the file. I have tried
    >>deleting
    >>it in safe mode but the file still says in use. I have installed Symantec
    >>Corporate 9.0, but it doesn't pick it up. If anyone knows of a way to
    >>remove
    >>this, or a fix, please let me know. Thanks a lot for your help! Sincerely,
    >>Geoffrey.
    >
    > Norton/Symantec is a mediocre antivirus program with minimal
    > spyware/trojan protection capability.
    >
    > Get the free Microsoft Antispyware beta from
    > http://download.microsoft.com and let it scan the computer.
    >
    > Follow this up with AdAware (free) from www.lavasoft.de and SpyBot
    > Search & Destroy from http://www.safer-networking.org/
    >
    > Good luck
    >
    >
    > Ron Martell Duncan B.C. Canada
    > --
    > Microsoft MVP
    > On-Line Help Computer Service
    > http://onlinehelp.bc.ca
    >
    > In memory of a dear friend Alex Nichol MVP
    > http://aumha.org/alex.htm
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hey there, I have tried that link, it was useful on clearing up some of the
    problems with my pc, but I still have that one file in my system32 folder,
    that runs as a process, and can't be deleted, even in safe mode. I have
    installed, updated and ran; S&D, adaware, Microsoft, Scanned it with my
    Symantec Corporate Edition 9.0 (which I like very much). But it is still not
    removing this file. The file is 82KB, application, that will change names as
    I delete the process. Any other ideas? Thanks for your ideas! -Geoffrey.

    "David H. Lipman" wrote:

    > From: "Geoffrey" <Geoffrey@discussions.microsoft.com>
    >
    > | Hey there, I have a "trojan" (I think) on my system. Found that in the
    > | system32 folder there is a file, keeps renaming itself stuff like oeookg.exe,
    > | idogga.exe, ofrcrn.exe, bukpuge.exe... etc. Everytime I delete the process,
    > | it comes back as another process and re-names the file. I have tried deleting
    > | it in safe mode but the file still says in use. I have installed Symantec
    > | Corporate 9.0, but it doesn't pick it up. If anyone knows of a way to remove
    > | this, or a fix, please let me know. Thanks a lot for your help! Sincerely,
    > | Geoffrey.
    >
    > Please submit a sample EXE file to Virus Total --
    > http://www.virustotal.com/flash/index_en.html
    > The submission will then be tested against 18 different AV vendor's scanners.
    >
    > Another way to submit is to send the suspect file to the following email address
    > scan<at>virustotal.com
    > { replace <at> with @ } with only the word SCAN as the subject.
    > Then you will know what you are really deakling with if it is n ot detected by your Symantec
    > software.
    >
    > Please post back the EXACT results.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Have figured out that it is the ABetterInternet trojan running on my system.
    Aurora. Now I just have to figure out how to remove it, cause my programs are
    not. Thanks again for your help. Sincerely, Geoffrey.

    "Geoffrey" wrote:

    > Hey there, I have tried that link, it was useful on clearing up some of the
    > problems with my pc, but I still have that one file in my system32 folder,
    > that runs as a process, and can't be deleted, even in safe mode. I have
    > installed, updated and ran; S&D, adaware, Microsoft, Scanned it with my
    > Symantec Corporate Edition 9.0 (which I like very much). But it is still not
    > removing this file. The file is 82KB, application, that will change names as
    > I delete the process. Any other ideas? Thanks for your ideas! -Geoffrey.
    >
    > "David H. Lipman" wrote:
    >
    > > From: "Geoffrey" <Geoffrey@discussions.microsoft.com>
    > >
    > > | Hey there, I have a "trojan" (I think) on my system. Found that in the
    > > | system32 folder there is a file, keeps renaming itself stuff like oeookg.exe,
    > > | idogga.exe, ofrcrn.exe, bukpuge.exe... etc. Everytime I delete the process,
    > > | it comes back as another process and re-names the file. I have tried deleting
    > > | it in safe mode but the file still says in use. I have installed Symantec
    > > | Corporate 9.0, but it doesn't pick it up. If anyone knows of a way to remove
    > > | this, or a fix, please let me know. Thanks a lot for your help! Sincerely,
    > > | Geoffrey.
    > >
    > > Please submit a sample EXE file to Virus Total --
    > > http://www.virustotal.com/flash/index_en.html
    > > The submission will then be tested against 18 different AV vendor's scanners.
    > >
    > > Another way to submit is to send the suspect file to the following email address
    > > scan<at>virustotal.com
    > > { replace <at> with @ } with only the word SCAN as the subject.
    > > Then you will know what you are really deakling with if it is n ot detected by your Symantec
    > > software.
    > >
    > > Please post back the EXACT results.
    > >
    > > --
    > > Dave
    > > http://www.claymania.com/removal-trojan-adware.html
    > > http://www.ik-cs.com/got-a-virus.htm
    > >
    > >
    > >
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Geoffrey" <Geoffrey@discussions.microsoft.com>

    | Hey there, I have tried that link, it was useful on clearing up some of the
    | problems with my pc, but I still have that one file in my system32 folder,
    | that runs as a process, and can't be deleted, even in safe mode. I have
    | installed, updated and ran; S&D, adaware, Microsoft, Scanned it with my
    | Symantec Corporate Edition 9.0 (which I like very much). But it is still not
    | removing this file. The file is 82KB, application, that will change names as
    | I delete the process. Any other ideas? Thanks for your ideas! -Geoffrey.
    |

    Download Pocket KillBox
    http://www.bleepingcomputer.com/files/spyware/KillBox.zip

    Extract killbox.exe from the ZIP file.
    Execute; KillBox.exe

    Click on Tools --> Select; Delete Temp Files.

    Choose; OK

    In the Full Path of File to Delete box, type the entire fully qualifed path exactly

    C:\Windows\system32\filename.exe

    Select; Replace on Reboot

    put a check in the box "Use Dummy"

    Click The Red circle and a white X

    When prompted to Replace on Reboot, click YES

    If prompted to Reboot Now, Click YES

    Allow the PC to shutdown and reboot

    Re-scan with the anti malware tool that detects 'A Better Internet.'

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi Everyone,

    While I am new to google groups, I am a PC veteren with over 20 yrs
    experience. I've just come across the same 82k file in the ..\system32
    folder. The symptoms are the same. The filename is random and can't
    be deleted unless you end the process that file starts. Once you use
    the task manager to kill the process, the 82k file renames itself and
    start a new process.

    Note the file is always 82k and always in the system32 folder. The
    process too keeps renaming itself. The time stamp also changes
    randomly. This is the nastiest virus I've ever come across. I blew
    three hours trying to remove it. I ended up reformatting the C: drive
    (I always keep data on the D: partition)

    Other facts:
    - safe mode didn't help
    - the latest AdAware (1.06), Spybot (1.4) and Microsoft tools all
    detect it, but none can remove it, it always comes back
    - I tried disabling it in the startup control panel, no use, it comes
    back
    - I used several tools to 'delete on reboot', but it comes back
    - I even tried unplugging the A/C thinking it may rename itself on
    power down, still comes back
    - I checked the boot.ini and win.in file, nothing
    - norton finds it but can't fix, quarantine or delete it

    It must have a sister process/virus working in tandem. I suspect is
    works something like:
    say you have trojan A and B, everything ID's it, but when you kill A,
    B recreates it as C, then when you delete B, C recreates it as D and
    the lopp goes on.

    I've traced it to variants of VX2, abetterinternet, auroa and all
    research shows it is a bitch to remove.

    Even SAFE mode showed the expected 12 processes but I can't seem to
    trace the source of the reinfection.

    If anyone has more info, please email me directly

    Thanks


    Richard
    richard@compunetics.ca
  8. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "RickMtl" <richard@compunetics.ca>

    | Hi Everyone,
    |
    | While I am new to google groups, I am a PC veteren with over 20 yrs
    | experience. I've just come across the same 82k file in the ..\system32
    | folder. The symptoms are the same. The filename is random and can't
    | be deleted unless you end the process that file starts. Once you use
    | the task manager to kill the process, the 82k file renames itself and
    | start a new process.
    |
    | Note the file is always 82k and always in the system32 folder. The
    | process too keeps renaming itself. The time stamp also changes
    | randomly. This is the nastiest virus I've ever come across. I blew
    | three hours trying to remove it. I ended up reformatting the C: drive
    | (I always keep data on the D: partition)
    |
    | Other facts:
    | - safe mode didn't help
    | - the latest AdAware (1.06), Spybot (1.4) and Microsoft tools all
    | detect it, but none can remove it, it always comes back
    | - I tried disabling it in the startup control panel, no use, it comes
    | back
    | - I used several tools to 'delete on reboot', but it comes back
    | - I even tried unplugging the A/C thinking it may rename itself on
    | power down, still comes back
    | - I checked the boot.ini and win.in file, nothing
    | - norton finds it but can't fix, quarantine or delete it
    |
    | It must have a sister process/virus working in tandem. I suspect is
    | works something like:
    | say you have trojan A and B, everything ID's it, but when you kill A,
    | B recreates it as C, then when you delete B, C recreates it as D and
    | the lopp goes on.
    |
    | I've traced it to variants of VX2, abetterinternet, auroa and all
    | research shows it is a bitch to remove.
    |
    | Even SAFE mode showed the expected 12 processes but I can't seem to
    | trace the source of the reinfection.
    |
    | If anyone has more info, please email me directly
    |
    | Thanks
    |
    | Richard
    | richard@compunetics.ca

    Start by downloading and using the Lavasoft VX2 plug-in for Ad-aware SE.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  9. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi Dave,

    Thanks so much for that information. I didn't realize there were
    options for AdAware. I downloaded the plugin and have added it to my
    aresenal of files that I bring around to clients with me.

    I am concerned that the writters of these things are getting nastier.
    99% of Malware used to be relativeley simple to remove. Lately I've
    come across several (this VX2 / ABetterInternet was the worst) that took
    hours to trace and remove. :(

    Thanks again!

    Richard

    David H. Lipman wrote:
    > From: "RickMtl" <richard@compunetics.ca>
    >
    > | Hi Everyone,
    > |
    > | While I am new to google groups, I am a PC veteren with over 20 yrs
    > | experience. I've just come across the same 82k file in the ..\system32
    > | folder. The symptoms are the same. The filename is random and can't
    > | be deleted unless you end the process that file starts. Once you use
    > | the task manager to kill the process, the 82k file renames itself and
    > | start a new process.
    > |
    > | Note the file is always 82k and always in the system32 folder. The
    > | process too keeps renaming itself. The time stamp also changes
    > | randomly. This is the nastiest virus I've ever come across. I blew
    > | three hours trying to remove it. I ended up reformatting the C: drive
    > | (I always keep data on the D: partition)
    > |
    > | Other facts:
    > | - safe mode didn't help
    > | - the latest AdAware (1.06), Spybot (1.4) and Microsoft tools all
    > | detect it, but none can remove it, it always comes back
    > | - I tried disabling it in the startup control panel, no use, it comes
    > | back
    > | - I used several tools to 'delete on reboot', but it comes back
    > | - I even tried unplugging the A/C thinking it may rename itself on
    > | power down, still comes back
    > | - I checked the boot.ini and win.in file, nothing
    > | - norton finds it but can't fix, quarantine or delete it
    > |
    > | It must have a sister process/virus working in tandem. I suspect is
    > | works something like:
    > | say you have trojan A and B, everything ID's it, but when you kill A,
    > | B recreates it as C, then when you delete B, C recreates it as D and
    > | the lopp goes on.
    > |
    > | I've traced it to variants of VX2, abetterinternet, auroa and all
    > | research shows it is a bitch to remove.
    > |
    > | Even SAFE mode showed the expected 12 processes but I can't seem to
    > | trace the source of the reinfection.
    > |
    > | If anyone has more info, please email me directly
    > |
    > | Thanks
    > |
    > | Richard
    > | richard@compunetics.ca
    >
    > Start by downloading and using the Lavasoft VX2 plug-in for Ad-aware SE.
    >
  10. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "" wrote:
    > Hi Dave,
    >
    > Thanks so much for that information. I didn't realize there
    > were
    > options for AdAware. I downloaded the plugin and have added
    > it to my
    > aresenal of files that I bring around to clients with me.
    >
    > I am concerned that the writters of these things are getting
    > nastier.
    > 99% of Malware used to be relativeley simple to remove.
    > Lately I've
    > come across several (this VX2 / ABetterInternet was the worst)
    > that took
    > hours to trace and remove. :(
    >
    > Thanks again!
    >
    > Richard
    >
    > David H. Lipman wrote:
    > > From: "RickMtl" <richard@compunetics.ca>
    > >
    > > | Hi Everyone,
    > > |
    > > | While I am new to google groups, I am a PC veteren with
    > over 20 yrs
    > > | experience. I've just come across the same 82k file in
    > the ..system32
    > > | folder. The symptoms are the same. The filename is
    > random and can't
    > > | be deleted unless you end the process that file starts.
    > Once you use
    > > | the task manager to kill the process, the 82k file renames
    > itself and
    > > | start a new process.
    > > |
    > > | Note the file is always 82k and always in the system32
    > folder. The
    > > | process too keeps renaming itself. The time stamp also
    > changes
    > > | randomly. This is the nastiest virus I've ever come
    > across. I blew
    > > | three hours trying to remove it. I ended up reformatting
    > the C: drive
    > > | (I always keep data on the D: partition)
    > > |
    > > | Other facts:
    > > | - safe mode didn't help
    > > | - the latest AdAware (1.06), Spybot (1.4) and Microsoft
    > tools all
    > > | detect it, but none can remove it, it always comes back
    > > | - I tried disabling it in the startup control panel, no
    > use, it comes
    > > | back
    > > | - I used several tools to 'delete on reboot', but it comes
    > back
    > > | - I even tried unplugging the A/C thinking it may rename
    > itself on
    > > | power down, still comes back
    > > | - I checked the boot.ini and win.in file, nothing
    > > | - norton finds it but can't fix, quarantine or delete it
    > > |
    > > | It must have a sister process/virus working in tandem. I
    > suspect is
    > > | works something like:
    > > | say you have trojan A and B, everything ID's it, but when
    > you kill A,
    > > | B recreates it as C, then when you delete B, C recreates
    > it as D and
    > > | the lopp goes on.
    > > |
    > > | I've traced it to variants of VX2, abetterinternet, auroa
    > and all
    > > | research shows it is a bitch to remove.
    > > |
    > > | Even SAFE mode showed the expected 12 processes but I
    > can't seem to
    > > | trace the source of the reinfection.
    > > |
    > > | If anyone has more info, please email me directly
    > > |
    > > | Thanks
    > > |
    > > | Richard
    > > | richard@compunetics.ca
    > >
    > > Start by downloading and using the Lavasoft VX2 plug-in for
    > Ad-aware SE.
    > >

    This trojan is identified as several different names depending on what
    program your using I.E.


    AntiVir TR/Agent.AY.4.A
    AVG Agent.AH
    Avira TR/Agent.AY.4.A
    BitDefender7.0 Trojan.Agent.AY
    ClamAVdevel no virus found
    DrWeb no virus found
    eTrust-Iris Win32/BettInet.AN!Trojan
    eTrust-Vet Win32.BettInet.AN
    Fortinet W32/Agent.AY-tr
    Ikarus no virus found
    Kaspersky Trojan.Win32.Agent.ay
    McAfee potentially unwanted program Downloader-KL
    NOD32v2 Win32/Agent.AY
    Norman no virus found
    Panda Adware/Twain-Tech
    Sybari Win32/BettInet.AN!Trojan
    Symantec no virus found
    TheHacker Trojan/Agent.ay
    VBA32 Trojan.Win32.Agent.ay

    If you want directions on removing this follow this link and follow
    the instructions-its works-i know because it took me two months to
    find this doc and it took me maybe 20 minutes to remove the
    trojan/virus.
    __________________________________________________
    __________

    www.hauri.com.sg/html/support/virus_read.html?code=TRW3000730
    ____________________________________________________________
    I feel Your Pain :x -Destination- Good
    Luck

    --
    Posted using the http://www.windowsforumz.com interface, at author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.windowsforumz.com/Security-Admin-Identifying-trojan-ftopict545659.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1758125

    Posted Via Usenet.com Premium Usenet Newsgroup Services
    ----------------------------------------------------------
    ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
    ----------------------------------------------------------
    http://www.usenet.com
  11. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "destination" <UseLinkToEmail@WindowsForumz.com>


    | This trojan is identified as several different names depending on what
    | program your using I.E.
    |
    | AntiVir TR/Agent.AY.4.A
    | AVG Agent.AH
    | Avira TR/Agent.AY.4.A
    | BitDefender7.0 Trojan.Agent.AY
    | ClamAVdevel no virus found
    | DrWeb no virus found
    | eTrust-Iris Win32/BettInet.AN!Trojan
    | eTrust-Vet Win32.BettInet.AN
    | Fortinet W32/Agent.AY-tr
    | Ikarus no virus found
    | Kaspersky Trojan.Win32.Agent.ay
    | McAfee potentially unwanted program Downloader-KL
    | NOD32v2 Win32/Agent.AY
    | Norman no virus found
    | Panda Adware/Twain-Tech
    | Sybari Win32/BettInet.AN!Trojan
    | Symantec no virus found
    | TheHacker Trojan/Agent.ay
    | VBA32 Trojan.Win32.Agent.ay
    |
    | If you want directions on removing this follow this link and follow
    | the instructions-its works-i know because it took me two months to
    | find this doc and it took me maybe 20 minutes to remove the
    | trojan/virus.


    Based upon the above Virus Total log...

    The following Multi-Vendor Command Line Scanner front end utility can be used to clean the
    affected PC...

    Dump the contents of the IE Temporary Internet Folder cache (TIF)
    Start --> Settings --> Control Panel --> Internet Options --> Delete Files

    Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
    Tools --> Options --> Privacy --> Cache --> Clear

    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    (.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    simplify the process of using up to 3 different Anti Virus Command Line Scanners to remove
    viruses and various other malware.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode. This
    way all the components can be downloaded from each AV vendor’s web site.
    The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file.

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE and/or FTP.EXE to go
    through your FireWall to allow them to download the needed AV vendor related files.

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
Ask a new question

Read More

Trojan Microsoft Windows XP