Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Please HELP ! infected w/Trojan backdoor virus

Feb 6, 2004 5:53AM PST

I had 36 files infected with Trojan horse backdoor and Trojan horse startpage. All of the files is infectted with either .dll or .exe. I used AVG antivirus and quarantined in the vault. My question is "how do I get rid of them ?" Do I just click delete file under the antivirus software ?

Please help,
Thank you in advance
Tran

Discussion is locked

- Collapse -
Re:Please HELP ! infected w/Trojan backdoor virus
Feb 6, 2004 6:11AM PST

You have AVG free?

Open AVG - click on: Program (top\left) > AVG Virus vault > then click on File > delete files
Empty afterwards your recycle bin and you're done.

- Collapse -
Re:Re:Please HELP ! infected w/Trojan backdoor virus
Feb 6, 2004 6:19AM PST

I was told that if the virus infected .EXE file, if you click delete it start to execute and infect more fiels. Secondly, if I delete it, will my computer function back to normal since I have to clue what are this files. Is there a special program to remove the virus ?

Thank you for your fast response

Tran

- Collapse -
Re:Please HELP ! infected w/Trojan backdoor virus
Feb 6, 2004 6:22AM PST

What was the exact name of the trojan??

A trojan does NOT infect exe files!

- Collapse -
Trojan.StartPage
Feb 6, 2004 6:24AM PST
- Collapse -
Re:Trojan.StartPage
Feb 6, 2004 6:51AM PST

Here is a list of infected files in my vault. I just cut and pasted. I hope this help or even confuse more.

1. Trojan horse Startpage.EC","C:\WINDOWS\SYSTEM32\cpan.dll","2/5/2004 10:07:28 AM","cpan.dll",

2. Trojan horse BackDoor.VB.9.N","C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000126.exe","2/3/2004 2:47:24 PM","A0000126.exe"

3. Trojan horse BackDoor.VB.9.M","C:\WINDOWS\SYSTEM32\CqhKkNv.exe","2/3/2004 2:47:24 PM","CqhKkNv.exe",

4. Virus found Startpage","C:\WINDOWS\Fonts\fonts.hta","2/4/2004 10:48:51 AM","fonts.hta",

- Collapse -
Also in System Restore disable it and scan again
Feb 6, 2004 7:14AM PST

I see you have WinXP

Disabling System Restore on Windows XP

IMPORTANT NOTES:

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.


1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives" as shown in this illustration:
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Proceed with what you need to do; for example, virus removal. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.

Pls. let us know how you are doing !

- Collapse -
cwshredder
Feb 6, 2004 7:18AM PST
- Collapse -
Still infected after remove
Feb 6, 2004 8:03AM PST

Hi Maria,

I did exactly what you told me to do.

1. disable computer restore system
2. delete virus files from AVG antivirus
3. restart and rescan again

RESULT : 6 files infected, but seems like they are all the same (cpan.dll)

Trojan horse Startpage.EC","C:\WINDOWS\SYSTEM32\cpan.dll","2/4/2004 5:55:00 PM","cpan.dll"

- Collapse -
Re:Still infected after remove
Feb 6, 2004 8:16AM PST

Did you download

cwshredder?? Run it and click on "fix it" as I assume you will find several files in there.

Pls. let us know ho you are doing after running cwshredder.