Trojan help needed

[frankthetank]

i just got a partner account of a tgp where I caught a trojan 8java class load). Usually my scanner deletes the files at once, but this time it was only detected, not removed.

Now I tried to remove it manually, but I can´t delete the file because it is in use.

Any help?

[cd34]

make note of the file location
reboot into command line mode (f5 during the boot process, select the command line option)

cd \directory\where\the\thing\is
del filename.whatever

[MadMax]

optionally, you can write down the file path and reboot in safe mode. Since only critical drivers are active in safe mode trojans aren't "in use" 99.5% of the time, then you can just delete it through windows explorer. Just make sure you've got explorer set to show hidden and system files.

[frankthetank]

Thanks a lot for your help! Just deleted that shit.

[GeorgeTH]

...and make sure you have "restore points" turned off (or it might re-install)!
Also look if it's still lurking in your browser cache - to be sure empty it, your \temp directory, and the one under c:\documents and settings\[your name]\application data\sun\java\deployment\cache <<< that's where these bastards tend to nest (don't you just love Microsoft's way of hiding things?)

Also love the fact that now even well-known TGPs are spreading Trojans (happened to us last week at a site I used to trade with last year - thank God I don't anymore) -
if this trend continues it'll be the |goodnight for free porn

[frankthetank]

Quote:

Originally Posted by GeorgeTH

...and make sure you have "restore points" turned off (or it might re-install)!
Also look if it's still lurking in your browser cache - to be sure empty it, your \temp directory, and the one under c:\documents and settings\[your name]\application data\sun\java\deployment\cache <<< that's where these bastards tend to nest (don't you just love Microsoft's way of hiding things?)

Yes, it´s a great way of free entertainment |cool|
And yes, i deleted all the crap..