General discussion

Locked

Trojan removal

By gridley ·
My sister in law has got a version of the downloader virus that I can't seem to get rid of - she has Norton AV and it has been updated automatically, so I know that the definitions are up to date. The message that keeps popping up from Norton is -
Virus Alert
Norton Antivirus has detected a virus on your computer.

Object Name: c;\window\system32\mscype.dll
Virus Name: Downloader
Action Taken: Unable to repair this file.

I have restarted the computer in safe mode with system restore turned off and scanned the computer, it finds the virus, but, can not delete or quarantine the file.

I have searched all the major virus sites and can find no reference to this file.

I have tried to kill the process without any luck. I have tried using Force Delete and KillDll and neither of them can delete this file either.

Any help on this one would be appreciated.

Thanks

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by wcp In reply to Trojan removal

Try the following free antispyware that also remove worms and trojans.

1. Ewido - http://tinyurl.com/5b3qh
2. SuperAntiSpyware - http://tinyurl.com/ox7un
3. a-Square - http://tinyurl.com/2btm5

Try also the following free online virus scan that does not conflicts with your NAV

1. Panda - http://tinyurl.com/8uox8
2. Kaspersky - http://tinyurl.com/e3dsx
3. TrendMicro - http://tinyurl.com/2xis
4. BitDefender - http://tinyurl.com/aauh5
5. McAfee - http://tinyurl.com/bdvsv

Some files cannot be removed while in Windows. There are a few programs that remove files on next restart.

Please add a comment if you need more info or help.

Collapse -

by wcp In reply to

I?d like to offer two options

1. Uninstall your current antivirus program and install Virobot Desktop 5 from www.hauri.net. You may try a 30-day evaluation.
2. Download and run KillBox from www.killbox.net. It will remove mscype.dll on next restart. Make sure to create System Restore Point before running KillBox.

Collapse -

by HAL 9000 Moderator In reply to Trojan removal

If you look here

http://tinyurl.com/pzrmb

This is Semantics link to the removal of this Trojan.

This seems to be the important bit here though

. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry.

Click Start > Run.
Type regedit
Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.


Navigate to and delete the subkeys:

HKEY_CLASSES_ROOT\CLSID\{EA4511CC-B484-C6DE-8E3D-85387140521A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Browser Helper Objects\{EA4511CC-B484-C6DE-8E3D-85387140521A}


Exit the Registry Editor.


Col

Collapse -

by chitosunday In reply to Trojan removal

If you have a bootable CD, try to boot using dos and use the delete command of dos to delete the file.

Collapse -

by somnath.dey In reply to Trojan removal

There are 3 steps to solve the problem.
Step 1. Backup your full data including registry.
Step 2. Format and reinstall OS and other required softwares.
Step 3. Restore your backed file after a extensive virus scan.

Collapse -

by Blackcurrant In reply to Trojan removal

Hi

Do the following:
Close all programs and open a command prompt (Start, Run then type:

cmd

then press enter). When you see the flashing cursor type this:

cd\windows\system32

then press enter. You should the following in the command prompt window:

C:\Windows\System32\_

where the _ is flashing.

Next, leave the command prompt window open, then press ctrl+alt+del, and select Task Manager. On the Processes tab, right-click Explorer.exe and select End Process, then confirm it. Leave Task Manager open. Everything will disappear from your Desktop - don't worry, it is still there.

Next, go back to the Command Prompt window and type:

del mscype.dll

then press Enter.

Once the file has been deleted, go back to Task Manager and click File>New Task(Run), and type:

Explorer.exe

Then click OK. Your Desktop will re-appear.

The file should be gone.

Re-run your A/V with the latest definitions.

There is no need to reformat and reinstall Windows.

Good luck

Collapse -

by lamczyknic3000 In reply to Trojan removal

I would recommend buying system mechanic. It does mulitple things from hanti-hacking, spy-ware, and pop-up blocking to system maintainance. Try to avoid using free software because you only get limited abilities with them, such as not being able to delete or quarantine.

Collapse -

by gridley In reply to Trojan removal

Thanks for all the responses. Over the weekend I tried each of these suggestions and was not able to delete this file. I have written to Symantec and Kapersky and have described the situation, at this point no one has answered. In one of the posts someone mentioned booting into DOS. As far as I know, you can't delete files on an NTFS partition using a DOS boot disk. Has anyone tried this? There must be a program that will delete files that are in use....

Help - the virus itself is annoying, but, not enough to warrant a disk format and a fresh install of Windows.

thanks

Collapse -

Another try to remove this virus

by vcatomine In reply to Trojan removal

http://www.protectorplus.com/virus_info/trojans/. This is software I have used for 7 years and never had a problem. It if a free trial for thirty days and it will fix in that period of time. The list goes on and on and it is very up to date. Sometimes it updates itself more than once a day. Check it out.

Back to Windows Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums