Showing results for 
Search instead for 
Did you mean: 
Level 7

2 Trojans not being removed! Help Please!

I did my best to follow the "required reading" protocol above.

A few notes:

Running XP

system restore turned off.

Unable to update windows as whenever I try to go to the site I get "Internet explorer cannot display the webpage."

McAfee shows fully protected in normal mode, everything is turned off in safe with networking mode. Unable to "fix" as when I hit fix button, it loads then gives error message.

Tried updating DAT and cannot as says unable to verify source. Similarly cannot download virtual technician.

McAfee scan in normal and in safe shows Spy-Agent.BW.GEN!MEM Trojan found, but says removal terminated. Also says no action needed.

Tried Stinger in both normal and safe mode, found nothing...

Tried Stinger as suggested with report only, scan folder off, and heuristics very high, and reported Artemis!9D7C7E195F65 Trojan found.

Unfortunately, this is as far as I've been able to get, and I'm about at the end of my puny computer knowledge!

Thanks for any help offered!


0 Kudos
3 Replies
Level 12

Re: 2 Trojans not being removed! Help Please!


What sort of symptoms are you seeing on the machine?

Also could you search for a file called pdfupd.exe (should be in a directory ending in /local settings/temp) and delete it if it's there?

Can you try running stinger agian in report only mode and 'very high' on the heuristics level and them post up the report?

Finally, you might  want to check the host file to see if it's been modified via the  typical location of C:\windows\system32\drivers\etc\ then file 'hosts'.   Typically malware will try to block users from accessing certain sites  by changing this host file to block access.

Edit the "hosts" file with the  Notepad application to see if there are any additional entries beyond  the standard template like below:

# Copyright (c) 1993-1999  Microsoft Corp.


# This is a sample HOSTS file used by Microsoft  TCP/IP for Windows.


# This file contains the mappings of IP  addresses to host names. Each

# entry should be kept on an individual  line. The IP address should

# be placed in the first column followed  by the corresponding host name.

# The IP address and the host name  should be separated by at least one

# space.


# Additionally,  comments (such as these) may be inserted on individual

# lines or  following the machine name denoted by a '#' symbol.


# For  example:


#          #  source server

#              # x  client hos

Kind regards,


0 Kudos
Level 7

Re: 2 Trojans not being removed! Help Please!

Post edited. Ad-hoc advice.

Message was edited by: paullotion on 20/04/10 14:04:26 IST
0 Kudos
Level 7

Re: 2 Trojans not being removed! Help Please!

Hi Clemmy,

Following helpful advice from paullation and AlexSha, this is what worked for me:

1.  Start Windows in safe mode with networking

2.  At resulting black screen (virus stopped exp[lorer loading on startup) CTRL+ALT+DEL and then file/new task/explorer.exe to reveal the icons on my desktop

3.  Launch IE and download Malware Bytes

4.  Install Malware Bytes and update DAT file

5.  Quick Scan

6.  Hey presto:  files identified and quarantined.

Hope this also helps you


0 Kudos