Trojan, removal with NOD
- Thread starter Jimmy1983
- Start date
Soldato
- Joined
- 29 Mar 2007
- Posts
- 3,827
- Location
- Essex
Delete it manually?
Just in win? Send to recycle bin, that way? Wasn't sure if that permanently delete it or not.
Associate
- Joined
- 14 Jun 2005
- Posts
- 191
I think you will find that most cracks are detected as viruses.
Just delete it from the folder wherever it is and then empty recyclle bin.
Just delete it from the folder wherever it is and then empty recyclle bin.
This is such a coincidence - I just had to remove that very same trojan from my parents PC about 3 days ago... I found "Wilogon32.exe" in their Windows startup, and knew it should not be there. It turned out the main trojan file had been deleted, but it had left registry entries and startup keys behind.
Anyway, I found a very good removal tool just for the Rbot trojan from Sophos, which scans the HDD and deletes all of the files and registry entries.
Instructions: http://www.sophos.com/support/disinfection/rbotek.html
Removal tool download: http://www.sophos.com/support/cleaners/rbotgui.com
Anyway, I found a very good removal tool just for the Rbot trojan from Sophos, which scans the HDD and deletes all of the files and registry entries.
Instructions: http://www.sophos.com/support/disinfection/rbotek.html
Removal tool download: http://www.sophos.com/support/cleaners/rbotgui.com
Cheers for that info, can I not just send to recycle bin, and delete it that way? Ive got nothing in showing in msconfig.
As long as you didn't unpack the .rar file and click on the .exe, then you should be able to safely remove it. They are only harmful when unpacked.
If you think your brother has run the file, then definitely run the removal tool.
Well I guess its no harm in running the tool just incase.
It will only take minutes and it doesn't need to install or anything, so it would be wise to run it incase.
It will only take minutes and it doesn't need to install or anything, so it would be wise to run it incase.
Shall I delete the whole folder first then run that tool?
Yes you can do and make sure you go into options, then configuration to scan the entire hard drive afterwards.
Dont think the trojan was actually opened and run by the looks off the resulting scan,
This is one of the reasons I don't like NOD32.
"You have a virus/trojan etc on your system but we can't do anything with it." The number of times I get that message when scanning systems.
I don't see why it can't give the option to delete like kaspersky etc.
"You have a virus/trojan etc on your system but we can't do anything with it." The number of times I get that message when scanning systems.
I don't see why it can't give the option to delete like kaspersky etc.
This is my first experience with NOD trying to remove a virus, so how do you remove virues that its finds in the future? Surely you don't have to go and hunt down a certain removal tool for that said virus?
I think usually it would let you quaratine or delete it - it is weird that it didn't allow you to remove that infected .rar file though... Sometimes booting into safe mode will allow you to delete difficult infections.
Didn't try that, didn't think.
Doesn't look like the virus was opened anyway, but thanks for the help
What actually could be happening here is the fact that the file is within the rar and NOD32 will not allow the deletion of files within a compressed file such as the rar.
To test this you could disable NOD32, extract the rar and then enable NOD32 again. Now scan the extracted rar and see if it deletes the file thats infected.
To test this you could disable NOD32, extract the rar and then enable NOD32 again. Now scan the extracted rar and see if it deletes the file thats infected.