Win32.TrojanDownloader.Swizzor.br


Status
Not open for further replies.
S

sathea

Senior Member
Jan 3, 2004
1,763
0
36
Singapore
www.yaohui.sg
While doing a scan on my laptop using adaware, I keep getting the above malware even though I have deleted it completely. Anyone knows how to remove this thing completely from my laptop?

Vendor:Win32.TrojanDownloader.Swizzor.br
Category:Malware
Object Type:process
Size:-
Location:c:\docume~1\locals~1\temp\wjyylxgm.exe
Last Activity:11/15/2004 4:22:33 AM
Risk Level:High
TAC index:8
Comment: (CSI MATCH)
Description: Distributed through unsolicited installations. Runs in stealth. Downloads and installs various third party malware objects.
 

sathea said:
While doing a scan on my laptop using adaware, I keep getting the above malware even though I have deleted it completely. Anyone knows how to remove this thing completely from my laptop?

Vendor:Win32.TrojanDownloader.Swizzor.br
Category:Malware
Object Type:process
Size:-
Location:c:\docume~1\locals~1\temp\wjyylxgm.exe
Last Activity:11/15/2004 4:22:33 AM
Risk Level:High
TAC index:8
Comment: (CSI MATCH)
Description: Distributed through unsolicited installations. Runs in stealth. Downloads and installs various third party malware objects.
Click to expand...
Take a look here:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.downloader.aphe.html

there's removal instruction also.
 

press window + r

type msconfig, click ok

go to Startup tab, search for Bore, bored, etc.. If you are not sure, look under the command column, and try to see if there's a single path that leads to c:\docume~1\locals~1\

uncheck that box

if you want to delete it manually, these are the additional steps:

click on the boot.ini tab, select safeboot, then restart

ignore the msconfig window that pops up

when windows load, go to your file explorer, click on tools, folder options. go to the view tab, and check "show all hidden files and folders"

then go to c:\documents and settings\your account name\my documents\application data\

try looking for weird folders.. the names are not always the same.. but some used are bore, bored, lop, etc. The folders would usually contain only exe files, or exe and .dll files.

delete them.

when all is done, go back to your msconfig window, and go to the boot.ini tab. uncheck the safeboot thingy. Restart..

VOILA. :D

right, be sure to do a system restore point before you commence on the second part.. :D
 

Status
Not open for further replies.
Top Bottom
Back