How do I get rid of a Trojan?

[Molly]

Hi I've got stuck, my computer has been infected with a Trojan Horse virus. I know this because my Virus detecter tell me every 15 seconds. It says it can't do anything about it but identify the file as : C:/system32.exe I have tried to go in and delete it myself or change it names, but apparently I don't have any rights on that file.

I'm kind of stuck, I don't want to turn off my anti Virus but It just won't shut up. I don't think I have the CD to rebuild the machine and I don't really want reformat the hard drive, god know what I would loose.

Can anyone suggest anything?

Thanks Molly

[DJMaze]

Which virusscanner ?
Which trojan ?
Windows version ?

[Smith]

Try NOD 3.2 - IMO it's the best!

[DJMaze]

Start -> Run -> regedit

In the registry editor tree browse to:

HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Run

Look in there for strange entries.
Also check RunOnce and RunOnceEx

Other pesky spy/trojan stuff even gets more integrated thru (Internet) Explorer.
Thanks to the integration of IE inside Windows OS it made it easier for virusses, trojans and spyware to infect the machine and stay infected.

For example "ActiveDesktop" can be manipulated to force and stay active thru an registry entry named "ForceActiveDesktopOn" in:
HKEY_USERS\S-x-x-xx-xxxxxxx-xxxxxxx-xxxxxx-xxxx\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
(xxxx is random number)
That in combination with other registry entries (like about:home manipulation, etc.) it will make your OS a real spam system.

As you can see the windows registry is the most important thing to execute this stuff so to remove trojans and stuff you must delete the executables but also fix the registry.

To check this all manualy you must know your system very well or you're screwed.
A good thing to start with is to have the taskmanager open (Ctrl+Shift+Esc) to see if there are unknown processes. When you have no clue compare the list with the list of a uninfected system. That way you can see which unknown exe's are running from c:\, c:\windows, or c:\windows\system32