Somehow a trojan got onto my computer and it took me the best part of a day to figure out how to get rid of it ...

I knew something was wrong when I heard the hard drive churning for 10 minutes non-stop when nothing was running onscreen.

I checked Task Manager and an instance of "iexplore.exe" was
sucking up CPU cycles - but Internet Explorer wasn't running so it was obviously some type of virus/trojan.

But that wasn't the worst of it.

* It somehow corrupted my install of AVG so I couldn't run it

* It also corrupted my install of Spybot S&D so I couldn't run it

* It changed all folders on my computer to Read Only, so I
couldn't download and re-install AVG or Spybot

* I tried using online scanners and other malware/AV programs but they were either automatically shut down after a period of time (I'm assuming when they come into contact with the file?) or they simply didn't detect the malware.

* It somehow generated a BSOD when I tried to boot into Safe Mode

I did some research and found a post in forum that said the only thing that someone found that got rid of it was a program called PREVX.

I'd never heard of it, so I Googled it, found it was legit, installed the free trial and it detected and removed the trojan immediately.

Needless to say, I purchased a subscription.

I hope this helps someone.

Cheers

Nick :)

I've done the VMWare dance though, complete with backups of the fresh install and everything. Too bad it was completely unsupported and not very useful for me.

"One of these days", I think the expression goes, I'll set up Xen so that I can play with fire too. From behind a blast screen.

Regarding Bart PE, I have found the Ultimate Boot CD For Windows to be very useful. It is a tool for building a Windows XP Boot CD that has a lot of useful tools on it, including a registry editory.

Mind you both of these tools aren't for the layman or faint of heart. I refuse to give Killbox (or recommend it) to anyone who is going to cause more damage than the adware with it.

James

Example: http://www.google.com/search?q=themexp+malware

I use Unlocker too, now. It was perfectly useless against this adware :-).

After clicking ok unlocker will pop up a window identifying the process holding the file open, you can choose one of actions at the bottom (rename, delete, move) and/or then press unlock.

The file will be released from memory, and you can delete as normal (if you didn't use one of the actions), no shutting down of offending program is required. If the file can't be unlocked then the program can delete immediately on reboot, before much of windows starts up.

This little (freeware!) program has got me out of a pickle more than once, the best use is when avg and norton cleaned up most traces of a virus (not my computer), but could not clear a stupid dll that was hooked into every god damn process that was running so it could not be deleted.

I installed unlocker (after clicking another 1000 detected virus screens from norton due to it running with every process). When unlocker was running I tried to delete the file (in use blah blah blah), then unlocker popped up with the scariest unlock screen I have ever seen (every running process including system idle!).

I hit unlock all which of course required a reboot due to system files holding the virus file open and boom! on reboot pesky file gone! a small registry clean up later (symantec security response told me where to look) and I was done.

Awesome little program for the grand cost of nothing.

http://ccollomb.free.fr/unlocker/

A few months ago I found myself in one of those delightful what-have-I-done positions, where any one of the 6 running tasks would restart any of the others if you were to shut one down. The solution I found was to launch several very processor intensive programs (Paint shop pro, emule, nero, trillian, etc) all at once in an attempt to tie up the CPU long enough to kill all 6 tasks. It worked, but I wouldn't count on it working with the next round of malware.