Cable Forum

Cable Forum (https://www.cableforum.uk/board/index.php)
-   Security & Virus Discussion (https://www.cableforum.uk/board/forumdisplay.php?f=38)
-   -   How can I remove Setup_toolBar.exe Trojan Horse? (https://www.cableforum.uk/board/showthread.php?t=33602013)

bel_ami_boy 13-10-2006 13:08
How can I remove Setup_toolBar.exe Trojan Horse?
 
My Norton Anti-Virus 2005 has detected Setup_toolBar.exe Trojan Horse on my PC. Norton asks if I want to quarantine it and when I select ‘yesââ⠀šÂ¬Ã¢â€žÂ¢ it tells me it can’t. It then asks if I want to delete it. When I select ‘yesââ⠀šÂ¬Ã¢â€žÂ¢ it again says it can’t.

Norton tells me the exe file is located in:
C:\documents and settings\mark\local settings\Setup_toolBar.exe but when I search for it, Windows says it can’t find the file. (I have unhidden all files including system files). I have the latest virus definitions installed on my PC.

Does anyone know how I can remove this from my PC?

Enuff 13-10-2006 13:11
Re: How can I remove Setup_toolBar.exe Trojan Horse?
 
boot to safe mode then run norton, this could do the job?

zing_deleted 13-10-2006 13:13
Re: How can I remove Setup_toolBar.exe Trojan Horse?
 
failing that run a livexp or winternals boot cd and scan from there

Eric55 13-10-2006 14:05
Re: How can I remove Setup_toolBar.exe Trojan Horse?
 
Also turn off system restore as it might be reproducing itself there.

ADd 13-10-2006 14:17
Re: How can I remove Setup_toolBar.exe Trojan Horse?
 
Quote:
Originally Posted by Eric55 (Post 34135979)
Also turn off system restore as it might be reproducing itself there.
I would not recommend turning off system restore, as an infected restore point is better than none!! Once your system is clean you can flush the restore points, so you cannot be re-infected if you need to roll back your system

The only way one get get infected from a restore point is if you restore back to the point that is infected, using the system restore facility.

For free help from professionals please visit one of the following ASAP sites:

http://www.malwareremoval.com/a-sap.html

I would help here, but this board is not a malware fixing board ;)

Paul K 13-10-2006 14:19
Re: How can I remove Setup_toolBar.exe Trojan Horse?
 
But you could still offer help and information here instead of constantly linking to the other site instead ;)

ADd 13-10-2006 14:55
Re: How can I remove Setup_toolBar.exe Trojan Horse?
 
Quote:
Originally Posted by Paul (Post 34135987)
But you could still offer help and information here instead of constantly linking to the other site instead ;)
Very well, but one must be aware that i will be posting general 'safe' advice, and I cannot guarantee your system will be clean unless you visit one of the anti-malware boards. The tools they use are powerful, and in the wrong hands can ruin your system. Therefore my help is restricted here, as I will only post general help.

So as a user I would go for a second opinion on the infection:

Visit Kaspersky Anti-Virus Online scanner
Please use Microsoft Explorer for this scan
Click on the Kaspersky Online Scanner Button (The first button)
A new window will now open
Accept the agreement by clicking on the accept button at the bottom of the agreement page
It will now install an active x compenent into your browser
Once done it iwll automatically start downloading the virus definitions, once it has done click on the next button
Now click on Scan Settings
In the scan settings make that the following are selected:
--> Scan using the following Anti-Virus database:
--> Extended (If available otherwise Standard)
--> Scan Options:
--> Scan Archives
--> Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

This scan will not clean anything, but will show the full path of infected files (and also locked objects) on your system. (Kaspersky has one of the best detection rates).

If you wish I can have a look at the log pm it to me, or if you are aware of Kaspersky logs you can do this yourself.

---------- Post added at 14:55 ---------- Previous post was at 14:26 ----------

If Kaspersky also finds the infection, I would then use the folowing program to clean it up:

http://www.ewido.net/en/download/

It is called AVG antispyware now (used to be ewido). Unlike Norton, it has a better record of removing infections ;)

It is a 30 day trial of the full version, then reverts to a restricted version - you lose the resident shield, and automatic updates, but the scanning engine still uses the same definitons (just update manually) and it will also still clean. Don't forget to update to the latest definitions.

I would run this scan in safe mode, as has been comment before, you will have more success at removing the infection. The ewido scan can also create a report, which shows you the registry keys, and file path of any infection. BTW the program will also flag cookies, so it may be worth running Windows Disk Cleanup before scanning, as it may take less time.

Also ensure you set the actions to Quarantine under the Scanner>>settings>>how to act options.

Depending on your system, the scan may take some time.

bel_ami_boy 16-10-2006 12:46
Re: How can I remove Setup_toolBar.exe Trojan Horse?
 
Thanks ADd. Before your posting I had tried switching off System Restore, booting into Safe Mode and rerunning Norton. It detected the trojan again but still couldn't repair, quarantine nor delete it. Since my original posting I have also narrowed down where the trojan is being detected. It is in a folder containing mp3 files which were copied from a friends HDD. Incidentally Windows Explorer still says Setup_toolBar.exe file cannot be found.

I will follow your instructions when I get home from work. Hopefully this will do the trick. I will post back later with an update.

Stephen 16-10-2006 13:25
Re: How can I remove Setup_toolBar.exe Trojan Horse?
 
Try adaware and Spybot S & D. My little bro's laptop was infested(must have been on some dodgy sites!)
Ran in safe mode and using both progs and a couple of others managed to remove all traces the trojans and spyware.

Down the Pub 16-10-2006 14:44
Re: How can I remove Setup_toolBar.exe Trojan Horse?
 
get rid of that bargepole of an excuse AV, and get a freebie like avg or a pay one like NOD32. used both and had no probs with either, wouldn't touch norton with my little bro's fingers let alone my cash or anybody else's pc

bel_ami_boy 17-10-2006 12:55
Re: How can I remove Setup_toolBar.exe Trojan Horse?
 
Using Norton I found the folder where it was detecting the trojan. There were 2 zipped files amongst the mp3 files. I deleted these and then emptied the Recycle Bin and rebooted. I rescanned the folder and Norton didn't detect anything! I then rescanned ALL drives and Norton never detected any problems.

After reading peoples comments about Norton's detection rate being pretty poor I still scanned my PC using Kaspersky. Unfortunately it has detected 3 viruses and 11 infected objects. I will try AVG Anti-Spyware and see if this cleans it up.

ADd - I will PM you the Kaspersky log.

oddjob 18-10-2006 12:42
Re: How can I remove Setup_toolBar.exe Trojan Horse?
 
Hi everyone. First post. Great site, BTW.

The reason removal programs like Spybot sometimes can't remove malware is that the malware is resident in memory.

ADd's advice is an excellent first step. Good move.

Just to add ... I know this site doesn't set out to be a malware removal site but I am qualified to fix malware.

If anyone wants help on the boards here ... post away (but perhaps let me know in a PM so I can come and look; I won't be here every day!!;) ).

Cheers.


OJ


All times are GMT +1. The time now is 09:16.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum