Thread: How can I remove Setup_toolBar.exe Trojan Horse?
View Single Post
Old 13-10-2006, 14:55   #7
ADd
Inactive
 
ADd's Avatar
 
Join Date: Apr 2006
Location: Land of the free
Posts: 308
ADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond repute
Re: How can I remove Setup_toolBar.exe Trojan Horse?
Quote:
Originally Posted by Paul View Post
But you could still offer help and information here instead of constantly linking to the other site instead
Very well, but one must be aware that i will be posting general 'safe' advice, and I cannot guarantee your system will be clean unless you visit one of the anti-malware boards. The tools they use are powerful, and in the wrong hands can ruin your system. Therefore my help is restricted here, as I will only post general help.

So as a user I would go for a second opinion on the infection:

Visit Kaspersky Anti-Virus Online scanner
Please use Microsoft Explorer for this scan
Click on the Kaspersky Online Scanner Button (The first button)
A new window will now open
Accept the agreement by clicking on the accept button at the bottom of the agreement page
It will now install an active x compenent into your browser
Once done it iwll automatically start downloading the virus definitions, once it has done click on the next button
Now click on Scan Settings
In the scan settings make that the following are selected:
--> Scan using the following Anti-Virus database:
--> Extended (If available otherwise Standard)
--> Scan Options:
--> Scan Archives
--> Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

This scan will not clean anything, but will show the full path of infected files (and also locked objects) on your system. (Kaspersky has one of the best detection rates).

If you wish I can have a look at the log pm it to me, or if you are aware of Kaspersky logs you can do this yourself.

---------- Post added at 14:55 ---------- Previous post was at 14:26 ----------

If Kaspersky also finds the infection, I would then use the folowing program to clean it up:

http://www.ewido.net/en/download/

It is called AVG antispyware now (used to be ewido). Unlike Norton, it has a better record of removing infections

It is a 30 day trial of the full version, then reverts to a restricted version - you lose the resident shield, and automatic updates, but the scanning engine still uses the same definitons (just update manually) and it will also still clean. Don't forget to update to the latest definitions.

I would run this scan in safe mode, as has been comment before, you will have more success at removing the infection. The ewido scan can also create a report, which shows you the registry keys, and file path of any infection. BTW the program will also flag cookies, so it may be worth running Windows Disk Cleanup before scanning, as it may take less time.

Also ensure you set the actions to Quarantine under the Scanner>>settings>>how to act options.

Depending on your system, the scan may take some time.
ADd is offline   Reply With Quote