Torjan and Virus

message from Heather on 11 Jun 2004
HELP

Whats the difference between a trojan and a virus?
I have the PW Steal.Trojan virus -- how do I get rid of it? Is it bad? Does
my computer have to be on in order for it to be working??

It steals passwords.... should I change mine? Just the passwords or user
names too???

People say to scan and delete it in safe mode... why safe mode? Norton can't
delete it so why would it work in safe mode????

HELLLLPPPP
 
Ron Martell replied to Heather on 11 Jun 2004
A trojan is a specific type of virus - a program that pretends to be
one thing while doing another - the Trojan Horse deception.

Files that are in active use by Windows usually cannot be deleted -
Windows protects them. Booting in Safe Mode bypasses most of the
files that are loaded automatically at a normal startuo, and that
should include the trojan. With the file no longer in active use it
should be easier to delete.

Note: If the trojan is located in the
\System Volume Information\_Restore folder then there is no need for
concern. It is encapsulated there and cannot do any harm unless you
use the System Restore utility to set the computer back to a date and
time prior to the trojan getting into the _Restore folder.

The trojan will eventually disappear from the _Restore folder as new
restore points are created and the older ones dropped from the
archive. If you want to speed up this process use Disk Cleanup on the
Accessories - System Tools menu. Go to the More Options tab and click
on the Clean up button in the System Restore (bottom) section. That
will remove all but the most recent System Restore point.

Good luck

Ron Martell Duncan B.C. Canada
 
Heather replied to Ron Martell on 11 Jun 2004
Thank you

But how do I know if its in that one folder? The one where it doesn't matter
if it's there?

So If I do a disk cleanup on system restore, will it just get rid of that
and nothing else? What should I be aware of it doing?

Heather

"Ron Martell" <ron@onlinehelp.bc.ca> wrote in message
news:81qjc0h0c668fe1cgc47uvkp88jvo1gfit@4ax.com...
 
Ron Martell replied to Heather on 12 Jun 2004
When your antivirus program detects the virus it will tell you exactly
where the file is located.

If the antivirus program says the file is located in
c:\system volume information\_restore then that is what I was talking
about in my previous message.

Once we have confirmed exactly where this file is located then we can
determine the proper method of getting rid of it. The most common
location for files that Norton says are infected but it cannot delete
or quarantine is in the ....\_restore folder so that is why I
mentioned it in the first message.

Good luck

Ron Martell Duncan B.C. Canada
 

Archived message: Torjan and Virus (Microsoft WinXP)
 
Note: To make this discussion more readable on the page the original messages have been edited to remove most of the references and quoting.