Can't get rid of Trojan! Please help!

Minniethemoocher

Kaspersky Internet Security 2010 has identified that I have a Trojan "trojan spy html fraud gen".

It is in quarantine, but the "disinfect" option is greyed out.

Today, when I ran a quick scan, Kapsersky identified "trojan spy html fraud gen" again, and now tells me that I have the same Trojan three times.

How do I get rid of the trojan? How do I get Kaspersky to disinfect my PC?

The trojan was in my Hotmail email, but I did not click on the link, I only opened the email to read it, so I don't know how the trojan infected my computer. I am using Firefox 3.6.8 and Window Live Mail.

I am running Windows XP home edition.

The file is shown as being located in C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail then the name of the infected email.

Contacted Kaspersky, but didn't really understand the answer. They they told me to download Kaspersky Virus Removal Tool 2010, which comes with all sorts of warnings on the website, stating that it may damage my PC.

Can I just delete the trojan from my C drive and get rid of it that way?

Should I log on to my web based hotmail account and delete the email from my junk folder?

I haven't opened Windows Live Mail since the infection, in case I download it again. Should I open Live Mail and delete the infected email?

I just don't know what to do for the best!!

Please help me I am very worried! Thank you in advance of your help!

Browntoa

download this

http://www.filehippo.com/download_malwarebytes_anti_malware/

install and update it , then do full scan , let it remove everything it finds and reboot if it asks

when its finished it will produce a log file

copy and paste it into a reply on here

hethmar

TBH Kaspersky is probably telling you about the same incident every time Can you not delete the trojan in kaspersky's quarantine?

Minniethemoocher

Thank you for your helpful replies.I have downloaded Malwarebytes and started to scan my PC, but 20 mins into a quick scan, my PC shut itself down. When I restarted it, it reported that it had reached a critical overheating stage. It did the same thing when I tried to run a full scan with Kaspersky.

I have shut it down and waiting for it to "cool" although the casing did not feel hot at all to me.

So I don't have a log to post. Will try to run the scan again later. Posting from my back up laptop at the moment.

Minniethemoocher

Well, I managed to run a quick scan using Malwarebytes, I had to pause it every 10 mins to stop the PC shutting down with over heating message.

Here is the log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4367

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

30/07/2010 11:49:20
mbam-log-2010-07-30 (11-49-20).txt

Scan type: Quick scan
Objects scanned: 161781
Time elapsed: 30 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

No mention of trojan spy html fraud gen but very worried about the results as it says that my security has been disabled by a virus!:eek:

I haven't taken any action yet. Do I just press "remove" on Malwarebytes to get rid of the virus?

Do I also need a full scan too?

Once again many thanks in advance for your help.

dogmaryxx

Yes. Click remove then do a full scan.

danthemoneysavingman

as for the overheating, i suggest you get inside your PC and clean out the fan.dont use a hoover though, static etc.

Minniethemoocher

OK, have done a full scan with Malwarebytes and all clear!

Kaspersky still showing 14 events, but only listing the trojan in quarantine once.

If I click on "properties" in Windows Live Mail it shows 1 message in my deleted items folder, but says that the folder is empty. No matter how many times I empty the deleted items folder, the hidden item remains there and I believe that this is the email that had the trojan.

Any ideas how to get rid of this hidden email in my deleted items folder?
Is this what is causing Kaspersky to keep showing that there is a trojan on my system, albeit it is quarantined?

Minniethemoocher

Have read the Malware removal sticky thread. Should I download and run crap cleaner/ccleaner and spybot? Or will they conflict with Kaspersky Internet Security 2010?

Donnie

You can update KIS 2010 to KIS 2011 and IE6 to IE8. Have you changed the system to 'show hidden files'? Take a look here to help find and delete the hidden mail.

Have you deleted the file from Quarantine? Perhaps it is still in System Restore.