Ive got this trojan for a long time " Trojan-Downloader.Win32.Conhook.v ".AVP detects it but it cant remove it cos it restarts my computer over and over again and it says that this trojan cant be removed. Ive tried everything but I cant remove the infected file which is awtss.dll in the folder "Windows-> system 32 ".
Can anybody help me, please??
Thanks a lot. Marina.
Full Version: Trojan-Downloader.Win32.Conhook.v
Ýou could try to use something like killbox to delete the dll on reboot.
I tried to use killbox but it could not delete it. Thanks anyway. another solution?
Are you sure you ticked the "Delete on reboot" option in Killbox? There is another tool called Unlocker install it, rightclick on the file and choose unlock/delete.
After this you should try to scan in safemode, might not work, but worth a try.
Safemode:
Windows XP
If Windows XP is the only operating system installed on your computer, booting into Safe Mode with these instructions.
If the computer is running, shut down Windows, and then turn off the power
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
When you are finished with all troubleshooting, close all programs and restart the computer as you normally would.
To use the System Configuration Utility method
Close all open programs.
Click Start, Run and type MSCONFIG in the box and click OK
The System Configuration Utility appears, On the BOOT.INI tab, Check the "/SAFEBOOT" option, and then click OK and Restart your computer when prompted.
The computer restarts in Safe mode.
Perform the troubleshooting steps for which you are using Safe Mode.
When you are finished with troubleshooting in Safe mode, open MSCONFIG again, on the BOOT.INI tab, uncheck "/SAFEBOOT" and click OK to restart your computer
--------------------------------------------------------------------------------------------------------------------------------------------------
Many times in order to remove a piece of spyware or for troubleshooting and diagnostic purposes, you'll have to start Windows in Safe Mode. While in Safe Mode, only specific programs and files needed to run the operating system are loaded. Some functions, such as connecting to the Internet, will not be active in Safe Mode and a standard video driver will be loaded causing a washed out look and a possible change in resolution. However, because just the essential programs and files are loaded in Safe Mode, this allows us to remove some spyware, adware, viruses and such that cannot be removed in Normal Mode.
After this you should try to scan in safemode, might not work, but worth a try.
Safemode:
Windows XP
If Windows XP is the only operating system installed on your computer, booting into Safe Mode with these instructions.
If the computer is running, shut down Windows, and then turn off the power
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
When you are finished with all troubleshooting, close all programs and restart the computer as you normally would.
To use the System Configuration Utility method
Close all open programs.
Click Start, Run and type MSCONFIG in the box and click OK
The System Configuration Utility appears, On the BOOT.INI tab, Check the "/SAFEBOOT" option, and then click OK and Restart your computer when prompted.
The computer restarts in Safe mode.
Perform the troubleshooting steps for which you are using Safe Mode.
When you are finished with troubleshooting in Safe mode, open MSCONFIG again, on the BOOT.INI tab, uncheck "/SAFEBOOT" and click OK to restart your computer
--------------------------------------------------------------------------------------------------------------------------------------------------
Many times in order to remove a piece of spyware or for troubleshooting and diagnostic purposes, you'll have to start Windows in Safe Mode. While in Safe Mode, only specific programs and files needed to run the operating system are loaded. Some functions, such as connecting to the Internet, will not be active in Safe Mode and a standard video driver will be loaded causing a washed out look and a possible change in resolution. However, because just the essential programs and files are loaded in Safe Mode, this allows us to remove some spyware, adware, viruses and such that cannot be removed in Normal Mode.
I dowloaded that program "unlocker" and i restarted my computer in safe mode but when it tried to removed that file it restarted the computer.Ive also tried with the other program "killbox" but it couldnt remove it neither. It's impossible!! I dont know what else to do. I need help!!
Did you scan with Kaspersky in safemode?
QUOTE(mongou @ Jan 14 2006, 02:48 PM)
I dowloaded that program "unlocker" and i restarted my computer in safe mode but when it tried to removed that file it restarted the computer.Ive also tried with the other program "killbox" but it couldnt remove it neither. It's impossible!! I dont know what else to do. I need help!!
Did you try boot with a sp boot disk (pe builder)?
KAV 2006 let you create a boot disk with kaspersky antivirus.
Thanxs a lot for your fast reply.
I did scan with kaspersky in safemode but it couldnt remove it . I havent got a clue about computers and I dont know what is sp boot disk but i dont have kaspersky 2006 anyway so...what else can i do?
I did scan with kaspersky in safemode but it couldnt remove it . I havent got a clue about computers and I dont know what is sp boot disk but i dont have kaspersky 2006 anyway so...what else can i do?
Maybe can find help on the following link.
http://wiki.castlecops.com/Malware_Removal...ntion:_Overview
Please read the site carefully
http://wiki.castlecops.com/Malware_Removal...ntion:_Overview
Please read the site carefully
Ok ive been doing removal of malware ect for a while now. You have tried to use killbox and you used delete on reboot and then u instantly rebooted?
Youve tried numerous attempts in safe mode. So now im going to refer you to a forums that will use hijackthis and help of pros over at GLADIATOR FORUMS
That link takes you to the place where you should post your hijackthis log in a new topic and a pro will get to you.
But before all this your going to need HT/HJT (hijackthis)
go to this link http://gladiator-antivirus.com/forum/index...showtopic=18116
then download HJT using one of the links given.
Once you have made a new topic and given an explanation of your situation and the HJT log, a professional who has delt with numerous things like this (alot of the pros are either microsoft or asap certified so they know what there doing.)
They will help you fix this problem using numerous tools.
So give it a try and tell us how its going if you havent already fixed this problem.
Youve tried numerous attempts in safe mode. So now im going to refer you to a forums that will use hijackthis and help of pros over at GLADIATOR FORUMS
That link takes you to the place where you should post your hijackthis log in a new topic and a pro will get to you.
But before all this your going to need HT/HJT (hijackthis)
go to this link http://gladiator-antivirus.com/forum/index...showtopic=18116
then download HJT using one of the links given.
Once you have made a new topic and given an explanation of your situation and the HJT log, a professional who has delt with numerous things like this (alot of the pros are either microsoft or asap certified so they know what there doing.)
They will help you fix this problem using numerous tools.
So give it a try and tell us how its going if you havent already fixed this problem.
I post them my hijackthis log and they r helping me. thanks a lot guys!!
Good luck! And thanks for the feedback!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.