AVG Free - help with Virus/Trojan Horse please....

[DrRedD]

Hi All,

I'm having a spot of bother locating and removing a Trojan Horse which has been detected by AVG Free (latest version)

Basically AVG tell me that it has located a Trojan Horse:

"Trojan Horse Downloader.lstbar.4.AZ" - not sure whether thats an I or an L in "lstbar".

and it says it's located in:

C:\Documents and Settings\DrRedD\local settings\Temporary Internet Files\Content.IE5\8LAZW9Y3\UniDistIO(1).CAB:\UniDist.ocx

I've unhidden my files and even the system files, but i cannot locate this file - AVG does not even give me the option to Clean it or Remove it - or even move it to the Vault.

Not sure what's going on - Spybot / Adaware / Adware spy - do not detect it at all.

Can't even find a trace of it in the AVG Encyclopedia, which is really strange as it has detected it!

I'd really appreciate any thoughts on this - as i'm finding it highly annoying!

could it be something that's in a "restore point"? - i just read something to that effect, but i'm at work so i can't try to turn it off and wipe the restore points...........

anyone have any ideas?

DrRedD......

[Markim]

Did you try some of the trojan removers?

http://www.anti-spyware-removers.com...r-removal.html

[Markim]

Also
http://www.antionline.com/showthread...018#post787018

[DrRedD]

Thanks Markim for such a speedy reply !

I'll give it all a go tonight when i get home, and let you know how i do....

Thanks again ...........

DrRedD

[DrRedD]

Hi,

Oh well - it's a no go - still can't get rid of this sucker!

Apparently it's in the Browser Cache - and i have no idea how to get rid of it - I tried all my adware killers in Safe Mode - but still no joy.

Just don't understand why AVG detects it and then won't do anything about it.

Anyone able to help out anymore - I've tried all the things on the listed threads above - but nothing seems to work...............

Cheers,

DrRedD......

[sut]

the way I got rid of it was to buy Norton antivirus 2005! I was using AVG but when it wouldnt let me remove ISTBAR that was it! I guess you get what you pay for! Also this is a link for the removal tool from symantic http://sarc.com/avcenter/venc/data/adware.istbar.html

[Fraoch]

Quote:

Originally Posted by DrRedD

I've unhidden my files and even the system files, but i cannot locate this file - AVG does not even give me the option to Clean it or Remove it - or even move it to the Vault.

I was going to suggest MoveOnBoot to kill the file, but if you can't see it that won't work.

Can you see it when you boot in Safe Mode?

Regarding System Restore, you have to turn it off and wipe out previous restores to get rid of this infection. System Restore will contain a copy of the trojan (it maintains copies of all your installed programs and settings) and if you restore from an infected restore point you will be infected again. Only once you are clean should you turn System Restore back on.

Do a search on Norton Antivirus (NAV) here at ABXZone though...most users find it as bad as the trojan itself.

[ckit]

Trend Micro's HouseCall:
http://housecall.trendmicro.com

and yes, this does mean using IE but given that Trend Micro is really good - the risk is worth it.

[rjs735]

I ran in to this when I had a network PC drive shared and attached to my system.

I ended up browsing to the IE cahe and deleting all the mutiple copies of the cache folders. I have never really figured out why IE keeps so many copies of it's cache.

After deleting rerun your AV prog.

I even had to browse the network neighborhood and get to the folder thru the networkneighborhood drive which really is the same drive but gone after thru the network pc name.

It would not showup via the normal browse but only thru the neighborhood browse. Delete and it should all go away.

[Tapir]

I recall downloading a dos version of fsecure and that did the job.