The Force is not with me!
Hot damn! I’ve been hit with a bloody trojan that just won’t go away! I’ve tried everything humanly possible, yet it persists, it all started with random error messages on amvo.exe and help.exe, at first i didn’t give much attention to it and thought it might be just one of those random windows errors, but I was wrong. A Google search told me it was a trojan, that was odd since my pc was well protected with all kinds of anti-malware software and i thought i was safe, but I was wrong indeed. anyway, I thought to myself, it’s just a silly trojan, it shouldn’t be that hard to get rid of. I was wrong again.
So far I have tried Avast, Kaspersky, CWShredder, The Cleaner, Ad-Aware, Spybot S&D, HiJackThis, Windows Defender, Spyware Doctor and Spyware Blaster, and the darned thing would not go away, I then resorted to a format and a clean install, but like a true spartan warrior it kept coming back!
Anywhoo, it seems the force is not with me and the powers of Tech is failing me! I am going to launch my final offensive today against this mighty intruder and hope for the best! and the reason I posted this is to warn you, If you ever get errors on help.exe or amvo.exe, or if you find that your partitions suddenly open in a new window, brace yourselves and prepare for the worst :neutral:
Also, Vista seems to stand its ground against this myserious trojan, I have a dual boot system with XP and Vista, I could just work on Vista but my TV Card’s Software doesn’t work on vista for some reason that is why i need XP.
Anybody encountered this problem? any advice would be appreciated 
January 29th, 2008 at 8:37 am
Usually when this happen, it means that the Trojan is actually not the things you’re trying to kill it has morphed into some other file. Nasty!
I would do the following
kill everything you use. And start a command prompt
use the command, Tasklist /svc to see all the running tasks.
If you suspect a specific task, kill it with taskkill /f /im [taskname] then do another tasklist. If it re-spawns again, use a debugger to know it’s parent and kill it. This will usually be the culprit. If the parent is re-spawned, break into it using the debugger again and kill it’s parent.
Next find where the parent lives (registry, desk …etc) and stop it from executing by removing it’s entries. You might have repeat this process several times to get them all done
Now finally, I usually prevent the nasty stuff from starting again by creating read-only files in their names. Some can be tricky since they take random names under %windir%
It is a good idea not to EVER trust the crap that is available “Free” on the Internet, no matter how great the porn they promise to be
January 29th, 2008 at 8:38 am
hmmm I had a long comment here, and it’s now showing!
January 29th, 2008 at 8:55 am
Qwaider: The comment was marked as spam because it had the word p0rn in it :P Anyway, I will try that, at this point I’m willing to try everything though I’m not sure if I’ll be able to keep generating files with the same name, also not sure if this will actually stop it. its worth a shot though.
January 29th, 2008 at 9:24 am
Hee hee! I love it when people say HOT DAMN!
January 29th, 2008 at 9:29 am
hmm , did u try to work Safe mood, or by create another Admin user and try to delete the files from local folder for the other Admin and do scan
nod32 and AVG is good stuff did u try it?
January 29th, 2008 at 9:33 am
Hal: HOT DAMN HOT DAMN! :D
Qabbani: I formatted and installed a new windows ya zalameh :D but didn’t try AVG or nod32, I suppose I could try them, I got nothing to lose :)
January 29th, 2008 at 9:58 am
Bakkouz
Back in the old good days, #No-Hack channel had a great database of solutions and they had the best experts out there, maybe you should check with them.
January 29th, 2008 at 2:02 pm
AVG, AntiVir and look rootkit type attacks.
In addition, if you formatted, installed Fresh copy, updated and patched XP without going to any other sites in between, I can guarantee it’s one of two things:
1. Internal attack (Man in the middle or may be someone who knows your password ..etc)
2. Your installation disk already has the virus/trojan ..etc
Just install MacOS.
January 29th, 2008 at 4:49 pm
Ok, I am not a Kumbatarji like you , but I deal with things the Jordanian way.
Format 3an jamb o taraf, actually my C: is now for windows and system files, formatting have become a habit.
1. Download Free viruses with their latest updates on a good PC
2. Format your infected PC
3. Boot in Safe mode
4. Isntall and run the anti-vir
5. install one of those programs that scan for internet accessing requests on your pc and block them
This is what I know! But it looks you got one nasty trojan!
Good luck :)
January 29th, 2008 at 4:50 pm
I meant download free ANTI-Viruses :mrgreen:
looks like I got a virus in my brain
January 29th, 2008 at 8:30 pm
I been using Norton package for the last 3 years and never encountered any problems at all :)
January 30th, 2008 at 12:27 am
ya3nee hasa3 sho el 5ola9ah?!! nefham ya3nee 2eno 2entagalelna el virus men blogak :cry: :shock: he3 …
January 30th, 2008 at 3:26 am
format, sell you pc and get a mac!
January 30th, 2008 at 9:41 pm
wrote a long comment but I think it got spam plugined for contianing links!
January 31st, 2008 at 1:01 pm
Nothing worse than a dreaded trojan. I had to wiped out and reload one of my PC’s just yesterday because of one. Don’t programmers have better things to do than write these? lol
January 31st, 2008 at 1:46 pm
Man, convert to MAC. Ask Dadan about it.
Moutaz