downloader trojan

hi Everybody,

I got my computer infected with a trojan horse, it makes symantec AV pops-up
every second to block a file copied to the windows\system32 floder, named
adl.exe.tmp.

I issued Netstat in the cmd, it shows a session to
("numbers".btnaccess.net), it actually uses explorer.exe to get connected.

I need to know which files are involved in using the explorer. how can I do
that????

anybody got a clue..

Zuhair


--
Zuhair Attya
IT Administrator
Bahrain

Zuhair Attya wrote:

hi Everybody,

I got my computer infected with a trojan horse, it makes symantec AV
pops-up every second to block a file copied to the windows\system32
floder, named adl.exe.tmp.

I issued Netstat in the cmd, it shows a session to
("numbers".btnaccess.net), it actually uses explorer.exe to get
connected.

I need to know which files are involved in using the explorer. how can
I do that????

What you need to do is clean up your computer. Do all the preparatory
work he

http://www.elephantboycomputers.com/...moving_Malware

Then run either Sysclean or David Lipman's Multi_AV:

http://www.elephantboycomputers.com/...icros_Sysclean
http://www.ik-cs.com/multi-av.htm - how to use Dave Lipman's Multi-AV
http://www.ik-cs.com/programs/virtools/Multi_AV.exe - Multi-AV download
http://pcdid.com/Multi_AV.htm - additional Multi_AV instructions

Continue with the general malware removal steps from the first link,
including running Ewido. Make sure you do all the finishing up, too.

If the procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a professional
computer repair shop (not your local version of BigStoreUSA).

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User