Hi guys,
The family computer has a trogan on, and my mum has asked me to fix it. Even though i know nothing about computers or trojans! So all i know is that if im on internet explorer for over 5 mins or sumin, its shuts down automatically, also when i try to open up avg it just pops up and then shuts again, so yeah,
Any help would be appreciated
Ty,
Dan

EDIT: not my comp

[Horrendously OT and frankly, a stupid and immature post]
The Trojan got your spell checker too then?
[/post]

EDIT: Oh wait it appears some people do spell it with a g - ignore me then [like you didn't already :P]

Trogan?

Uhm put an Anti virus on such as Avast or AVG, both are free) and scan and fix!

Edit : Dammit

Uhm try booting in Safemode and trying again.

Quote from dan12s :

also when i try to open up avg it just pops up and then shuts again, so yeah,

If you have the master CD's, then just save all the important files (Scan them first!) and then just do a reformat. Simple as that.

get a real anti-virus that actually works (nomatter what other people say - from my experience at work i know AVG doesn't work).

www.kaspersky.co.uk - download the trial scan it and clean it up.

also consider going to www.malwarebytes.org and download their anti-malware and scan with that too.

Dan im creating a video for you. So wait a few min. Then ill pm you the link.

Thanks for your help guys,
Dan

Hmm, i cant upload a screenie of the thing that is saying i have a trojan...

Check your hosts file?

IIRC it's in c:/windows/system32/drivers/etc and it's "hosts.msn", make sure you can see hidden files. Shouldn't be anything in there apart from the infomation and like 127.0.0.1 localhost or something...

Ok guys, I have been seaching and i came up with this... trojan.Win32.Agent.azsy.
It matches what it is saying in the pop-up, so im just dowloading www.kaspersky.co.uk as it says on yahoo (thanks mr.x )

http://www.viruslist.com/en/vi ... clopedia?virusid=21782828

Use that as well..

Incase you can't go there.. :

Quote :

Home / Viruses / Virus Encyclopedia
Trojan.Win32.Agent.azsy

Other versions: .ay, .bi, .cp, .vk
Detection added Dec 25 2008
Update released Dec 25 2008 21:32 GMT
Description added Mar 12 2009
Technical details
Payload
Removal instructions
Technical details
This malicious program is a Trojan. It is a Windows PE EXE file. It is 417792 bytes in size. It is packed using UPX. The unpacked file is approximately 439KB in size. It is written in C++.

Installation

Once launched, the Trojan copies its body to the current user’s Windows startup directory:

%Documents and Settings%\<user_name>\Main Menu\Programs\Startup\uninstall.exe
Payload
Once the victim machine has been rebooted, the Trojan extracts a file from itself. The file will have one of the names shown below:

%Documents and Settings%\<user_name>\Application Data\svchosts.exe
%Documents and Settings%\<user_name>\Application Data\taskmon.exe
%Documents and Settings%\<user_name>\Application Data\rundll.exe
%Documents and Settings%\<user_name>\Application Data\service.exe
%Documents and Settings%\<user_name>\Application Data\sound.exe
%Documents and Settings%\<user_name>\Application Data\upnpsvc.exe
%Documents and Settings%\<user_name>\Application Data\lsas.exe
%Documents and Settings%\<user_name>\Application Data\logon.exe
%Documents and Settings%\<user_name>\Application Data\helper.exe
%Documents and Settings%\<user_name>\Application Data\event.exe
%Documents and Settings%\<user_name>\Application Data\dumpreport.exe
%Documents and Settings%\<user_name>\Application Data\msiexeca.exe
This file is 404992 bytes in size. It will be detected by Kaspersky Anti-Virus as Trojan-Downloader.Win32.Agent.aoth.

In order to ensure that the Trojan is launched automatically each time the system is rebooted, the Trojan places a link to the file it extracted from its body in the system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"<rnd1>" = "<rnd2>"
<rnd1> is a name chosen from the list below:

CrashDump
EventLog
Init
lsass
Regscan
RunDll
Setup
Sound
svchosts
System
TaskMon
UPNP
Windows
<rnd> is the path to the file extracted from the Trojan shown in the list above.

Once the Trojan had delivered its payload, it will delete both its body and its copy "%Documents and Settings%\\Main Menu\Programs\Startup\uninstall.exe".

This Trojan will not run on Russian versions of Windows.

Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

Use Task Manager to terminate the Trojan process.
Delete the following system registrykey:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"<rnd1>" = "<rnd2>"
Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
Delete the following files:
%Documents and Settings%\<user_name>\Application Data\svchosts.exe
%Documents and Settings%\<user_name>\Application Data\taskmon.exe
%Documents and Settings%\<user_name>\Application Data\rundll.exe
%Documents and Settings%\<user_name>\Application Data\service.exe
%Documents and Settings%\<user_name>\Application Data\sound.exe
%Documents and Settings%\<user_name>\Application Data\upnpsvc.exe
%Documents and Settings%\<user_name>\Application Data\lsas.exe
%Documents and Settings%\<user_name>\Application Data\logon.exe
%Documents and Settings%\<user_name>\Application Data\helper.exe
%Documents and Settings%\<user_name>\Application Data\event.exe
%Documents and Settings%\<user_name>\Application Data\dumpreport.exe
%Documents and Settings%\<user_name>\Application Data\msiexeca.exe
Delete all files from %Temporary Internet Files%.
Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).

Thanks S14 mate
Anyway, got it fixed now thanks to Mogey's Vid he sent me and Also thanks to mr.x
Ty guys

Glad you got it sorted.

If you guys want to see it ask then

http://www.youtube.com/watch?v ... p;feature=player_embedded

Dude that's awesome! Mini PC genius in the making I tell thee!

Quote from master_lfs.5101 :

If you guys want to see it ask then

http://www.youtube.com/watch?v ... p;feature=player_embedded

Oh NICE

You are an awesome dude

Quote from dan12s :

if im on internet explorer for over 5 mins or sumin, its shuts down automatically

I wouldn't call that a problem Sounds like a bonus to me.

Mogey, instead of telling people to turn their PC on and off mid-booting, just tell them to press F8 repeatedly after POST
Nice video nevertheless

What a cool little genius.

He Looks like a Nerd ( But in a cool way ) Cute