occuring trojan infection

[argyle kid]

Hi all,
I have found recently that my computer is being regularly infected by a Trojan Win32. downloader.gen

My operating system is WinXp and I mostly use Monzilla Firefox Browser. The Tool Bar has Add-ons Web of Trust and Webutation. All the Web Sites I generally use most have all high safety ratings.

The Trojan was found by running Spybot Search & Destroy. I also run Microsoft Security Essentials. This is supposed to have a real time scanner but did not pick up any infection in real time.

Can anyone assist me on how to find which site is the culprit?

Regards AK

[dx100uk]

probably the toolbars or an infected jpg or video

you need to turn on show file extension under folder options of [my] computer

you will have a file labelled xxxxxx.xxx.exe hidden somewhere if its something you've dowmloaded.

the EASY way to cure this is to download COMBOFIX from the BLEEPING COMPUTER SITE

to a penstick on a NON infected PC.

then reboot your infected machine in safemode with networking [using an Ethernet connection cable NOT wireless]

to get into safe mode with networking hit the F8 key several times after the bios bootscreen after rebooting your PC
then select it via the up/down keys and hit enter.

when your infected PC is in safemode

plug the penstick in
browse to combofix.exe
and double click it.

it will do the rest [could take a long time!]

as you've only MSE onboard, ignore the anti virus warning.

let it scan away

you'll know when its done as it will give you a combofix report.txt file to look at.

when done
pull out the penstick

and reboot the PC

dx

[Alrock]

Never could understand why Microsofr hides extensions by default, first thing I always do on a new PC is to change them to always show & folder view to details.

[Wanted]

if you are running spybot, do not use security essentials, more is NOT better regarding anti virus, they conflict with each other, personally i would use "as i have for years" AVG INTERNET SECURITY" this program has STOPPED any virus/trojan BEFORE it gets in your system, i use mozilla firefox, ..i would get rid of "web of trust" and "webutation" this sounds like some item that has come through , and you do not need it.....do a search for the items or "add/remove" first and get rid, also get rid of security essentials is Spybot a paid version , is it a VIRUS program or a malware program , not all programs cover everything

[hopper.65]

To the best of my knowledge MSE and Spybot should have no issues running together, i found AVG be average at stopping malware.
Spybot has in my experience got a habbit of finding things others don't, i recently had all the signs of a trojan recently and scanned with both avast and Malwarebytes which found nothing, spybot found the culprit and the yontoo virus was found while the others did nothing!
Also see more harm than good getting rid of webutation, yes these get it wrong from time to time but it can certainly stop you venturing places that are bad for your system much more so than leading you to a wrongly rated site.

[dx100uk]

one of the best things to do is NEVE EVER browse the internet with a
windows log-in that has ADMINISTRATION RIGHTS



that's one of easiest ways for activex and script virus to get on your system

as it assumes as you are a administrator you know what you are doing
so does not alert you.

dx

[argyle kid]

Hi all who replied,

I have a lot to digest,dx100uk as usual a full list but do not think my computer skills are up to it.

The trojan was removed by spy bot however.

Regards AK.

[dx100uk]

glad its sorted