0
Downloader Viruses
This category is for questions about malware that automatically downloads spyware and infects the users system without the user's knowledge or permission.
2,120 Questions
How do you get rid of Trojan viruses delupdat exe sui exe m3tsp8 dll?
Download and run Firefox to protect your computer from future spyware attacks and pop ups which are coming in through internet explorer (Trojan downloaders, win32 ).Browser attacks aren't easy to spot because they piggyback on legitimate traffic that doesn't exhibit many obvious warning signs
1. Run Deckard's System Scanner (DSS)
2. Run the vundo and combo fix
3. Run Malwarebytes Anti-Malware
4. Run the anti spyware removal programs spybot
5 Run Superantispyware
6. Run a complete scan with free curing utility Dr.Web CureIt!
I've found these a problem myself -my virus checker gets rid of them, but they pop back. A Google search took me to http://www.2-spyware.com/file-sui-exe.html which offers some free software to find 'Spyware' - since none of the antivirus sites I've looked at have anything to say about it. I haven't yet downloaded it yet, so I can't tell you if it works, but it is a possible option! 1. Delete the folder c:\program files\common files\updater and all files in it.2. Run regedit (Run Window). Drill into HKEY_LOCAL_MACHINE, SOFTWARE, MICROSOFT, WINDOWS, CURRENT VERSION, RUN folder. Remove the entry for "updater.exe".
Doing both of these steps will prevent the trojan from reinfecting your PC.
In addition to the updater directory in c:\program files\common files\, I found c:\updaterInstall_112.exe as being apparently responsible for creating the updater directory. Delete this .exe file also. Just found that if you scan with Norton it will find these files, sui.exe , wupdater.exe ect. and before telling Norton to erase them just press ctrl-alt-delete to access the task manager an in the processes tab , just highlight wupdater.exe and hit stop process. It will stop it letting the chance to Norton to erase it.The reason Norton cannot delete them is because it is running so can't be deleted.
Do the same with other.exe files you see in Norton scan and when all of them has been stopped, you can tell Norton to delete them and it will.
Try the following programs. They will stop all unwanted stuff from getting on your pc- I went to www.webattack.com and found a way to remove it by doing the following. I clicked on green link at the top of the page stating "FREEWARE", then clicked on virus tools/or you can search on that site for this program - "Avast home edition". It is the best freeware program, that i have ever used and removed the virus in no time. The Funweb A is a Trojan horse virus, and when Avast picked it up was going under another name - I think that's why everybody have difficulty in removing it, and can't find anything under funweb A because it is going under another name. Avast has also detected and removed 2 other virus infected files on my PC! It is important to do a live update of avast virus definitions and to set program to run a full system scan. Do download the full free home edition and not just the computer cleaner. It's AMAZING! Thank you so much Avast! Two programs going really well with Avast and also freeware on the same site is Ad-Aware spy detector and Zone Alarm firewall. I have all three and they work together like magic! Try it, you won't look back! I can confirm that Avast has picked up these trojans and another on one of my PCs despite me thinking I was fully defended. It seems to be considerably better than Norton although its not as user friendly to be honest. If you are a half way experienced user you should be fine with it, and for home use it's free! You can get rid of this trojan viruses delupdat exe sui exe m3tsp8 dll by following these steps .1 Download and intall the Malwarebytes on your computer.
2 Update your Malwarebytes .
3 Scan your computer for all the malwares in your computer.
4 Remove all the malware found while scanning with the malwarebytes.
5 Restart your computer.
You can take care of your problem with MalwareBytes at best. Just run a simple scan and you should have no problems. In the future however be very careful when downloading freeware. In order to sustain themselves, developers often overlook various threats bundled with their software.How do you get rid of Trojans if AVG says 'action failed'?
1. Download and run firefox to protect your computer from future spyware attacks and pop ups which are coming in through internet explorer (Trojan downloaders, win32 ).Browser attacks aren't easy to spot because they piggyback on legitimate traffic that doesn't exhibit many obvious warning signs
http://securitynewsfromthenet.blogspot.com/2007/05/spyware-fighter-essentials.HTML
2. Run the vundo and combo fix http://securitynewsfromthenet.blogspot.com/2007/05/vundofix-and-combo-fix.HTML
3. Run Malwarebytes Anti-Malware
http://securitynewsfromthenet.blogspot.com/2008/03/malwarebytes-anti-malware-105.HTML
4. Run the anti spyware remove programs spybot http://securitynewsfromthenet.blogspot.com/2007/03/spybot-search-and-destroy-spyware-and.HTML and superantispyware http://securitynewsfromthenet.blogspot.com/2007/04/superantispyware-home-edition-free.HTML to get rid of the nasties
5. Run a complete scan with free curing utility Dr.Web CureIt!
http://securitynewsfromthenet.blogspot.com/2008/05/dr-web-cureit.HTML
All Trojan horses are hidden files, in order to get at them you will need to go to Start /Control Panel /Folder Options (click the View tab)and uncheck both the *Hide file extension for known file types & *Hide protected operating system files (Recommended)-boxes, then OK yourself out. Then you will need to restart your computer and go into SafeMode by HOLDING the F8 key DOWN -(at bootup - after the first screen info - be quick!) and choose SafeMode. [You have to use your keyboard when you're in SafeMode - the keys to use are Ctrl/Alt/Delete (to exit the Help and Support screen) - Tab/Arrow keys/ Pageup/Pagedown/ the Window key(between Ctrl & Alt) & Enter] So, from the DeskTop screen press the Window key to get Start/ arrow up to Search/ arrow right to For Files or Folders and type up the NAME OF THE FILE & EXT (not for example horse.winshow.V) but the actual name of the file, which would have shown up on your anti-virus software. To delete this file from here just press Page Up to highlight the file and then delete. To get out of Search -Alt F/ arrow down to Close and press Enter. Press the Window key to shutdown and restart your computer.
It will be safe to empty your Recycle Bin in the Normal mode where you can use your mouse.
I have had 4 Trojan horses on my C drive and kinda figured out the above method a week ago. After unchecking the hidden files boxes I deleted the Temp file from the _Restore folder (as these keep putting the same files back into your system), then went to SafeMode to delete what virus files that were still there. My computer is now absolutely FREE of these pests!
hope this helps...Phyl
PS. I also have AVG 6.0 (the free one) & also the Ad-aware 6 and I use them every day as my kids love to play games from the Internet.
I did all the above except when I tried to delete it, it said file cannot be deleted, access denied, source may bein use.
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
Norton is junk. I fix computer every day and take out thousands of viruses and what I commonly see is Norton on the computer. That tell me that Norton is not working at all. Norton has lot of problem because it lives on your machine. New viruses come out by the second and Norton could not keep up with the update with its long distribution line and traffic jam up.
Where do I go to find the hidden files? 1. doesn't tell me enough about what window to be in to follow the instructions. Thank you
Go to the Start tab, Click it. Go to the control panel. On the tool bar click the tools tab, and find the folder options. click the folder options. Select "Show all hidden files". That should do it. When you are done fixing your PC, go back and select to hide folders and files.
How do you get rid of Trojan horse Comet C and Comet B?
Download and run firefox to protect your computer from future spyware attacks and pop ups which are coming in through internet explorer (Trojan downloaders, win32 ).Browser attacks aren't easy to spot because they piggyback on legitimate traffic that doesn't exhibit many obvious warning signs
1. Run Deckard's System Scanner (DSS)
2. Run the vundo and combo fix
3. Run Malwarebytes Anti-Malware
4. Run the anti spyware removal programs spybot
5 Run Superantispyware
6. Run a complete scan with free curing utility Dr.Web CureIt!
Comet.B. In winXP home OS the only way I have established at the moment is to disable system restore, drastic as is sounds downright dangerous if you mess around with win. systems as I do. Go to control panel then performance and maintenance click system then click system restore tab tick check box to turn off. Try running avg or similar again and see how it goes. i have also explored the system volume information folder ((hidden) which was empty. see www.theeldergeek.com he's quite clever.
You need to run these 6 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run the vundo and combo fix
3. Run Malwarebytes Anti-Malware
4. Run the anti spyware removal programs spybot
5 Run Superantispyware
6. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
How do you remove Trojan Horse Clicker AJ?
Download and run firefox to protect your computer from future spyware attacks and pop ups which are coming in through internet explorer (Trojan downloaders, win32 ).Browser attacks aren't easy to spot because they piggyback on legitimate traffic that doesn't exhibit many obvious warning signs
1. Run Deckard's System Scanner (DSS)
2. Run the vundo and combo fix
3. Run Malwarebytes Anti-Malware
4. Run the anti spyware removal programs spybot
5 Run Superantispyware
6. Run a complete scan with free curing utility Dr.Web CureIt!
Try to do free online scan from: pandasoftware Good luck.
Try the following programs-they will stop all unwanted stuff from getting on your PC-I went to www.webattack.com and found a way to remove it by doing the following-clicked on green link at the top of the page stating "FREEWARE",then clicked on virus tools/or you can search on that site for this program-"Avast home edition".It is the best freeware program,that i have ever used and removed the virus in no time.The Funweb A is a Trojan horse virus,and when Avast picked it up was goung under another name-i think that's why everybody have difficulty in removing it,and cant find anything under funwe A ,coz it is going under another name.Avast has also detected and removed 2 other virus infected files on my PC!It is important to do a live update of avast virus deff and to set program to run a full system scan.Do download the full free home adition and not just the computer cleaner.Its AMAZING and kicks budd! : )Thank you so much Avast!!!!Two programs going really well with Avast and also freeware on the same site is Ad-Aware spy detector and Zone Alarm firewall.I have all three and they work together like magic!: )GREAT STUFF!!!!Try it,you wont look back!
eYou can remove this by downloading and installing Malware bytes ,update it and scan your computer for Trojan horse or malwares in your computer .How do you get rid of Trojan horse c restore temp A0024508 cpy?
You need to run these 6 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run the vundo and combo fix
3. Run Malwarebytes Anti-Malware
4. Run the anti spyware removal programs spybot
5 Run Superantispyware
6. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
Update ur Antivirus.or download the Stinger ie latest one.also u visit the site of Symantec and u will get the all details for removing the all type of trojans.
You can get rid of this Trojan horse c restore temp A0024508 cpy by following these steps .
1 Download and intall the Malwarebytes on your computer .
2 Update your Malwarebytes .
3 Scan your computer for all the malwares in your computer .
4 Remove all the malwares , found while scanning with the malwarebytes .
5 Restart your computer .
How do you get rid of Trojan Spooner A virus?
Download and run firefox to protect your computer from future spyware attacks and pop ups which are coming in through internet explorer (Trojan downloaders, win32 ).Browser attacks aren't easy to spot because they piggyback on legitimate traffic that doesn't exhibit many obvious warning signs
1. Run Deckard's System Scanner (DSS)
2. Run the vundo and combo fix
3. Run Malwarebytes Anti-Malware
4. Run the anti spyware removal programs spybot
5 Run Superantispyware
6. Run a complete scan with free curing utility Dr.Web CureIt!
I used AVG free 6 to remove Spooner.A, the only part it didn't remove was form SP.exe in the root directory of C, i changed my settings to show hidden files and deleted it manually.
USE AVG FREE 7 TO REMOVE TROJAN HORSE SPOONER.A,IT ALSO REMOVES sp.exe ,WHICH IT DID NOT DO IN AVG FREE 6
For support within the United States and Canada, call toll-free (866) PCSAFETY (727-2338).
This is the Microsoft virus line, the call is free if you call them they will walk you though the steps for virus removal
Try to download and intall malwarebytes anitvirus software , upgrade and scan the computer for the virus .
How can you remove Trojan MusicSearch.AM in a subdirectory under c system volume?
Assuming you mean a subdirectory under 'C:\System Volume Information' and your anti-virus application has detected but cannot fix the problem :- select System Restore tab in System Properties (WinKey+Pause) and check the box marked 'Turn off System Restore on all drives', confirm, close System Properties and reboot. This will clear all files in 'C:\System Volume Information' and therefore the MusicSearch.AM problem. 'C:\System Volume Information' is not just a hidden folder, it's also system protected and as such, anti-virus software cannot write to any file within and therefore cannot delete or quarantine any infected file detected. To turn on System Restore, just reverse the above procedure. Hope this helps, Canis.
Why can't you just delete all the files in your AVG Free Edition Virus Vault to remove a virus?
Usually it will work, but sometimes it will be formed again. Although you delet it using AVG, it will form again and again. In this case, see the file's location, and delete it yourself.
How do you get rid of a virus .pif file?
Unfortunately, IM viruses have become a very common problem lately. Generally, removing these viruses can be complex, and removal instructions vary depending on which virus you have. More detail would be useful.
There are however some general things you can do:
1. Your best solution is to use a virus scanner. If the scanner does not detect the virus, it may lead you to a removal tool online.
2. If you know the name of the virus you have, a simple search on a virus scanner's web site (such as www.symantec.com) will probably lead you to an automatic removal tool.
3. Check out Microsoft's security web site at They have some tools you can use to remove many of these types of viruses, especially for MSN Messenger. You can look up other IM web sites to see if they have a removel tool available.
4. Spyware removal software, such as Ad-aware, can sometimes clean some types of these viruses. Check out www.lavasoft.com for more.
5. Try a google search, and provide as many details as possible. It's very likely someone has posted removal steps somewhere for your virus.
You can get rid of this worm , by following these steps .
1 Download and intall the Malwarebytes on your computer .
2 Update your Malwarebytes .
3 Scan your computer for all the malwares in your computer .
4 Remove all the malwares , found while scanning with the malwarebytes .
5 Restart your computer ,
You need to run these 3 essential programs to remove all the spyware on your computer.
If you do not have an internet security suit and only an anti virus
1. Run Malwarebytes Anti-Malware
2. Run a complete scan with free curing utility Dr.Web CureIt!
3. Run the anti spyware removal programs spybot or Superantispyware
Browsers
Use Mozilla firefox or the google chrome browser for browsing unsafe websites
Install ThreatFire
ThreatFire, features innovative real-time behavioral protection technology that provides powerful standalone protection or the perfect complement to traditional signature-based antivirus programs offers unsurpassed protection against both known and unknown zero-day viruses, worms, trojans, rootkits, buffer overflows, spyware, adware and other malware.
Run an online virus scan like
Trend Micro HouseCall
Kaspersky free online virus scanner
Windows Live OneCare safety scanner
BitDefender Online Scanner
ESET Online Antivirus Scanner
F-Secure Online Virus Scanner
avast! Online Scanner
update your software by running
Secunia Online Software Inspector
Install a good antivirus in your computer.
Keep your antivirus updated. If automatic updates are available, configure your antivirus to use them.
Keep your permanent antivirus protection enabled at all times.
What does Trojan horse TR Dldr Delf R do to your computer?
Trojan-Clicker.Win32.Delf.r
This Trojan hijacks Internet Explorer
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
The easiest way to get rid of it is to switch off system restore, then switch it back on again. This is done through 'System' in the 'Control Panel'. This deletes all of your restore points, so you'll have to do a manual 'restore point' afterwards. There are some antivirus programs that can get rid of viruses/trojans in restore point files, AVAST is one of them. You'll have to make sure that whatever antivirus program you're running is up-to-date though.
Would Trojan Horse Dialer virus cause the constant beep you have after turning on your computer?
It usually does not cause your computer to beep but if you have a modem and a phone line it could dial some random numbers
How do you get rid of Downloader Agent 9 BD if AVG detects it but cannot kill it?
HI. Yesterday I got this little goodie on my machine. I have the paid version of AVG. It said that it could not "heal" it. It resides in the virus vault now. Today, it happened again, in a different file. (The first one was in C:\WINDOWS\system 32\...file name "appox.dll" The second one was in C:\WINDOWS\d3ln32.exe.) Today it offered the option of "healing" it. I chose that and it reported that it had been successfully healed. Maybe the difference is where the Trojan is located, because when I went back to the virus vault and tried to heal the one there, I was told that it could not be healed!! Status is "infected" I hope that this helps. I would like to understand this Trojan better but can find very little information about it. AVG had nothing as did Norton. Next I will try Sophos or Microtrends. Will let you know if I find out anything at all. LUCK!!
How do you remove the Trojan horse dialer virus?
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Comodo Internet Security Suite / Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
I recommend downloading the new Free version of AVG antivirus ,the official toll free number of AVG tech support is 1-877-523-3678. It's up to date and it'll immediately run a quick check to remove any viruses from your computer (in your case, the Trojan Horse Dialer).
Download Adware 6.0. It got rid of it for me. Also it will get rid of all the spam files on your hard drive.
AVG tech support number ######1-877-523-3678
Go to this page and click on Scan for Viruses
It needs to download a few file so as to activate the scan so you may see a message like this.
"The Scan for Viruses uses an ActiveX program to scan your computer. The download is approximately 1.5MB and can take about 10 minutes over a 28.8 modem.
The scan can take more than 20 minutes depending on the speed of your computer and the number of files that you have. Please do not browse away from this page unless you intend to abort the scan.
Downloading Scan for Viruses controls. Please wait...
During the download, you might see one or more messages asking if it is OK to download and run these programs. Click Yes when these messages appear.
Note: Scan for Viruses does not scan compressed files"
======================
Trend Micro HouseCall
AVG Tech support phone number #####1-877-523-3678
In order to better serve our customers, we ask HouseCall users to register before scanning their computer. By registering, you will receive virus alerts from our team of VirusDoctors. You will be able to unsubscribe when you receive your first email. You can also scan without registering"
How can you get rid of Trojan horse dialer 11 Aq and Trojan horse dialer 11 BD?
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
This is the free Microsoft anti-virus line. This is a totally free service that will walk you through the virus removal steps: For support within the United States and Canada, call toll-free (866) PCSAFETY (727-2338).
You can get rid of these Trojan horse dialer 11 Aq and Trojan horse dialer 11 BD from your computer by following these steps .
1 Download and intall the Malwarebytes on your computer .
2 Update your Malwarebytes .
3 Scan your computer for all the malwares in your computer .
4 Remove all the malwares , found while scanning with the malwarebytes .
5 Restart your computer .
This malwarebytes will solve your issue .
What does Trojan Horse Dialer ll AQ mean?
It means you are infected with spyware
1. Download and run firefox to protect your computer from future spyware attacks and pop ups which are coming in through internet explorer (Trojan downloaders, win32 ).Browser attacks aren't easy to spot because they piggyback on legitimate traffic that doesn't exhibit many obvious warning signs . 2. Run the vundo and combo fix 3. Run Malwarebytes Anti-Malware
4. Run the anti spyware remove programs spybot
5. Run a complete scan with free curing utility Dr.Web CureIt!
How do you remove dialer.8.c and dialer.11.ba viruses?
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
This is the free Microsoft anti-virus line. This is a totally free service that will walk you through the virus removal steps: For support within the United States and Canada, call toll-free (866) PCSAFETY (727-2338).
How do you remove Trojan Horse Dialer 20 AG?
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
Try running your antivirus software. If you have none (or if it's not removing it) try downloading GriSoft's AVG Free Edition from http://free.grisoft.com/doc/1 It's developed a good reputation for fixing 20 AG's mess. Just make sure you deactivate any antivirus that you already have before you run AVG, or they shall conflict.
You can get rid of this virus , by following these steps .
1 Download and intall the Malwarebytes on your computer .
2 Update your Malwarebytes .
3 Scan your computer for all the malwares in your computer .
4 Remove all the malwares , found while scanning with the malwarebytes .
5 Restart your computer .
How do you get rid of Trojan horse PSW Bispy B?
You have a very formiadble infection. good thing you know the name. PSW Bispy B has infected many computers. The problem is that that most antivirus programs don't detect it. The only ones that do is AVG and windows live onecare. However AVG detects but it can't do anything about it. Go to this link http://onecare.live.com/standard/en-us/3/communications/trytoday.htm
It will allow to download live onecare with a free 90 day trial.
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
Go to GriSoft and download their AVG anti-virus software. Be sure to get the free version. Run the program. It will automatically isolate & remove the Trojan horses PSW.Bispy.A and PSW.Bispy.B, as well as most other viruses and Trojan horses.
On Win 2000:
After AVG picked up the instances of BIspy.A and .B in my users /Local Settings/Temp folder, I deleted the 6 files associated (cab, ini, exe and some others that started with BI)then went into the registry (start > Run > Regedit), searched for "BI.dll" and deleted the registry entry for the program when i found the correct string.
If you are not keen on editing the registry yourself, get hold of Spybot - Search and Destroy
After I restarted the machine, and was able to delete the /winnt/BI.dll
im running AVG too, same problem with virus vault. To get rid of it (using winXP) this is what i did.
ran command prompt.
CD 'local settings'\temp
del bi*
seemed to work for me.
I too had the virus that my avg would not remove. what I did was move the infected file to the recycle bin and then ran the avg scan again. This time it healed it and put it into the vault. ..
I too had the PSW.Bispy.A and PSW.Bispy.B viruses on my C- Drive.
AVG anti-virus software detected and removed the bi.dll file but was not able to delete the virus contained in a file in the C:\_restore\temp folder. I am running Windows ME and I think the files in the folder cannot be accessed because they are used by the RESTORE function. To get around this, I downloaded a windows bootfile from www.bootfile.com, copied the files to a floppy and then booted from the floppy. At the A> prompt, I changed the drive and directory to C:\_restore\temp. Since I booted from the floppy, I was able to delete the infected file. I then rebooted from the hard drive and ran AVG anti-virus software again. This time it found the virus in another file in the same folder. I then rebooted from the floppy, erased the infected file and rebooted from the hard drive. AVG was rerun and the virus has been removed completely. It took two iterations to remove it completely.
Two online virus programs did not detect the virus before it was removed. AVG was the only one that did.
I have XP Home Edition and ran AVG. The program detected and removed the virus just easily.
Finally after a day of trying to clean it, I turned off my system restore, then rebottted ...ran AVG. it stuck them in virus vault and I was able to delete them...have scanned 3 times now and they are all gone...
this got rid of it for me.download WINPATROL and then run it it will come up with a screen pretty much straight away click on ie helpers tab and you will now see a file bi dll.delete file,it will say that it wont delete it but it will stop it running by doing this it enables avg or your own virus software to delete it cos its not running.run your virus software and it will heal it problem solved.
For those with PSW.Bispy.B or A or C AVG now has a small executable program on their homepage to deal with these and 60 others..simply boot up in safe mode(I'm running Windows ME) click on the downloaded file,and it removes all 3 files associated with the virus..reboot normal and Voila! Worked on my version A.
If you can move them to your recycle bin then delete them and your problem is solved.
All Trojan horses are hidden files so you would need to go to the Files Option (click the View tab)at Control Panel and uncheck both the *Hide file extension for known file types & *Hide protected operating system files (Recommended)-boxes, then OK yourself out. You will then need to restart your computer and go into SafeMode by HOLDING the F8 key DOWN -(at bootup - after the first screen info - be quick!). [You have to use your keyboard when you're in SafeMode - the keys to use are Ctrl/Alt/Delete (to exit the Help and Support screen) - Tab/Arrow keys/ Pageup/Pagedown/ the Window key(between Ctrl & Alt) & Enter] So, from the DeskTop screen press the Window key to get Start/ arrow up to Search/ arrow right to For Files or Folders and type up the NAME OF THE FILE & EXT (not Horse PSW.Bispy.B) but the actual name of the file, which would have shown up on your anti-virus software. To delete this file from here just press Page Up to highlight the file and then delete. To get out of Search -Alt F/ arrow down to Close and press Enter.
It will be safe to empty your Recycle Bin in the Normal mode where you can use your mouse.
I have had 4 Trojan horses on my C drive and kinda figured out the above method a week ago. I deleted the Temp file (as these keep putting the same files back into your system) from the _Restore folder after unchecking the hidden files boxes, then went to SafeMode to delete what virus files that were still there. My computer is now absolutely FREE of these pests!
PS. I also have AVG 6.0 (the free one) & also the Ad-aware 6 and I use them every day as my kids love to play games from the Internet.
The AVG cannot get rid of it because it is locked into your system as a hidden file. The way to get at it is to unlock the file by going to Start/Settings/Control Panel/Folder Options/View tab and uncheck the Hide file types...etc. as I mentioned above. Then all you would need to do is to go to Search and delete it. If not in the Normal mode, then Search and delete it in SafeMode.
the problem with the virus in the restore folder is that AVG cant delete/modify files in there. you need to disable system restore. I also had this virus in a backup of my accounts. I tried running the removal tool from Grisoft but it didnt work. I disabled system restore, deleted the files associated with the virus then rebooted. I also searched the registry for any "bi" or"bispy" entries. there were none, so i guess im all good now. what ever you do just remember to disable system restore. if you don't you will continue to get the AVG extension message and if you ever need to restore to an earlier date you will reinfect your puter.
I have AVG and it could not take it off even though it was updated. I, however, did find an alternative given by grisoft/AVG at the following URL: grisoft.com
I would suggest following its instructions to the letter. If you do, you can then run AVG again and the Virus will have disappeared.
You can get rid of the Trojan horse , by following these steps .
1 Download and intall the Malwarebytes on your computer .
2 Update your Malwarebytes .
3 Scan your computer for all the malwares in your computer .
4 Remove all the malwares , found while scanning with the malwarebytes .
5 Restart your computer ,
--To remove this thing from your computer , download and install the SuperAntiSpyware on your computer . update your computer and scan the computer with this.You can get rid of the Trojan horse , by following these steps .
1 Download and intall the SuperAntiSpyware on your computer .
2 Update your SuperAntiSpyware .
3 Scan your computer for all the malwares in your computer .
4 Remove all the malwares , found while scanning with the SuperAntiSpyware.
5 Restart your computer .
How can you get rid of the Trojan trj virtumonde or PSW Agent H?
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
Use AVG antivirus from Grisoft to heal psw.agent.h (as of today !)
You can get rid of this Trojan horse , by following these steps .
1 Download and intall the Malwarebytes on your computer .
2 Update your Malwarebytes .
3 Scan your computer for all the malwares in your computer .
4 Remove all the malwares , found while scanning with the malwarebytes .
5 Restart your computer .
How can you get rid of Trojan horse psw agent h and Trojan win32 killreg d?
Good news : as of today, AVG can heal Trojan horse psw.agent.h !
I had the same Trojan on my computer, booting the OS in safe mode, and disabling system restore did not work for me. I also tried almost every Anti-Virus, Ad-ware, and Trojan software out there but nothing did it. The way to remove this PSW.Agent.H is simple, the only catch is there is a process running called sysupd.exe running which protects the Trojan source file in Documents and Settings (_UPDATE.DAT ) from being removed. So here is what you do.
Read all the steps below before you start.
1. Run a search on the computer for a file called sysupd.exe .
2. Open My Computer, and browse to the folder that contains the file.
3. Press Ctrl+Alt+Del, and click on Task Manager.
4. Look on the bottom of the Task Manager window to see how many process are running, ex (Process:15)
5. Find sysupd.exe and stop it. most likely it will keep starting it self over.
4. Keep looking for it and stopping it, until the number of process' go down by one. Once you reach this point you only have a few second until it restarts, so be quick.
5. Switch to the window where sysupd.exe is located and quickly remove it.
6. Once sysupd.exe have been removed, then you can remove the main file _UPDATE.DAT which will be found somewhere in Documents and Settings. (If you cannot find it run a search for it)
7. Run AVG antivirus again to make sure the Trojan is gone.
I do not use this web site at all, i only found it while I was searching on Google for what people are saying about this Trojan.
NOTE if you can't find the update.dat file after getting rid of the sysupd, its okay, just run your scan from AVG again. Its seems to be the virus software that finds this Agent H and only one that can heal it when you stop that sysupd process from running!
Edit
I had the same virus on my computer and couldn't get rid of it...finally today may 16th when i ran my avg....it healed it and now its gone. so try running avg again they may have figured it out or something. hope this works.
I had psw.agent.h & here's what I did:
I tried the above method but didn't get Task Manager when I used Ctrl-Alt-Del (I suppose it's because I'm not in Windows XP). Anyway, I couldn't get the sysupd.exe to shut off so I could delete it, because windows was currently using it. I restarted in MS-DOS mode (after looking up some commands online because I'm not too experienced with DOS) I went to the directory for windows & was able to delete sysupd.exe from dos, then restart in windows, delete _update.dat and ran AVG to make sure it was gone. So far it is gone (whoo hoo!) and I'm hoping this can help anyone who had similar trouble to mine. Feel free to email me any questions... :)
I tried the recommended ideas above and nothing worked. I would stop the program in tsk mgr and before i could delete it it would restart itself. but i finally found a way to get the program stopped so that avg could put the virus in the vault. i started my computer in safe mode and went in C:Windows and deleted the sysupd.exe because in safemode the program doesnt start up. then i re run avg in reg mode and it found the virus and removed it to the vault so i could delete it. thanks for your help.
All Trojan horses are hidden files so you would need to go to the Files Option (click the View tab)at Control Panel and uncheck both the *Hide file extension for known file types & *Hide protected operating system files (Recommended)-boxes, then OK yourself out. You will then need to restart your computer and and go into Safe Mode by holding the F8 key down -(kind of at the beginning of bootup). When you're at the DeskTop screen go to Start/ Search/ For Files and Folders and type up the NAME OF THE FILE & EXT which would have shown up on your Anti-Virus software, you can delete this file from here. Also, make sure to empty your Recycle Bin.
I have had 4 Trojan horses on my C drive and kinda figured out the above method a week ago. I deleted the Temp file from the Restore folder after unchecking the hidden files boxes, then went to SafeMode to delete what virus files that were still there. My computer is now absolutely FREE of these pests!
I fought this horse for a long time and here's what I finally did to get rid of it: 1. download the kill.exe utility
2. create the following bat file:
kill sysupd.exe
del /F c:\winnt\sysupd.exe
copy c:\winnt\notepad.exe c:\winnt\sysupd.exe
3. run this script from a command prompt over and over until the file sysupd is switched to notepad
4. now the damn horse is gone and you can successfully remove its data file (_update.dat) located somewhere under 'documents and settings'
Thanks to all for the invaluable information. These forums are my first stop when I need info.
I was also having trouble killing sysupd.exe with Task Manager and then deleting the file before it restarted. What worked for me was to start up a couple of CPU intensive apps, like AVG, Spybot, AdAware (all of which I couldn't do without) which slowed down my machine. This gave me enough time to kill the process, flip over to the file and delete it.
I then rebooted, and was able to delete _update.dat which was the infected file.
thanks to all for your help, Ken.
well, i had the szme problem - i run mcafee antivirus...
mcaffee - for some strange reason recognises this virus as backdoor-ajx, i guess they ain't updated their systems..
see now i managed to delete the _updatedat file by going into safe mode... its easy as chips thatway BUT i continously get my mcafee detecting and automatically deleting this 'backdoor-ajx' virus..
ive looked online for this virus and there are manual removal - but when i try them, i do not have the sysptoms...
has anyone else got this problem?
You can get rid of Trojan horse psw agent h and Trojan win32 killreg d from your computer by following these steps .1 Download and intall the Malwarebytes on your computer .2 Update your Malwarebytes .
3 Scan your computer for all the malwares in your computer .
4 Remove all the malwares , found while scanning with the malwarebytes .
5 Restart your computer .
You need to run these 3 essential programs to remove all the spyware on your computer.
If you do not have an internet security suit and only an anti virus
1. Run Malwarebytes Anti-Malware
2. Run a complete scan with free curing utility Dr.Web CureIt!
3. Run the anti spyware removal programs spybot or Superantispyware
Browsers
Use Mozilla firefox or the Google chrome browser for browsing unsafe websites
Install ThreatFire
ThreatFire, features innovative real-time behavioral protection technology that provides powerful standalone protection or the perfect complement to traditional signature-based antivirus programs offers unsurpassed protection against both known and unknown zero-day viruses, worms, trojans, rootkits, buffer overflows, spyware, adware and other malware.
Run an online virus scan like
Trend Micro HouseCall
Kaspersky free online virus scanner
Windows Live OneCare safety scanner
BitDefender Online Scanner
ESET Online Antivirus Scanner
F-Secure Online Virus Scanner
avast! Online Scanner
update your software by running
Secunia Online Software Inspector
Install a good antivirus in your computer.
Keep your antivirus updated. If automatic updates are available, configure your antivirus to use them.
Keep your permanent antivirus protection enabled at all times.
How do you remove Trojan horse PSW agent N?
For Windows XP, do the following: this Trojan resides in the "C:\System Volume Information\_restore" folder which makes it inaccessible to AVG. You will be disabling and re-enabling the System Restore feature, and when you re-enable, the System Restore feature will create a new restore point and resume monitoring your computer, sans Trojan. The full direction can be found on Microsoft's site at support.Microsoft, but the outline follows: 1. click START, SETTINGS, and CONTROL PANEL 2. Double click SYSTEM and then you will have to search around to find a DISABLE SYSTEM RESTORE check box somewhere under SYSTEM (different XP's seem to have different routes to this check box) 3. click to DISABLE SYSTEM RESTORE check box, click APPLY, click to clear the DISABLE SYSTEM RESTORE check box, click APPLY, and then click OK. 4. Close everything down and Restart your computer.
You can get rid of this Trojan by following these steps
1 Download and intall the Malwarebytes on your computer .
2 Update your Malwarebytes .
3 Scan your computer for all the malwares in your computer .
4 Remove all the malwares , found while scanning with the malwarebytes .
5 Restart your computer .
You need to run these 3 essential programs to remove all the spyware on your computer.
If you do not have an internet security suit and only an anti virus
1. Run Malwarebytes Anti-Malware
2. Run a complete scan with free curing utility Dr.Web CureIt!
3. Run the anti spyware removal programs spybot or Superantispyware
Browsers
Use Mozilla firefox or the Google chrome browser for browsing unsafe websites
Install ThreatFire
ThreatFire, features innovative real-time behavioral protection technology that provides powerful standalone protection or the perfect complement to traditional signature-based antivirus programs offers unsurpassed protection against both known and unknown zero-day viruses, worms, trojans, rootkits, buffer overflows, spyware, adware and other malware.
Run an online virus scan like
Trend Micro HouseCall
Kaspersky free online virus scanner
Windows Live OneCare safety scanner
BitDefender Online Scanner
ESET Online Antivirus Scanner
F-Secure Online Virus Scanner
avast! Online Scanner
update your software by running
Secunia Online Software Inspector
Install a good antivirus in your computer.
Keep your antivirus updated. If automatic updates are available, configure your antivirus to use them.
Keep your permanent antivirus protection enabled at all times.
Why does AVG not delete Trojan horse PSW biss h?
I use AVG free edition and it has detected and removed this Trojan by healing. Two files were infected : Same names (jao.dll) but 2 different directories :c:\windows\downloaded program files\and c:\windows\lastgood\downloaded program files\My OS is XP (home Edition)RegardsPhilippe
