Hello there I just got infected with Trojan horse when i run my program the program dosn`t work and my anti-virus (AVG) and when i deleted my program file and created antoher one and when restarted pc it was back. And i know where i got it. I got it from my external hard drive. i had not plugged it in for along time and when i did avg said there was trojan so i pressed clean and know its in my pc hwo can i clean it from my whole computer and hard drive without formating cuz i have valuable files. Please help

How do people even get viruses?

Anyway your best bet is to reformat. Back up your important files (don't back up any executables), reformat, then copy your important files back.

I would recommend entering Safe mode, and then running ComboFix (downloaded from Bleepingcomputer: http://www.bleepingcomputer.com/download/combofix/ ). Try to make sure that AVG is completely off when you run it, due to the fact that it does cause conflicts with Combofix. Also, be careful when running this- Combofix can corrupt your entire hard drive if used incorrectly.

Now, for a less risky method, you can always use RKill (same site: http://www.bleepingcomputer.com/download/rkill/ ). This simply disables the malware rather than removing it, letting AVG clear it out.

@Disch yea ill try that but i have some important executables

@Ispil dont wanna corrupt my hard drive but ill try ComboFix and take the risk and im also trying Malwarebyte

Do you have another computer you can use? If yes...

1) Download any Linux distribution* (must be live) as a CD image (ISO).
2) Burn it to a CD** then boot it on the infected computer.
3) Save your important files to a flash drive then nuke the hard drive.

* I recommend PartedMagic for this task.
http://partedmagic.com/doku.php

** Could also make a bootable flash drive instead, if that's more convenient.
http://unetbootin.sourceforge.net/

@Catfish i have ubuntu on this system triple booted and yea i also have another laptop but the charger is broken
i will try after malwarebyte becuz it has detected 3 already :D

Well then can't you get into Ubuntu and save your files from there?

yea bt if i do, wont the virus be taken with it? and some are executables

yea bt if i do, wont the virus be taken with it? and some are executables

Here's another idea: get the ISO of an antivirus rescue disk, burn it to a CD then use it to check. Here's three:

http://download.bitdefender.com/rescue_cd/
http://www.freedrweb.com/livecd/
http://www.kaspersky.com/virus-scanner

Hint: you should be able to burn the CDs in Ubuntu if your laptop can't be used.

Negative.
Windows executables != Linux executables.

Avg?
:|

It's bad antivirus .

Kasperskey > Bitdefender

For keylogs malwarbytes

These 3 - the only antiviruses we should know

Thanks catfish

@EssGeEich But i wanna run my exe after a fresh install of windwos. cuz they are important.

Thanks guys ComboFix has done it and i will run malwarebyte now.
Thanks

My program runs fine now.Thanks for the help guys and Ispil thanks for ComboFix. It has done it

You sure it's not a false alarm? It happens to me every once and a while.

And I'm almost certain you can't get a virus from something because you didn't use it for too long.

Unless you got the product from a corrupt company...

Disch wrote:
How do people even get viruses?

Naughty photos on the internet ;p

EDIT: Reading it again I don't know if you're saying your program caused it or your External HD...

What were you doing that lead you to believe you have a virus?

they are pretty damn rare unless you're looking at a bunch of porn on sketchy websites, or downloading every obviously sketchy thing possible

I wrote:
Naughty photos on the internet ;p

Or probably that cool program that makes you a 1337 h4x0r

_{^{http://www.downloadmoreram.com/}}

You'd be surprised where viruses sneak up. They can hijack adverts and manipulate your browser in various ways, such as minimizing it to make it appear that it closed randomly with nothing but a message that you'd instinctively click the X of.

Clicking the X actually activates it and makes it download.

@Ispil

that wouldnt surprise me, strangely enough though i havent gotten a virus in a long long time ( since around cptblasts age ).

it still just shocks me when people get them, i just wish i knew what sites they went to and all that. im very curious about how so many people can get them and i manage to avoid it so easily

Hi,

Most Malware spread through JDB (Java Drive By). This is how it works.

[-] Hacker manages to find a Security Vulnerability such as:
=> SQLi
=> RFI (Rare)
=> LFI (Rare)
=> More

[-] Then the hacker, "shells" the website using public shells such as c99 or private shells.

[-] The hacker steals all he needs to then sells the Website to a Botnet Operator

[-] Malware Operator then installs a JDB.

[-] All visitors get infected.

Now you may understand, it can even happen to Non-Malicious site and even trusted sites.

Some of JDB's don't work on few broswers such as Chrome, therefore the more secure broswer you use the safer you are (obvious).

I suggest you use Chrome.

@Space Worm Would you consider firefox (nightly build) to be safe?

@OP The reason it keeps coming back is because at start up it is being run and every time it runs it puts itself back into your drive. What you need to do is find out which program it is and then stop it from running at start up. Then next time you restart you just find all copies of it and delete them. That is how I did it with a USB Trojan that infected my school.

@Space Worm Would you consider firefox (nightly build) to be safe?

Can Java Drive By's work if you don't have Java enabled (or even installed)? I think not.