Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Viruses, Trojans, And Worms, Oh My

  • Please log in to reply
2 replies to this topic

#1 EffEwe


  • Members
  • 2 posts
  • Local time:11:27 PM

Posted 04 April 2006 - 05:37 PM

[font=Comic Sans Ms][size=3]
I am running Windows XP on my home computer.

I scan using AVG. During the most recent scan I found:

A0039608.exe Trojan Horse Generic.RWS
A0039854.exe Trojan Horse Generic.JX
devmks4.exe Virus found worm/spybot
Poller.exe Trojan Horse Generic.RWS
spoolsub.exe Virus found IRC/Backdoor.sdbot

Via Google I found the bleepingcomputer.com site and found my way to:
How to remove a Trojan. Virus, Worms, or other Malware

This link advised me to download/extract Autoruns. This program is supposed to allow me to remove these viruses from my system registry.

Step 6 in How to remove these infections advised me to check the Startup Database since many malware programs disguise themselves by using the same filenames as valid Microsoft files.

However when I do a search on the Startup Database for these particular malwares I am not given enough additional info to help me identify them when I run Autoruns.

Any advice out there?

BC AdBot (Login to Remove)


#2 jgweed


  • Members
  • 28,473 posts
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:10:27 PM

Posted 04 April 2006 - 06:27 PM

Was AVG unable to delete these files it found? If so, what error messages did it return to you?
Did you run AVG in safe mode?

Whereof one cannot speak, thereof one should be silent.

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,047 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:27 PM

Posted 04 April 2006 - 06:47 PM

You can right click any entry in the list and choose properties to gather more information. You can also right click and choose google which will launch your browser and provide even more information.

The entries should a description, the Publisher and the path where the location of that file can be found. For the startup entries, your looking for a file with an .exe extension at the end of the path.

Entry Example:
RoxioDragToDis by Roxio is located: C:\Program Files\roxio\easy media creator 7\drag to disc\drgtodsc.exe <- this file
Nod32krn by Eset is located: C:\Program Files\Eset\nod32krn.exe <- this file

If you copy and paste drgtodsc.exe in the "Enter the filename or keyword you would like to search for:
Then click on Search
You will get the result as show here: http://www.bleepingcomputer.com/startups/

If you copy and paste nod32krn.exe in the "Enter the filename or keyword you would like to search for:
Then click on Search
You will get the result as show here: http://www.bleepingcomputer.com/startups/

If your still unsure about a file you can post the name back here and someone will help you identify it.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users