It's kept popping up in MS security essentials and despite numerous quarantines it pops right back up again. I tried to use ComboFix to get rid of it but it too failed.
All of them, every time Microsoft Essentials Quarantine it but when i restart it's right back where it started. It somehow starts up when my PC starts up and i have no clue where it is.
It probably inserted a line in the run, run once or run services keys in the system registry. So you can't delete/quarantine it unless you shut it down first. Which is why it keeps starting up. If you know the file name of the trojan you can search for it in your registry and shut down the run service then restart and use MalwareBytes in safe mode to remove it.
Edit:
By shut it down in the registry i mean Delete the key.
It probably inserted a line in the run, run once or run services keys in the system registry. So you can't delete/quarantine it unless you shut it down first. Which is why it keeps starting up. If you know the file name of the trojan you can search for it in your registry and shut down the run service then restart and use MalwareBytes in safe mode to remove it.
Edit:
By shut it down in the registry i mean Delete the key.
I don't know where to find it in the registry. MSE just tells me it's name but not it's locations... Any ideas? There are thousands of things in there.
I don't know where to find it in the registry. MSE just tells me it's name but not it's locations... Any ideas? There are thousands of things in there.
Once you delete the keys telling the trojan to start up on boot it wont start next time you boot up, then you are free to use MalwareBytes to delete the file(s).
Just format windows and be done with it. I had a similar situation recently with Conduit.search.protect which attached it self to my chrome account and infected both home and work PCs. Long story short I managed to remove it but it had corrupted windows and was causing all sorts of instability. I just formatted both computers and started from scratch.
You have to look at how much time you have already spent and then think it really is just easier to format and start again.
Just format windows and be done with it. I had a similar situation recently with Conduit.search.protect which attached it self to my chrome account and infected both home and work PCs. Long story short I managed to remove it but it had corrupted windows and was causing all sorts of instability. I just formatted both computers and started from scratch.
You have to look at how much time you have already spent and then think it really is just easier to format and start again.
LOL, why would you format because of a silly little trojan virus? Once you shut down the service you can simply delete the file, pretty simple and wont corrupt anything.
Do you have another computer that you can plug the HDD into as a secondary drives? You may have better luck with that. The most potent anti-virus software I've managed to get my hands on is Kaspersky Virus Killer. If you can get a download of that, you'll be set.
1) Task Manager, find the file name in the process of the Trojan remote application. Odds are it's in the windows/system32 dir and a dll file but not always.
2) Type regedit in the search box of the start menu
3) Edit -> Find (put in the file name without the file extension, .dll, .exe, . fak...etc)
4) It will probably be in a run, runonce or runservice
5) delete all keys that relate to that one file.
6) restart PC in safe mode and use whatever anti-virus you have.
Also always backup your registry before editing it, even if you have to reset those run services after you delete the virus it wont start it back up because the virus is gone.
Deleting a trojan is the simplest thing in the world because it's not technically a virus and it can't replicate unless the person on the other end already accessed your pc and did that.
I've tried it, is that TDSSKiller? it couldn't even find it. It did find some dclog files which is claims contained my stolen data. Of all the antivirus software i've downloaded only MSE can actually find fynloski, the rest keep finding the dclog files and a single registry edit that i deleted.
And sadly i can't find a trace of fynloski running, I check all the services, network links and active tasks in task manager and nothing came up.
Looks like AVG to the rescue lol. details incoming... I guess i should note that i downloaded an illegitimate copy of Office 2013 onto my legitimate copy of windows 7 afew weeks ago for school, think that could be where this came from?
I don't know where to find it in the registry. MSE just tells me it's name but not it's locations... Any ideas? There are thousands of things in there.
You need to look into the startup locations in the registry. I don't remember what they are off the top of my head; google them.
If you can, download Process Hacker to see the parent process ID of the trojan (the program that opened it.) It may not be the "persistence" mechanism that actually opened it on startup, though.
Does this thing pop back up after you kill the process and delete the .exe? If so, you can run Process Monitor to try to see which process it re-creating the file.
Quote:
Originally Posted by huhh
LOL, why would you format because of a silly little trojan virus? Once you shut down the service you can simply delete the file, pretty simple and wont corrupt anything.
Well if this "silly little trojan virus" is this sneaky that you can't get rid of it, who knows what other sneaky things it might be doing even if you happen to get rid of this .exe and the .exe that's re-creating it all the time...
Well if this "silly little trojan virus" is this sneaky that you can't get rid of it, who knows what other sneaky things it might be doing even if you happen to get rid of this .exe and the .exe that's re-creating it all the time....
He had trouble because he's inexperience with removing trojans. If you actually manage to pick up a trojan and have a user accessing your PC from the outside then you should probably update your anti-virus and firewall because you're using the internet wrong. I can remove a majority of trojan's in 10 min without an anti-virus.
He had trouble because he's inexperience with removing trojans. If you actually manage to pick up a trojan and have a user accessing your PC from the outside then you should probably update your anti-virus and firewall because you're using the internet wrong. I can remove a majority of trojan's in 10 min without an anti-virus.
If you can't get a trojan removed most likely your computer is compromised and you probably should format the entire drive and do an scan on every other drive in the computer then check all the computers on your network. They key is to not get the virus by keeping an up to date and active anti virus/firewall, even a free one works fine for a majority of users.
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Related Threads
?
?
?
?
?
Ask a question
Ask a question
Overclock.net
27.8M posts
541.5K members
Since 2004
A forum community dedicated to overclocking enthusiasts and testing the limits of computing. Come join the discussion about computing, builds, collections, displays, models, styles, scales, specifications, reviews, accessories, classifieds, and more!