Trojan Horse Virus - help!

AVG keeps popping up that there is a Trojan Horse virus. I'll send to vault
and then delete. I'll run a scan, and there is nothing there......few
minutes later, the box comes up again. I ran Spybot and SuperAntivirus
Spyware....not Trojan Virus shows. I don't know anything at all about
computers, so it's very frustrating for me. I just don't know what to do. I
tried looking up the Trojan Virus.

The pop up says:

TrojanhorseSHEUR2.KY
c:SystemVolumeInfo\-restore{202550A8-7A33-4BCA-9586-051D2YDD8F8F}\RP289\A0018816.dll

Please help ~ thanks!!!

Also, every time I activate the Windows Update (type services.msc in run, and
thin hit automatic and start in automatic updates), it updates and windows
updates work. However, if I reboot or do a virus scan, the windows updates
doesn't work again, and I have to do the run format all over again.

Hello whitney,

SuperAntiSpyware or/and MalwareBytes Anti Malware are your best bets.

<http://www.superantispyware.com/>
-=-
<http://www.malwarebytes.org/>
-=-
Note As a best practice, run in safe mode
-=-

My computer, Local Disk , right click , Properties, Disk-Cleanup, Run, Other
Options, check delete old restore points (the last recent checkpoint remªins).


Good luck
-=-


"whitney" wrote:

> AVG keeps popping up that there is a Trojan Horse virus. I'll send to vault
> and then delete. I'll run a scan, and there is nothing there......few
> minutes later, the box comes up again. I ran Spybot and SuperAntivirus
> Spyware....not Trojan Virus shows. I don't know anything at all about
> computers, so it's very frustrating for me. I just don't know what to do. I
> tried looking up the Trojan Virus.
>
> The pop up says:
>
> TrojanhorseSHEUR2.KYD
> c:SystemVolumeInfo\-restore{202550A8-7A33-4BCA-9586-051D2YDD8F8F}\RP289\A0018816.dll
>
> Please help ~ thanks!!!

"Engel" wrote:

> Hello whitney,
>
> SuperAntiSpyware or/and MalwareBytes Anti Malware are your best bets.
>
> <http://www.superantispyware.com/>
> -=-
> <http://www.malwarebytes.org/>
> -=-
> Note As a best practice, run in safe mode
> -=-
>
> My computer, Local Disk , right click , Properties, Disk-Cleanup, Run, Other
> Options, check delete old restore points (the last recent checkpoint remªins).
>
>
> Good luck
> -=-
>
>
> "whitney" wrote:
>
> > AVG keeps popping up that there is a Trojan Horse virus. I'll send to vault
> > and then delete. I'll run a scan, and there is nothing there......few
> > minutes later, the box comes up again. I ran Spybot and SuperAntivirus
> > Spyware....not Trojan Virus shows. I don't know anything at all about
> > computers, so it's very frustrating for me. I just don't know what to do. I
> > tried looking up the Trojan Virus.
> >
> > The pop up says:
> >
> > TrojanhorseSHEUR2.KYD
> > c:SystemVolumeInfo\-restore{202550A8-7A33-4BCA-9586-051D2YDD8F8F}\RP289\A0018816.dll
> >
> > Please help ~ thanks!!!


Im having the same problem, it wont let me turn my autoic updates on though
no matter what I do,. I have windows xp home, sp3, avast anti-virus, &
spybot. What give?

On Wed, 14 Jan 2009 21:54:04 -0800, whitney wrote:

> AVG keeps popping up that there is a Trojan Horse virus. I'll send to vault
> and then delete. I'll run a scan, and there is nothing there......few
> minutes later, the box comes up again. I ran Spybot and SuperAntivirus
> Spyware....not Trojan Virus shows. I don't know anything at all about
> computers, so it's very frustrating for me. I just don't know what to do. I
> tried looking up the Trojan Virus.
> The pop up says:
> GebwnaubefrFURHE2.XLQ
> c:SystemVolumeInfo\-restore{202550A8-7A33-4BCA-9586-051D2YDD8F8F}\RP289\A0018816.dll

1.Clear the (IE) temporary Internet files and the history cache.
Click 'Start' and then click 'Run'... then type (or copy/paste)
"inetcpl.cpl" (w/out quotation marks) into the box, then click the 'OK'
button.
In Internet Properties panel 'General' tab, under 'Browsing history', click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...' button then place a checkmark into the box beside 'Also delete
files and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.

2.Clean HDD
Click 'Start' and then click 'Run...' then type (or copy/paste) "cleanmgr"
(w/out quotation marks into the box, then click the 'OK' button. Select
your drive
(presumably WinXP (C and click OK.
--or--
2a.Delete files using Disk Cleanup (if on Vista)
http://windowshelp.microsoft.com/Win...139d91033.mspx

3.Download/execute:
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
SuperAntispyware - Free
http://www.superantispyware.com/down...NTISPYWAREFREE

--and/optional--
Kaspersky® Virus Removal Tool
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.kaspersky.com/support/vir...vptool?level=2
--and/optional--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
--and/optional--
a-squared (a²) Free or a-squared (a²) Command Line Scanner
http://www.emsisoft.com/en/software/download/
--and/optional--
BitDefender10 Free Edition (*NOT FOR VISTA*)
http://www.bitdefender.com/site/Down...nVersion/1/42/
--and/optional
Sophos Anti-Virus (SAV32CLI), is a 32 bit free command line scanner used in
an emergency as a disinfection utility for Windows NT, Windows 2000,
Windows XP and Windows 2003.
To use the Sophos command line software follow the steps below:
1.Download SAV32CLI
http://downloads.sophos.com/tools/sav32sfx.exe
--and--
extract the contents by double clicking the file.
2.Add the latest IDE (virus definition) files to the folder.
These can be downloaded here
http://www.sophos.com/downloads/ide/
3) Read Scanning Options with SAV32CLI.
http://www.sophos.com/support/knowle...cle/13252.html
See removing malicious files with SAV32CLI for basic information on virus,
spyware, Trojan and worm removal with SAV32CLI.
http://www.sophos.com/support/knowle...cle/13251.html

NOTE:
The above mentioned applications are not capable for real-time protection
of your computer; They are on-demand scanners.

Kaspersky® Virus Removal Tool, Dr.Web CureIt!® have no update feature (so
they don't turn into full blown scanners). As soon as your computer is
cleaned you are supposed to remove these tools from your operating system
and revert back to your (updated) resident (real-time) AV application.
Re: Kaspersky® Virus Removal Tool; To uninstall/move this program 'enable
self-defense' must be unchecked!

To scan your computer with the most up-to-date Kaspersky® AVPTool and
Dr.Web CureIT!® virus databases next time you should download new
Kaspersky® AVPTool and Dr.Web CureIt!® packages.

BitDefender10 Free Edition, a-squared Free or a-squared Command Line
Scanner, Sophos Anti-Virus (SAV32CLI) and the free version of Malwarebytes©
and SuperAntispyware have an update feature; You may wish to keep a couple
of them installed in addtion to your resident AV/A-S applications and scan
frequently.

After the software is updated, it is suggested scanning the system in Safe
Mode (this does not apply to MBAM).
"Malwarebytes actually performs better in Normal Mode" says Dustin Cook,
co-author of MBAM.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222
Start your computer in safe mode (Vista)
http://windowshelp.microsoft.com/Win...904a11033.mspx
http://www.bleepingcomputer.com/tuto...utorial61.html

Alternatively:
Click Start==>Run... then type (or copy/paste) "msconfig" (without
quotation marks), click OK. Then click onto BOOT.INI tab and 'check'
/SAFEBOOT then OK and click Restart. To go back to Normal Mode, you must
access the System Configuration utility again and click the General tab
then click/check the radio button 'Normal Startup'- load all device drivers
and services'.

4.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en...ols/hijackthis

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/i...hp?showforum=7
http://www.5starsupport.com/ipboard/...p?showforum=18
http://www.theeldergeek.com/forum/in...6&showforum=29

NOTE:
Registration is required in any of the above mentioned fora before posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.

5.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html

Good luck

Just wondering ... Have you noticed more spams to your yahoo account now
that you've published the addy in a public newsgroup, Kim, or did the
underscore mitigate that ?


MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============



computermommy wrote:

> Hello, there! I will be more than happy to help you In fact, feel free
> to email me anytime you have questions about your computer.
> or, if you'd like, add me if you have yahoo
> IM. To begin with, I strongly urge you to uninstall spybot and any other
> antivirus you may have. If you hacve roadrunner, they offer a FREE CA
> security. It works great at remvoing trojans and malware! If not, I used
> this before I got Ca. Its antimalware and it scans all trojans and lets
> you quarentione /delete auto,. or manually...they offer, or did, a free
> trial, on download.com I am married(divorce process now, tho..lol) to a
> test engineer for a major co. here in Texas, so I know all about
> computers, now ...lol, something good had to come out of 10 yrs,lol!
> Feel free to contact me and good luck to you!
> Kim
> AKA/ computermommy(OH.....u cant see it, but before the numbers in my
> email, there is an underscore, just in case you need to type it
> manually=))
>
>

Chances are that you're seeing the affects of a hijackware infection.

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/ma...e/default.mspx

2. Run this online scan (in safe mode w/networking, if need be):
http://onecare.live.com/site/en-us/center/howsafe.htm

3. Run additional checks for hijackware, including posting your hijackthis
log to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjuction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachi...php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

whitney wrote:
> AVG keeps popping up that there is a Trojan Horse virus. I'll send to
> vault
> and then delete. I'll run a scan, and there is nothing there......few
> minutes later, the box comes up again. I ran Spybot and SuperAntivirus
> Spyware....not Trojan Virus shows. I don't know anything at all about
> computers, so it's very frustrating for me. I just don't know what to do.
> I tried looking up the Trojan Virus.
>
> The pop up says:
>
> TrojanhorseSHEUR2.KYD
> c:SystemVolumeInfo\-restore{202550A8-7A33-4BCA-9586-051D2YDD8F8F}\RP289\A0018816.dll
>
> Please help ~ thanks!!!