Kymatasound Recording Studio banner




Animated gif of 'Peaches' winking


CDs 4 Sale
PSP Mixpack Review
Elemental Review
SOS Review
CD Loudness Wars
Free Videos
Surplus 4 Sale
Old Computers
Kymata Files
Mix Tips
Optical Drive Fix
Bass Traps
Why Bass Traps?
Mineral Wool
AMT8 RS232 Wiring
Rare Records
About Crete
Fly trap
HDR Reviews
U Print Posters
Artichoke Prep
House for Rent
House for Sale
Site Map






Rather than reinvent the wheel, if you donít know what a trojan is click here for the wiki page  

This page is about a trojan called PSW.WIN32.OnLineGames.tot but it also refers to trojans in general and how to spot them. 

No anti virus application can catch 100% of problems 100% of the time.  It's therefore handy to have other ways to discover if a trojan is running on your PC. 


One Method

Double click My Computer and in the address bar, type C:\Autorun.inf and then hit return:

My Computer

If you then see the Microsoft Internet Explorer Cannot Find information box... 

Microsoft Internet Explorer Cannot Find information box

...the chances are your PC doesnít have a trojan.


The Bad News

If there is a trojan present, instead of the above message, Notepad will open and a load of gobbledygook will appear: eg, PSW.WIN32.OnLineGames.tot, gave me the following:  












Ignoring the gobbledygook shows that the Autorun.inf file is running a command file called  Googling (or whatever you get) will start you on the road to discovering which trojan you are dealing with.


Another detection method

Some trojans employ Windows Hidden Files and Folders attributes to hide their files from the user and, in a further attempt to stay hidden, a trojan can also prevent the user from changing the Hidden Files and Folders attributes.  At least it gives us a way of knowing something is wrong!  

Folder options

The Show hidden files and folders radio button is selected - located via: My Computer>Tools>Folder OptionsÖView Tab

Clicking the Show hidden files and folders radio button appears to work but after clicking Apply, and OK, the trojan switches the selection back to the option above, ie Do not show hidden files and folders


Brand New PC Infected

I took delivery of a brand new Core 2 PC on 11 March and even though the free version of Avast! Anti Virus had been installed, I quickly discovered the PC was infected.  I only discovered this because I couldnít change the hidden files and folders attribute.  FWIW coming from an Atari and working my way up from Windows 3.1/95/98/98se/Win2K... means I have become accustomed to seeing ALL files and folders, and file extensions too, so itís one of the first things I change on a new PC. 


Googling on the problem suggested a trojan and since Avast! hadnít detected the problem I uninstalled it and installed the demo version of Kaspersky Internet Security 7.0 instead.  Kaspersky reveled the problem to be  Trojan-PSW.Win32.OnLineGames.tot


This trojan was first detected by Kaspersky at 12:49 on 10 March 2008 and I had it on 11 March!


Log File

The Kaspersky log revealed the command file had also been installed to, and was being run from, ALL three partitions; I hadn't even opened E:\ let alone copied files to it.   

detected: riskware Hidden install       Running process: C:\v.cmd
detected: riskware Trojan.generic       Running process: C:\v.cmd
detected: riskware Hidden install        Running process: D:\v.cmd
detected: riskware Invader                   Running process: D:\v.cmd
detected: riskware Hidden install         Running process: E:\v.cmd
detected: riskware Invader                    Running process: E:\v.cmd
detected: riskware Trojan.generic         Running process: E:\v.cmd

The rather nasty result of that meant that reformatting C drive and reinstalling Windows DID NOT solve the problem; I couldn't simply delete the v.cmd files anyway because a) they were hidden and I couldn't gain access to the hidden files and b) they would return on reboot because the Trojan had installed other .dll files and made registry entries too.   It had also created and I located two other files: amv0.dll and 4keteh.dll 


Very Bad News

As of 12 March 2008, it appears the only way to remove this Trojan is to reformat ALL partitions and reinstall Windows from scratch.  Fortunately, being a brand new PC, I didnít lose any data and even though the PC was connected to my network, I was doubly lucky that the problem hadn't spread. 

If you encounter the same problem, I wish you good luck resolving it!   If you are successful, I'd love to know how you resolved the problem, click here to contact me  TIA 

Disclaimer: I am not a 'computer expert', the above information is provided as is and with the intention of helping others with the same problem. I am not responsible for any action you may take, please dyor.


Shameless Plug:

Nishikigoi Varieties is a 90 minute visual bonanza of beautiful koi carpÖread more

Nishikigoi Varieties Koi DVD banner



 Feedback, questions and comments welcome
Last updated:  2 January 2010
profile counter
Privacy Policy
Powered by admin©