Rather than reinvent the wheel, if you donít know what a trojan is click here for the wiki page
This page is about a trojan called PSW.WIN32.OnLineGames.tot but it also refers to trojans in general and how to spot them.
No anti virus application can catch 100% of problems 100% of the time. It's therefore handy to have other ways to discover if a trojan is running on your PC.
Double click My Computer and in the address bar, type C:\Autorun.inf and then hit return:
If you then see the Microsoft Internet Explorer Cannot Find information box...
...the chances are your PC doesnít have a trojan.
The Bad News
If there is a trojan present, instead of the above message, Notepad will open and a load of gobbledygook will appear: eg, PSW.WIN32.OnLineGames.tot, gave me the following:
Ignoring the gobbledygook shows that the Autorun.inf file is running a command file called b.com. Googling b.com (or whatever you get) will start you on the road to discovering which trojan you are dealing with.
Another detection method
Some trojans employ Windows Hidden Files and Folders attributes to hide their files from the user and, in a further attempt to stay hidden, a trojan can also prevent the user from changing the Hidden Files and Folders attributes. At least it gives us a way of knowing something is wrong!
The Show hidden files and folders radio button is selected - located via: My Computer>Tools>Folder OptionsÖView Tab
Clicking the Show hidden files and folders radio button appears to work but after clicking Apply, and OK, the trojan switches the selection back to the option above, ie Do not show hidden files and folders.
Brand New PC Infected
I took delivery of a brand new Core 2 PC on 11 March and even though the free version of Avast! Anti Virus had been installed, I quickly discovered the PC was infected. I only discovered this because I couldnít change the hidden files and folders attribute. FWIW coming from an Atari and working my way up from Windows 3.1/95/98/98se/Win2K... means I have become accustomed to seeing ALL files and folders, and file extensions too, so itís one of the first things I change on a new PC.
Googling on the problem suggested a trojan and since Avast! hadnít detected the problem I uninstalled it and installed the demo version of Kaspersky Internet Security 7.0 instead. Kaspersky reveled the problem to be Trojan-PSW.Win32.OnLineGames.tot
This trojan was first detected by Kaspersky at 12:49 on 10 March 2008 and I had it on 11 March!
The Kaspersky log revealed the command file had also been installed to, and was being run from, ALL three partitions; I hadn't even opened E:\ let alone copied files to it.
The rather nasty result of that meant that reformatting C drive and reinstalling Windows DID NOT solve the problem; I couldn't simply delete the v.cmd files anyway because a) they were hidden and I couldn't gain access to the hidden files and b) they would return on reboot because the Trojan had installed other .dll files and made registry entries too. It had also created b.com and I located two other files: amv0.dll and 4keteh.dll
Very Bad News
As of 12 March 2008, it appears the only way to remove this Trojan is to reformat ALL partitions and reinstall Windows from scratch. Fortunately, being a brand new PC, I didnít lose any data and even though the PC was connected to my network, I was doubly lucky that the problem hadn't spread.
If you encounter the same problem, I wish you good luck resolving it! If you are successful, I'd love to know how you resolved the problem, click here to contact me TIA
Disclaimer: I am not a 'computer expert', the above information is provided as is and with the intention of helping others with the same problem. I am not responsible for any action you may take, please dyor.
Nishikigoi Varieties is a 90 minute visual bonanza of beautiful koi carpÖread more
Last updated: 2 January 2010
Powered by admin©