John Bartow
john at winhaven.net
Thu Sep 9 16:57:56 CDT 2010
It could one of three things, -A false positive and windows restores the file automatically every time he reboots - improbable -An infection that is partially cleaned and restores itself to some degree - if his system and browser still works this is probably the case. Either use Malwarebytes free version to try and remove all of it, call Sunbelt support and work through it with them or wait until their definition updates take care of it all the way. -An infection that is partially cleaned and requires a reboot or full scan to remedy but he isn't doing that - (given my experience with elderly parents: quite probable ;o) -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Tina Norris Fields Sent: Wednesday, September 08, 2010 1:30 PM To: Discussion of Hardware and Software issues Subject: [dba-Tech] trojan.win32.generic!bt - how to remove Hi again, My dad is having trouble with this trojan. Vipre reports trojan.win32.generic!bt, and Dad thinks he has instructed Vipre to clean the bugger - three days in a row, now. But, every time the scan is run, it keeps reporting the trojan. Dad originally called me because his Office shortcut toolbar was misbehaving - when he clicked on the icon for Word, he got the message that the program could not be started. We did a couple of system restores and got to a place where the shortcut toolbar worked. In the meantime, he reported repeated instances of the message that Windows had recently recovered from a serious error, and did he want to send the report. I think he clicked Send one time, and something strange happened, but I don't know what - all of this is going on over the phone, I can't see his screen, and he generally says things like "Oh, there's that little thingy again, shall I get rid of it?" and sometimes before I've been able to say "Tell me what little thingy you're talking about, Dad," he's already clicked some choice, so it's difficult to be sure about what's been going on on his screen. Now the Windows has recovered message pops up a bunch and it takes many clicks to tell it to go away. It was during that part of the process that he told me Vipre had reported this trojan three days in a row. We did go read a report that indicated that the clean command had been canceled. It is not clear to me whether Dad did or did not instruct Vipre to clean this little bugger. Right now, he is running a Vipre scan and I am supposedly returning to my work of grading my students' papers - we'll be in touch again after the scan. But I thought I'd send out a call for help. Hey, John Bartow, are you there? Tina _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com