Annoyances.org
Home » Windows Me Discussion Forum » Message 1121376936 Search | Help | Home
  
re: Trojan problem.There must be a way to get rid of it
Thursday, July 14, 2005 at 2:35 pm
Windows Me Annoyances Discussion Forum
Posted by Jack Gulley (5917 messages posted)

Sounds like you and a very few other who run Windows ME have had a lot of problems getting rid of this thing. There is almost no information on it, so it must be something new.

First step is you need to boot the system from a Windows ME boot diskette (or an image of one on a bootable CD). You can make one on any Windows ME system in Control Panel, Add/Remove Programs, Startup Disk tab. If you do not have one and can not get to Add/Remove Programs, you will have to have someone make one for you on Windows ME system. If necessary, you could use a Windows 98 boot diskette if that is all you have or can get. But the first step requires deleting some files with DOS.

Boot with the Windows ME startup diskette and at the DOS prompt delete the hidden System Restore folder and files. Use: 

DELTREE  C:\_RESTORE

This should remove all of the System Restore files.

Then delete all of the TEMP files with: 

DELTREE  C:\WINDOWS\TEMP\*.*

It will prompt you for all of the folders in your Windows\Temp folder. Delete them.

With the basic clean up done, remove the boot diskette and reboot the system. The next step is to try to find the module causing the problem. The TrendMicro virus scan should give you the exact location and module name of the module(s) causing the problem. Write the whole path and name down so that you can later boot with the Windows ME boot diskette and use DOS to rename or remove the modules.

I would also recommend running the OnLine scan from CA eTrust 'Scan for Virus' (click on the "Scan for Virus" link on their web page), as they are currently doing a better job of finding and removing new threats of this type.

If you can locate module names (most likely random names) of the DLL files of the Trojan, and the AV scans do not delete them all, you can use the Windows ME startup diskette and DOS to rename or delete these modules. It might be best to post what path/names you find first. Also keep in mind that this type of Trojan often has more than one copy of itself on your system, makes new copies each time you reboot and prevents you from deleting the active copy while Windows is running, even in Safe Mode.


Written in response to:
Trojan problem.There must be a way to get rid of it (Shannon33: Thursday, July 14, 2005 at 6:25 am)

Responses to this message:
*re: Trojan problem.There must be a way to get rid of it (Shannon33: Friday, July 15, 2005 at 8:18 am)

All messages in this thread [show all]
-Trojan problem.There must be a way to get rid of it (Shannon33: Thu, Jul 14, 2005, 6:25 am)
-re: Trojan problem.There must be a way to get rid of it (Jack Gulley: Thu, Jul 14, 2005, 2:35 pm)
*re: Trojan problem.There must be a way to get rid of it (Shannon33: Fri, Jul 15, 2005, 8:18 am)
Return to the Windows Me Discussion Forum

All content at Annoyances.org is Copyright © 1995-2008 Creative Elementtm All rights reserved.
Please do not plagiarize; redistributing these pages without permission is strictly prohibited.