cancel
Showing results for 
Search instead for 
Did you mean: 

Trojan Win32@mx

penneck
Rising Star
Posts: 729
Thanks: 23
Registered: 03-08-2007

Trojan Win32@mx

My son has come to live at home. I have connected his pc via a wireless link to my router, but he cannot access the web because of a Trojan - Win32@mx. It doesn't affect my pc, just in case you were wondering.
How can I get rid of this trojan if I haven't got internet access? I dont want to reformat his hard drive because we dont want to lose his data files (photos, music, etc).
We both have XP. He hasn't kept his AVG, Spybot or Adaware up-to-date - I know
Thanks in advance
19 REPLIES
Community Veteran
Posts: 17,476
Thanks: 1,479
Fixes: 17
Registered: 06-11-2007

Re: Trojan Win32@mx

Try downloading the latest version of AVG Free 8.0 to your computer, and save the file in "my docs" or wherever you save downloads. then copy it to a memory stick, or put it on CD rom.  Copy that to your second computer, then "execute it" as normal. then run a full scan. Hopefully this will remove/heal the infection, and your second computer should be able to access the net....
Hope it works !
Njal
Grafter
Posts: 290
Registered: 30-07-2007

Re: Trojan Win32@mx

Community Veteran
Posts: 1,574
Thanks: 3
Registered: 13-04-2007

Re: Trojan Win32@mx

If its connected to the router then you can download all the files to remove it and save it via the local network to the infected pc. if you share a folder on the infected pc (right click on a folder and choose share) you should be able to see it from the other pc
Prod_Man
Grafter
Posts: 286
Registered: 04-08-2007

Re: Trojan Win32@mx

Some tips for free,
Get a USB Stick or something so you can put some tools on the Machine to sort it out.


First, identify where the problem is coming from...
Open up Security Task Manager and start Googling the Filename of anything Suspicious.
There will be many which are identifiable with Hardware and Services for the Machine to Operate.
The Rating Column is a minor indicator, but check absolutely everything...
but do not take face value of a low rating for a suspicious file if you have identified it with the symptoms.
Once you've found all the Files shown, you then go and check the Directories.
(Example: C:\Program Files\SuspiciousDirectory\Viri.ext ,then look at the whole directory to check what else is there)
Then all you need to do is use Dr Delete, to Delete the files which are currently loaded/active in Memory and cannot be Deleted by Windows Directly.
Anything else that you can delete, which is in an associated Folder which tallies with the suspiciousness... Delete it if possible from Explorer.
If you can, get your Anti Virus Program to do a Scheduled Boot-time Scan - Pre-OS Load and restart once you've
If you copy down all the file names you encounter which are suspicious, you can check your Registry with RegEdit (Start -> Run -> "regedit"; CTRL + F "Viri.ext").
You might be able to remove any associative entries which would otherwise be used to execute the files.
This would then mean, if it replicates then you'll know because the entries either reappear or reappear under a different name.
It's best to do this once you've removed what you can...
Hope that helps.
Jim,
pierre_pierre
Grafter
Posts: 19,757
Registered: 30-07-2007

Re: Trojan Win32@mx

bye the way Penneck we are still wondering what that .img file was, lots of answers from lots of people
VileReynard
Seasoned Pro
Posts: 10,826
Thanks: 250
Fixes: 10
Registered: 01-09-2007

Re: Trojan Win32@mx

.img is just part of a file name - it doesn't have to mean anything at all.
Just because some applications like to append a dot and several characters to the end of a file name doesn't mean anything.
This is a hangover from the 8.3 file name format from the days of DOS.

pierre_pierre
Grafter
Posts: 19,757
Registered: 30-07-2007

Re: Trojan Win32@mx

penneck
Rising Star
Posts: 729
Thanks: 23
Registered: 03-08-2007

Re: Trojan Win32@mx

Pierre-pierre is correct that I do (or did) have another thread on the system - this thread on a .img file that would insist on opening with Adobe. I answered that thread, not by saying I had solved the problem by disassociating .img files from Adobe, but by going to the source of the .img file (Netgear's web site) and finding the same file in pdf format. I was able to get what I needed from the pdf file, so didn't need to open the .img file any more. I thought I had answered that thread yesterday, but my reply seems to have got lost somewhere. I have answered on that thread now so everyone knows.
Anyway, back to this problem of the Trojan. I am looking at the various replies (thankyou to all) and will try to use them tomorrow evening after work. Things are a bit hectic at the moment, what with a new baby grandson and things, so it may be a day or two before I can report back to let you know how I am progressing.
Thanks to all. Will get back to you as soon as I can.
penneck
Rising Star
Posts: 729
Thanks: 23
Registered: 03-08-2007

Re: Trojan Win32@mx

Here it is - the update on my progress.
I got rid of the trojan by using a memory stick to load AVG8 from another pc (and installing/running it of course). I then found that although Internet Explorer didn't change its home web-site from Google (which i wanted) to a site I didnt want, I still couldnt access Google. That problem turned out to be a "funny" in how Zone Alarm was set up. I used the memory stick to load the latest Zone Alarm and did a clean install, and now I can get through to the web - I'm writing this from the problem pc.
My thanks to all for your help and suggestions.
Best regards
Community Veteran
Posts: 17,476
Thanks: 1,479
Fixes: 17
Registered: 06-11-2007

Re: Trojan Win32@mx

Glad you got it sorted..... and not too difficult by the sound of it !  Wink
penneck
Rising Star
Posts: 729
Thanks: 23
Registered: 03-08-2007

Re: Trojan Win32@mx

Yes. It took about a week from discovering I had a trojan, to getting the pc working properly.
Again thanks to all
penneck
Rising Star
Posts: 729
Thanks: 23
Registered: 03-08-2007

Re: Trojan Win32@mx

Have just discovered one more problem. Although I have cleared the trojan and got the wireless link to the internet working, I have discovered that the wireless link is only running at 11M instead of the 54M claimed on the USB thingy (Belkin F5D7050). The USB thingy also states 802.11g, whereas 11M suggests it is running as 802.11b
I have another pc linked by wireless to the same switch/router (Netgear DG834G v2) that this pc is connecting to, and that link runs at 54M, so I know the problem isn't anywhere other than the link to one particular pc. Trouble is, I cannot find any instructions on how to change the link to 802.11g.
My son, who owns this particular pc, has lost the installation disk for the USB thingy, so I am unable to do a re-install.
Any suggestions anyone, please
TIA
VileReynard
Seasoned Pro
Posts: 10,826
Thanks: 250
Fixes: 10
Registered: 01-09-2007

Re: Trojan Win32@mx

You could view http://web.belkin.com/support/download/download.asp?download=F5D7050&lang=1&mode
You may be suffering from a low signal strength.
Try moving the PC and router within clear sight of each other (it's OK to unplug the telephone cable, after shutting the router down) - probably easier to move the router!
If 802.11g is available, your son's PC should re-negotiate a better speed.
If this helps, consider using a high-gain aerial (antennae) - preferably with a metre or so of cable on it to allow for optimum positioning.
Ebay is a good place to look.

penneck
Rising Star
Posts: 729
Thanks: 23
Registered: 03-08-2007

Re: Trojan Win32@mx

I've checked my router and it is set up for both 802.11b & .11g.
The troublesome pc is only about 4 feet away from the router, with nothing but a wooden desk with the router and my main pc on, to obstruct the path.
I do have the Belkin unit plugged directly into its pc USB port, not connected via a cable. Would that affect it?