Google Answers Logo
View Question
Q: How to remove a virus or trojan horse ( Answered 5 out of 5 stars,   0 Comments )
Subject: How to remove a virus or trojan horse
Category: Computers > Security
Asked by: dho1115-ga
List Price: $17.00
Posted: 17 Jul 2005 21:37 PDT
Expires: 16 Aug 2005 21:37 PDT
Question ID: 544740

Is there any way to remove a Virus or "Trojan Horse" from your
computer if your antivirus program (Mc Afee) is unable to delete or
quarantine it?

Clarification of Question by dho1115-ga on 17 Jul 2005 21:56 PDT
Is there a difference between a "trojan horse" and a virus? Is one
more harmful to your computer than the other?
Subject: Re: How to remove a virus or trojan horse
Answered By: sublime1-ga on 17 Jul 2005 23:00 PDT
Rated:5 out of 5 stars

A trojan horse is one form of virus, which typically opens
a backdoor into your system through which control can be
initiated for various purposes.

Many viruses cannot be simply removed by an antivirus
program, since, once initiated, they often create files
and entries in critical areas like the Windows registry
and thus become embedded in multiple locations.

This takes a careful and skilled step-by-step process to
eliminate completely. One excellent program for finding
entries in multiple locations is HijackThis, which scans
your system and creates a log file which knowledgeable
geeks can comb through and advise you about what changes
to make on your system. Download it from the home page:

Once you've created a log from HijackThis, you can also
copy and paste it into this log analyzer at IamNotaGeek:

It will give you a URL you can copy and paste here or 
elsewhere for futher analysis. It will also underscore
links to references which contain familiar entries, and
also bold certain items as questionable entries to be

Short of all that, however, even if McAfee is unable to
delete or quarantine the file(s), it should have given
you the name of it. Given the specific name, it may be
possible to locate precise directions for eliminating
it. Additionally, there are several online antivirus
programs which may do a better job than McAfee at 
finding and eliminating viruses:

Free online & downloadable virus scans:



Computer Associates:


Trend Micro:

Trend Micro and AntiVir are known to pick up on things which
are sometimes missed by others. I use AntiVir, which is 
especially useful in flagging and preventing attempted hidden
downloads of viruses and other malware from malicious sites.
AntiVir needs to be downloaded. Trend Micro works online.

Before, or after running HJT, you can download or use
the online versions of the following programs. Installing
and running these first may eliminate some problems from
the HJT scan:

Lavasoft AdAware:

SpyBot Search and Destroy:

SpywareBlaster ("immunizes your system"):

I use all of the above religiously - just like washing
the car.

In short, the answer to your question, as asked, is yes.
I'm going to post this into the answer space and will
continue to work with you by way of the Clarification
process until the virus is eliminated or it's clear
that there's no way to remove it. Just let me know
where this takes you.

A user's guide on how to use the Clarification function
is on researcher skermit-ga's site, here:

Please do not rate, and thereby close this answer until
you are satisfied that the answer cannot be improved upon
by way of a dialog established through the "Request for 
Clarification" process.

Request for Answer Clarification by dho1115-ga on 18 Jul 2005 08:11 PDT

If I download or use any of the antivirus programs you recommended,
will I have to disable my McAfee? Can I download and run, say, Hijack
This or AntiVir without having to disable my McAfee Online Security
features? The reason why I ask this is because, when I bought and
downloaded McAfee, I had to disable my Norton Antivirus program, which
was, at that time, installed in my computer. Otherwise, the McAfee
won't run properly (it actually told me I had to disable my Norton
Antivirus program). Will I have to do the same with these programs you
recommended? Thank-you for your help.

Clarification of Answer by sublime1-ga on 18 Jul 2005 10:52 PDT

It's a good idea to avoid running any two comprehensive
antivirus programs at the same time. There is a tendency
for them to detect each other's activity as potentially
malicious, since they operate with a considerable degree
of freedom, on an intimate level with all the files on
the system.

And "disable" is the best word here. Uninstalling antivirus
programs can sometimes be a more complex prospect than that
of simply disabling them, and many people have run into 
system problems after uninstalling them. If, instead, you
simply go into the configuration of the program you don't
want to use and prevent it from loading with Windows, it
can be much simpler. Another option is to right-click the
icon for the program in the system tray and exit or disable
it that way. Temporarily disabling it in this way is good
enough for, say, running an online antivirus scan at Trend
Micro's site, but if you decide to install a full program
like AntiVir and use it regularly, you'll want to prevent
any other antivirus from loading with Windows. If you're
not exactly sure where in the program to disable it from
loading with Windows, rather than digging through the help
files (which is usually a good thing to do), you can often
shorten this process by using a program like WinPatrol to
review what's loading at system startup and disable what
you want to. WinPatrol is also extremely useful in getting
to entries created by malicious programs, and preventing
them from loading, as well. Plus, you'll love Scotty the

HijackThis and SpywareBlaster can usually be run without
making any changes to your current antivirus program. 
SpywareBlaster doesn't even need to continue running - 
it makes changes in your system which effectively prevent
certain exploits from occurring and then you can exit the
program. However, the author of HijackThis notes on his
main page:

"McAfee is at is again, unfortunately. Yes, I am aware
 of the fact that McAfee detects HijackThis 1.99.1 as a
 generic worm. For the fourth time. Yes, I am aware of
 the fact that McAfee detects the StartupList standalone
 as an mhtml exploit webpage. This makes respectively the
 fifth and sixth time McAfee has mistakenly detected one
 of my programs as some brand of virus. And I'm getting
 pretty tired of this. Am I supposed to email each and
 every new version of a program I publish to McAfee so
 they can verify that UPX compression does not
 automatically equal a scary virus??"

So, in your case, disable McAfee before running HJT.
Don't neglect the process of rebooting after disabling
the program from starting with Windows, if you're not
able to find a way to disable or close the program
while remaining in Windows.

The activities of AdAware and Spybot Search & Destroy may
also be detected as unfriendly, but, again, only by certain
antivirus programs. AntiVir, e.g., has no problem with any
of these programs.

It's generally advisable to read up a bit on the programs
you're planning to use. The authors are usually well aware
of conflicts, based on feedback they receive from the users,
and make note of potential problems on their websites or in
the ReadMe files that accompany the program, and which they
offer to let you read following installation.


Request for Answer Clarification by dho1115-ga on 19 Jul 2005 08:51 PDT

I tried to download Hijack This @
and I could not find the link to it. There is just some headline that
talks about how cwshredder or hijack this closes immediately after

The funny thing is, it seems my internet appears to be running OK
(maybe there is a problem I haven't uncovered yet?) and I seem to be
able to get on. One question I do have is this: Is it safe to make
purchases and do other things over the internet that involves giving
out your personal information if there is a virus or trojan horse
still in your computer? Can a virus or trojan horse steal your
personal information?

Clarification of Answer by sublime1-ga on 19 Jul 2005 14:46 PDT

While it requires a modest amount of reading to locate the 
download links for HijackThis on that page, there are 7 links
for the latest program and 3 to an older version. That page
contains 5 light-blue boxes with brighter blue headers, and
the links for downloading HijackThis are in the 5th, or last,
box on the page, with the heading "Official downloads". The
second program listed for download, after Startup List, is
HijackThis. The first download link is from, right
after the red type that says "Currently at version: 1.99.1":

The ability to remove a virus from your computer, with or 
without assistance, will require a level of attention to 
detail while reading which exceeds that needed to locate
the download link in that page.

You say you seem able to access the internet okay, and
"maybe there is a problem I haven't uncovered yet?"
but you haven't answered my question about whether your
McAfee antivirus program provided you with the name of
the virus which it was unable to delete or quarantine.

Nor do you indicate whether you've run any of the other
antivirus or malware detectors I suggested, and whether
they indicated an ongoing infection, or a problem they
were unable to handle.

Then you ask:
"Is it safe to make purchases and do other things over
 the internet that involves giving out your personal
 information if there is a virus or trojan horse still
 in your computer? Can a virus or trojan horse steal
 your personal information?"

Certainly there are viruses which will not interrupt
your ability to connect with the internet (though
others will). And certainly there are viruses which
will install a keylogger onto your system, so that,
even if you're entering your personal information on
a secure webpage, the keylogger can track every stroke
on the keyboard from within your own computer, and
relay this information to a hacker. While this is 
only one kind of virus, and your system may not be
infected with that specific type, I would not make
that assumption. It is wiser to err on the side of 
caution and discontinue browsing the internet and
sending email until you've identified and removed
any virus which has been indicated on your system.


Request for Answer Clarification by dho1115-ga on 19 Jul 2005 21:22 PDT

I think I finally got the two trojans out of my computer. I ran McAfee
again to get the names of the trojans. One of the trojans was
"Exploit-byte Verify" and the other was "Exploit-Byte Verify,
gene...". Anyways, I downloaded Hijack This and created a log (which
was quite long) and pasted it to I am not a geek, which highlighted
some codes red and labelled it as "X" (certified malware.

So, I downloaded both Lava Soft Adware and Spyware Blaster (and
enabled all of its features) and, to make a long story short, I
believe the trojans are cleaned from my system.

Thanks for helping me through all this. I really appreciate it!

Clarification of Answer by sublime1-ga on 19 Jul 2005 23:11 PDT

Thanks very much for the rating and the tip!

The easiest way to know for sure that the viruses are gone
is to run a full scan again with whatever antivirus program
you've now settled on. If you're still using McAfee, run that.

Exploit-byte Verify seems to find its way in by way of a java
file which can be snuck in by way of a hidden download from a
malicious site. One of the components of AntiVir, called Guard,
actively notifies you of these hidden download attempts, and
prompts you to delete or deny access to the files the moment
they're downloaded. This is one of the main reasons I prefer
AntiVir over many other programs.

The java files are typically downloaded to:
C:\Documents and Settings\YourWindowsLogonName\Application

At the very least, if your antivirus program has an entry
in the context menu when you right-click on a Windows folder
in Windows Explorer, it's good to run a scan on this directory
from time to time (once a day is not too often).

I'm very pleased to have been able to assist you in eliminating
these viruses. Feel free to call on me again, if necessary.

dho1115-ga rated this answer:5 out of 5 stars and gave an additional tip of: $35.00
Was a tremendous help to me. Thanks, sublime1-ga!

There are no comments at this time.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy