when i scan whole system cav detect some troian and soon later the system fall(restart).What can it be?Troian is detected in windows folder.

Hello Helen1,

What is the Trojan Name, and the file. That information can help us in seeing what your problem is and fixing it.

sometimes trojan is in c:\windows\system32\id101.tmp
Do i need to reinstal my computer?


If I’ve found the right information… and yours is a variant…

[i]This trojan is dropped in the %System% directory as TGBRFV_.dll by another piece of malware and executed.

It sets the following registry value so that it is run when a user logs on:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = “Userinit.exe” appending itself to the end of the value:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = “Userinit.exe,TGBRFV_”

Zlob.B attempts to inject itself into the explorer.exe process in order to mask its presence on the infected machine.[/i]

Check your registry for this key and revert the key to the original setting may stop the execution of the trojan at bootup, if the above information is still accurate.

In order to remove the files before you rebot, I’d suggest using a tool like WhoLockMe [url]MajorGeeks.Com - MajorGeeks, that installs into the right-click context menu of windows… so you can browse to the file on your HD, right-click it, select WhoLockMe, kill the process that has it locked, and remove the file.

I reinstaled my computer.

but thanks

That option is never a wrong one. Not always the most convenient… but never wrong. :wink: