[taj]

Hi all, can someone please help me with removing troj_dloader.zs, troj_dloader.zt, troj_proxy.cd and worm_poebot.v, I have tried all sort of anti virus but not able to delete these. I corrupted my PC when I downloaded some stuff off the net.
I have broadband connection and when I try to go on internet my firewall ask permission c:\programfiles\commonfiles\windows\services32.exe is trying to connect to www.maxifiles.com 213.215.136.67 using remote port 80HTTP-WORLD WIDE WEB Do you want to allow this program to access the net work
So if I say no then my internet do not open and it changes my ip address and all sort of things happens but if I allow it the internet works fine but is very slow.
Thanks

[Chery]

Gosh, it sounds like you did not have appropriate antivirus and/or firewall protection while on the net. Your antivirus program should have a newsletter that tells you about new threats and how to download the fixes, but most people forget to click on yes to receive the newsletter and then learn the lesson you have just learned. Filesharing programs are OK, and they try to stay 'protected', but sometimes the place from where you download is infected, and the antivirus feature should warn you then. Limewire does warn you, so you must have used something else.

If there is any way possible go to your AV program site and see if they have a fix.

Please be patient, we have some real good experts here that will sign on soon, they'll explain better than I can, my specialties are elsewhere. Good Luck.

[wzartv]

Hello,

I recently had a similar worm on my machine and even McAfee couldn't get rid of it. I would suggest downloading "Avast! Antivirus" This program fully eliminated the worm from my computer and the best part about it is its free!!

You must download the personal user version at www.avast.com . If you have another PC, try downloading it on that since you said your Internet is very slow on your original PC.

Good luck, perhaps some others have some other suggestions.

[LTheobald]

I'm also with Chery & Wzar. It sounds like you need to protect your PC better.

As Wzar mentioned Avast is a good virus scanner and it's free. Alternatively, go to this address - http://housecall.trendmicro.com/ . It's a good online virus scanner that will hopefully spot this pests.

You should also get some spyware removal tools. They might spot this trojan. Try the ones listed in my signature. Using a firewall would also be a very good idea. See ZoneAlarm in my signature.

Fimally, make sure your version of Windows is up to date using Windows Update (if available).

[fredg]

Hi,
You have a registry entry in your computer now, that uses Internet Explorer to go where it wants to go; not where YOU want it to go.
After extensive research at many different virus and spyware sites, there is not yet a download fix for this particular variation.
You have two choices right now:
Since you can get on the net, but it's very slow, then go to the link another person gave you; housecall.trendmicro.
Let it scan your computer, see if it will automatically remove it.
If not, then you will need to Edit the Registry.
To this, first shut down your computer, then when you turn it back on, it will make a new backup copy of your registry.
Then, go to Start/Run , and type in REGEDIT , and click on OK.
At the top of that window (which is now the registry), click on Edit, then click on Find.
In the space provided, copy and paste, or type in:
15ACE85C-0BB1-42d1-9E32-07EB0506675A
This is the address in the registry where the DLoader puts in its instructions to go to a certain website.
Then, put a checkmark by (left click on) "Match whole string only".
Then, click on the "Find Next" button.
Let it search your registry. If it finds the exact numbers and letters above, that is the entry you want to delete. So, Left click on the folder, on the left, to highlight it. Then, Right click on it, and Left click on "Delete". Keep clicking on OK.
Then, press the F3 button at top of the keyboard to continue the search. It will tell you when it's finished.
When finished, click on File, at the top, then Exit.
You should then be OK, and not have this happen anymore.
WARNING: Editing the Registry might cause your computer not to boot up again; if you delete the wrong thing. Don't delete anything in the Registry except the above address given.
I HIGHLY suggest having an Antivirus Program. I use http://www.grisoft.com, which is AVG antivirus. It has almost daily updates with new "definitions".
It's also possible that the particular version you have got past your Antivirus Program if you have one. This particular Trojan did not have Antivirus protection issued until between Sept. 15 to Sept 22, 2005, for most known antivirus programs.
Best wishes,
fredg

[Chery]

A GREAT BIG ATTABOY fredg, I couln't find the fix for this either, so it must be fairly new. I knew you'd come to the 'rescue' :cool:

[taj]

Thanks guys, you all were great help, I have sorted all most 95% of the virus problems. Got another problem which I have posted in hardware forum. Thanks