I have what appears to be a trojan executeable on my system. Uses names “SysTrack11” and “HD” in the applications list (control alt delete on Win XP) and jvcft1.exe always on the processes list. I’ve tried ClamWin, Trend Micro and Microsoft Anti-Spyware along with SpyBot trying to get rid of this thing. Re-install is not an option. How can I rid myself of this? What I really need to know is how to use the info gained from control alt delete to figure out where the exe is on my hard drive as in the deleteable location? Thanks.
Do have any symptoms (slow computer) or are you just not aware what these processes do?
You could try spyware forums as they are very good at these sort of things http://forums.spywareinfo.com/index.php?
Have you tried running HijackThis? - it will give you a list of applications and processes that are started at various points during bootup; it does also give you the ability to disable them, but this might not actually work if there are a pair of processes looking after each other. It will give you the path of the offending process though, which should enable you to delete (or perhaps better move and rename the offending file) - you may need to boot into safe mode, or even to the recovery console, in order to perform the delete/rename/move.
First of all, is it a virus/trojan, or is it adware/spyware? If it’s a virus/trojan, Microsoft Anti-Spyware and SpyBot will likely be no help, because they do not target viruses, only adware/spyware.
If it’s a virus/trojan, then I’d try some more free anti-virus software such as AVG.
If it’s spyware/adware, I’d try more free anti-spyware products, such as Ad-Aware.
If I wasn’t sure what it was, I’d try 'em all.
I couldn’t find any information on the named process, but it occurs to me to ask whether you have a JVC brand digital camera; if you do, it might not be a trojan at all, but part of the docking software or something.
Try Process Explorer , a free utility from SysInternals. It’s useful for tracking down any process, identifying what it’s hooking into and what exactly it’s doing.
If you haven’t already done so, the first thing I’d recommend is taking the infected system offline by unplugging your internet connectivity. Only have it online when actively attempting to detect and remove the code. Otherwise, as long as you have another system upon which to do online research, there’s no need to let your infected system be used to spread more viruses, or send spam, or host a phishing site, or be used in a DDOS, or any of the other hordes of things that bots in a botnet tend to do.
Have you tried to search your system from the start menu with the files that you listed? Though even if you do find files and delete them that way, there may be other malicious files lurking dormant elsewhere, and you might end up deleting cryptically named legit files. Not that I doubt your capable geekiness. I’ve just seen many a technophile make that mistake when hunting malware.
If a trojan is actively running, it might be able to evade detection by AV software, but what I’d recommend is trying to determine exactly what trojan you have and then trying some removal tools written specifically for it. Usually these removal tools include instructions for restarting your system in safe mode, etc, and then they attempt to surgically remove the malicious code for you.
Try running one of the free online AV scans that are available, like this one from Trend Micro:
They commonly require the use of ActiveX and only detect malicious code on your system, they don’t remove it. But this way you might come up with a name for the virus and can look for the corresponding removal tool. Often the same sites that provide the free scan will also provide the removal tools for free. All in the hopes of getting you to adopt their full service AV suite.
You could also try dumping the file names into various AV sites (Symantec, Norton, Panda) for a few days.
You could also try running The Cleaner which you can download on a 30 day trial basis.
That looks very useful, thanks for the link!
Thanks for the help. Seems like HiJack This! fixed the problem. Or in better terms, seems like the almost (but not quite) random removals I did with the proggy helped me to free myself of this pest.
FYI…I did previously use HouseCall and ClamWin, which is like AVG. Neither of these could kill the pesky trojan, if that is what it was.