Pretty hard question to answer.

What is your OS (Operating System) assume it is XP?
Anti-virus?
When was the last time you did windows updates?
When was the last time you ran spybot or Adaware to check for those nasties?

Lee

yes win XP. it hasnt asked for any updates recently, its sort of a borrowed copy from my brother so i try not to report mishaps or ask for updates, kinda try not to get boned on piracy.

spybot search and destroy came up with one unknown and fixed it, avg, despite telling me there is a virus (trojan horse downloader.Agent.ane) in a win.ini.cqg?? file. actually tells me there isnt anything wrong with it if i scan it alone. everything seems to be working fine.

AVG gives you the option of "go to file" when it detects the problem, i did so and the file supposedly opens with notepad, is that right? could i just delete it and call it a day then or would i totaly mess up my PC over that one file?

also i would like to add that this usually, well actualy, its never popped up unless i was running spybot search and destroy.

Here is the link to info I found on that particular trojan:



I would suggest that you turn off system restore, then boot up in safe mode, run your AVG and do a complete system scan.

If you have an infection in the win.ini file (this is the file that actually tells windows what and what not to start) then AVG should find it.

If not, go to trend micro site and do a free house call.

http://housecall.trendmicro.com/ Be patient with it, it takes sometime to run.

Lee

I'm still looking for more info on it
L

Check this out. It is Symantec and they have a lot of info here on the Dropper.

There are several to choose from so read them carefully and see which one applies.



Lee

thanks for the help, my little bro knows more than i do and he pointed out that this particular file isnt supposed to be "double dot" so i should have win.ini, and not win.ini.cqgblahblah. i've restored to befor the day it says the file was last moddified, before that i ran the avg and spybot s&d. probly let them run again while i sleep tonite. the pc restarted ok this time.

No worries mate.

Glad to help.

L

wow i almost ruined everything. i was typing and a window popped up "find" i think it was, then the print manager. i replaced my .ini file with one my brother sent me and then couldnt boot up. looks like i almost messed it up this time on accident i noticed there was something holding a couple of function keys down. i restored to a point way back at the end of march and it seems to work. at anyrate im saving the mp3's, drawings, backrounds, scketches, and pics to cds before i shut down again. good thing i made my credit card payment already.

Word of caution. If you are using a borrowed Xp, what those serial/cracks sites. They will download Torjan Dopplers and mess your world up. They embed themselves in hidden files that cannot be found the traditional way. If you do use cracks or serials, always make sure that your AVG is on and updated and that you don't allow any ActiveX files to be downloaded. If so, run AVG scan it should find them and either delete them or put them ion virus vault. At Download.com, System MEchanic 6 is free download with no restrictions for 30 days. this should be enough for you to fix your problem. Good Luck

On your next install before intalling any extra software, back up your registry, system file folder, and system32 folder. Export it to CD-R or RW. Then install drivers and media software.

Don't use regedit on XP. Use regedt32. XP looks at both but only reads the default in system32 folder.

Sounds to me your registry has a few punked classids or scripts on both the local mach and local user. Your root files could be screwed as well.

I doubt it is the win.INI that is doing this, something is causing the System.ini to execute commands in a prompt shell with stationary service such a svchost.exe or some other executable that is idle, most cleaver trojans when migrated to reg files after that a set command can happen every time and not cause an alert. You may have got one of the most simplest trojans most computer OS shake off however if it accesses the reg and migrates to root files and scripts then reg is screwed for the most part. I don't like to disect the reg, however I found some good workarounds for sharewares and trials or you can just back up the reg twice once on a first boot fresh OS install, then after all drivers and your basic media softwares are loaded. Always install trials and shareware last after final backup.

thats a whole lot of stuff i dont understand. i did a restore to sever al months back, and my brother sent me a known clean copy of win.ini from his pc. after a frightening bout of my pc not liking that file everything is going good thus far. i update avg and spyboy S&D everyday and a virus scan comences everyday as well now.

thanks for all the help tip and info!