questionswhat are some good programs to remove trojans?


I think the Trojans cut off your plea for help. I use Symantec endpoint protection, and it's worked very well over the years. Good luck clearing them out. At least you know they're there, and knowing is half the battle.


"The only" lolwut? I was gonna say something, but I forgot.

I performed a system restore. Running AVG again to see if that helped. My only backup is 4 days ago, so yeah, we'll see

@okham: This Trojan, if it even exists, seems to be cooperating (no whammies!)


Try HijackThis. Be aware though you can make changes to render your system unusable. Before you remove anything, make sure you know what it is (or isn't).


Do a Google search on your Trojan - I have seen antivirus programs incorrectly label system file or registry entries as malware...

Is your system behaving oddly, or was the only indication of infection the AVG scan?


System Restore seems to have fixed the issues. I guess I got a virus-ridden program :/ Oh well. I'd still LOVE to get more suggestions about programs. Better to be safe in the future.


@durkzilla: One new thing has made me think it was a legit issue. The appearance of a popup on startup suggesting I change my battery settings so that the maximum charge is 80%, so as to prevent battery deterioration as quickly since I leave it in the charger usually. It's a nice thought from my computer, but in the 2 years I have owned it, that has NEVER happened. Otherwise, I would ignore the threat altogether.

Although, the publisher appears to be legitamitely Samsung. Can trojans take over existing programs?


Try Combofix, which is free, updated regularly, and comes with its own support forums at Bleeping Computer. Just make sure to disable your antivirus program before running it.

Note: The pictorial guide on that page is a little outdated, but it doesn't really matter because the program is completely automated. Just run the program and follow the prompts.


@abramokids: Absolutely! Trojans can replace or modify existing programs, change registry settings, hide themselves from view, disable your anti malware programs, etc.

When I'm fighting an infestation, I will use multiple scan tools (Trend Micro, AVG, BitDefender, MalwareBytes, etc) and if you can create a bootable rescue CD or USB then I will use those to mount the Windows volume for scanning without actually running anything on that drive. It can be very time consuming, and can result in a system that won't boot anymore until you reinstall Windows or restore the missing system files that got removed due to being infected.

Some tools are more aggressive than others (MalwareBytes) and may flag items as being threats when they really aren't, choosing to err on the side of caution. A quick Google search will help you identify real threats from false ones.


Malwarebytes Antimalware Free is by far the best free program for ridding your PC of the junk that your regular anti virus program won't.


@abramokids: "Can trojans take over existing programs?"

Trojans (depending on the variety) can take over ANYTHING in your computer... I have a PC sitting on my desk right now that is nothing but a giant paperweight until someone can find a fix for the particular variant I was infected with. I got a version of the TDSS rootkit trojan, via Firefox. Very sneaky and VERY nasty.

With the help of a Microsoft MVP friend I learned that my version was one of the worst out there. sigh

The desktop appears empty/unable to access ANY folders, drives or programs/Start>>Programs has only one a website containing the trojan itself. (That claims to fix it for a price)

If you were to boot up the PC you would think that the entire contents had been erased, but I know (from advice) that everything IS still there but hidden by the trojan. With the Microsoft MVP's help we tried MULTIPLE fixes (Including TDSS rootkiller/combofix/hijackthis etc.) and all were unsuccessful. cont.


Make sure that you find at least one other anti-malware program that agrees that the file is a trojan. False positives are not uncommon.


SpyBot SD is a great program:

and it is free! Hope that helps.


cont. At the time of infection I had several layers of protection on my PC because of an earlier infection. And NONE were able to block this bugger! I had AVG, Malwarebytes, MSE and one other "realtime" protection program that should have blocked the malware. I still have hope that SOMEONE will be able to safely extract my precious photos, but until then I have a new PC and a large paperweight. LOL


AVG should be able to remove the trojans from you computer. However, for full effectiveness you should run your computer in safe-mode. To do this restart your computer. When you see your system BIOS pop-up press the F8 button, repeatedly until you see the Windows Boot Options menu. Here select to run Windows in Safe Mode. Windows will then start will all drivers, start-up programs and services disabled (because of this you will notice some stuff will not function properly -- most noticeable is usually screen resolution, this is normal!).

Then simply open up AVG and select to scan the whole computer, it will try to complete the entire computer scan and try to delete/quarantine/clean any infected files. If AVG doesn't do the trick you may want to try other antivirus alternatives such as Microsoft Essentials, Avast, etc. many of them free as well. Again running them in safe-mode is the most effective method as any malicious services, programs, etc. will be blocked at start-up.


@jyoz22: Thank you, this was very informative.


About a year ago, my PC became infected by a nasty trojan. AVG detected it but could not fix it, nor could Spybot or some other tools I tried. I had an OS partition image backup, so I restored the previous (known good) image, rebooted and Bang!, my PC was reinfected. I did some online research and found a free tool called Hitman Pro. It detected the infection AND removed it. Turns out the trojan had infected the MBR, so just restoring the OS boot partition did not solve the problem.


They're lubricated. Shouldn't be that hard.


@jimeezlady: Hi, the best way for you to resolve your problem would be to remove the Hard Drive completely from the machine it is in.

Then you can connect it to your good machine via a USB external drive adapter kit. This will allow you to be able to run any program to extract the little critters safely from your good machine. Doing it in this manner will not allow anything to hide when the Boot-up process starts, which gives the bad stuff a signal to vamoose to the high ground.

There is no way you can infect your good machine using this method.

If you have any questions, let me know.


Is this the path of kstartmem? C:\Windows\System32.kstartmem.exe

If so, it may be a false positive in AVG. I would first scan with SpyBot S&D and then with Malwarebytes.

If this program executes on startup, I would go into MSCONFIG and disable it from starting to see if it makes a difference.

Also, if Samsung is anything like HP, they will automatically update software on your computer at scheduled intervals. Maybe they pushed a new update to your computer and the message about the battery is a new feature.


Look it up on and follow their removal instructions. Run Malware Bytes in safe mode, then set Avast! to do a boot scan and let it restart the computer.

Spring for MBAM Pro, it's well worth the few bucks that it costs.

Also, set your computer up for a dual boot system and do all the work you can in Linux. It's no where near as scary as you're led to believe by Windows and Mac users. I was forced to run Ubuntu on my laptop due to having never made a restore disk and not wanting to pay HP for a new one. The OS takes a little bit of work to get set up and updates aren't automatic, but the community is absolutely amazing. Skilled Linux users will go out of their way to help you get on track an understand things.

Ubuntu came with Libre Office and Firefox and I downloaded the media player that best suited my needs, so 100% of my laptop needs are covered.


@abramokids: Hi, you need to download SuperAntiSpyware for your machine.

This is a "Free" program, so be sure you download the free one.

This program is very aggressive and will find and extract anything, quarantining it for latter removal.

You can find it here:

click on the red sign that says "Free Edition Download"

Once you have it installed, it will want to update itself, so let it.

Then do a complete system scan, depending on how large a system you have, it will take a while, maybe up to two hours or more.

Then when your machine is clean, run a quick scan, at least once a week.

I scan my machine every night, before shutting it down. Have done this for years with no problems.

I have the Pro, paid edition and it is excellent.

I you have any questions, let me know.


@matt1976: Hi, MBAM is made to perform its best in "Normal Mode",
and should not be run in "Safe Mode".

You can obtain further precise info. here: http:



@missellienc: Hi, I do not agree, there is nothing in there which confirms it was a "false positive" at all.

If you reread the answers again, you will see everything is vague at best.


@computiac: Did you see the response on Page 2: "avg released an update, it was a false positive, issue should be resolved for everybody".

And a comment from 15 minutes ago "yes, a false positive means there was really no infection and it was just a conflict between avg and samsung users only."


I came here to see condom jokes. I wasn't totally disappointed, but thought there would be more :)


@tsfisch: Sorry we disappointed you. :-) IT geeks are diehards, we thrive on this kind of thing; however, I initially opened the thread expecting the same thing as you did.


@missellienc: You two are sick, disgusting individuals with minds always in the gutter !

(I thought the same thing !)


@computiac: Huh...hadn't considered (or asked) about that. I was worried that it might transfer to the new machine and I would have 2 paperweights. LOL I really hadn't tried much since I shut it down...trying not to face the fact that I may have lost thousands of photos.

After we determined that all attempts were unsuccessful even in Safe Mode, she gave me links to a few (Linux) programs that SHOULD have been bootable for Windows but the command structure baffled me. (Hard to teach an old dog new tricks ;-) ) Thank-you!! I will look into it...we may even have the right hookups here already, if not they are cheap enough.

At the very least that should enable me to control it long enough to transfer the photos to my external hard drive. I've already been told that the infected computer should NEVER be used for anything online again (involving passwords, banking etc.) because of the depth of this particular rootkit...


@jimeezlady: Hi, your welcome.

Yes, Linux can be a little tricky at first, especially if you never looked at it before.
I would think the machine would be fine to be used for anything once it is cleaned up in the process I referred to. I see no reason not to use it on-line just as you would any other machine.

In the very worst, last ditch recourse to save this machine, you could reformat it. Meaning to remove everything on the hard drive that is on it now. Then you can install whatever OS you want to, even Linux if you were so inclined to learn it. Don't forget, it is the safest OS made.

Plus it never hurts to have another functioning machine to fall back on.

There are not even any security programs made for it, and none of the every day programs we use and take for granted to work perfectly, will not even install on Linux and if by chance you try to use "Wine" to install them, their functionally is very limited and no wheres near 100% at all, believe me I have tried.


@jimeezlady: Whatever you do...Do Not transfer any files at all from the old pc to the new one (including photos) until after you have removed the trojan...that particular one can be removed by malwarebytes(even the free one) when you hook up that drive to the running computer. Don't run anything or even try to access that hard drive just run malwarebytes on the good computer and have it search that drive....after it fixes everything then get your photos.

Also Make sure you update malware first after install.


@neal314: Agreed 100%.

If MBAM does not take care of it SuperAntiSpyware will.



@computiac: The only really problematic infections that I've had wouldn't allow MBAM to even run in the full Windows. Safe mode was the only was I could run it at all.

My wife is prone to clicking, "scan for viruses now," or, "defrag now," or, "install toolbar," or...


As of late, I've been a little disappointed with MBAM. It seems to be losing it's teeth and the Pro version isn't blocking near as much as it used to.

Avast seems to be picking up and disposing of things during the boot scans that normally MBAM would block or clean up on it's own.


@matt1976: OK, true sometimes that is the only way to do it if the normal way fails.

Now, your wife is another story, wow ! Do you have any hair left on your head ? You must really love her. Have you had a long talk with her about the birds and the bees and the on-line monsters ?


@matt1976: Yes, I know what you mean.

I have the Pro also. This is why I have SuperAntiSpyware Pro also.


@neal314 @computiac , No worries! NOTHING will be done with that PC until I am 110% sure it's contents are safe. When the time comes each folder (with only jpegs) will be scanned prior to transfer and I will probably burn them to DVDs rather than transfer to the new PC. I wish I could show you the process we tried to save that PC prior to it's untimely death,
but the online forum we were using as she guided me through the process has been taken down for maintenance and I don't recall all of the infections it had.
I know it BEGAN with the Fake Microsoft Security Essentials Alert Trojan... Hubby didn't realize what it was and tried to close the window. sigh LOL From there it opened a back-door and installed several other things. (cont.)


I know that we used MBAM, Unhide.exe, Hijackthis, Rkill, TDSSKiller and Secunia PSI among other tools but each time it would test "clean" and re-occur in a few days each time with more devastating results. (This was around May/June of last year when some of these infections were new and there were no fixes available)

In the end the trojan was even able to run in safe mode, and the PC was no longer "bootable" via Thumbdrive or CD so I decided to shut it down and buy a new PC until someone found a fix that would cover ALL of the infections it had.

Honestly I don't care about any of the contents other than the photos. If I can get those out safely, I'll flatten and re-format the entire
hard-drive or trash it altogether! I will be VERY careful and will most likely start a new question thread here if I need help. :-)

I have NO desire to relive that nightmare again!!!


Forgot to mention that our Son (who is the family computer guru LOL) attempted to remove the malware/trojan before I got to it...he blindly clicked "remove malware/trojan" without noting WHAT the infection was and created a bit of a bigger mess... sigh again.


I've had good success with the fairly popular malware bytes anti-malware and super anrispyware.


Ad-Aware or Spybot Search and Destroy are the best free programs I've used - but I'm not a big fan of AVG to begin with.


@missellienc: I believe the chain was from my program files(x86). Although since it came up twice before i restored the system and not at all afterwards, I assume it was fo rizzle.

Edit: I got further down the page. You are my hero. Those are EXACTLY the "viruses" i had.


@computiac: She works, I stay at home with the kids. Things like fixing her computer and digging giant hairballs out of the drain give me a chance to put on my cape an come to her rescue.


Updates, updates, updates. Regardless of the anti-whatever you're using, let autoupdates run as scheduled.
Also, Malwarebytes and Spybot have options to run once @ boot, and this is important to let it do it. Once Windows has loaded, you'll not have access to the virus or, in some cases, your antivirus/anti-malware programs. Running it in Safe Mode won't always work, and yes, sometimes running at boot, before Windows loads, won't work.
We took a machine down last week when I found a virus component in the Recovery partition. This happens a lot more than it used to, so now when you 'turn back the clock' you also re-install the virus. Not good.


Often the bugs infest your restore files, so when you do a system restore, you get back to an infected but not yet sick system. Make sure you do a backup from a just now cleaned machine.
The bugs can infect and/or replace essential system files, so when you delete/ quarantine them, they aren't there anymore. Which means your computer may not work right, if it works, after it's been cleaned.
Yes, one of the safest ways to clean the hard drive will be to remove it and clean it from another system. Booting up an infected drive boots up the infection!
In IT we often do the simple nuke from orbit approach. Pull it, repartition, format and reinstall from DVD. Sitting there with some poor user (user is a four letter word for a reason!), watching the icons change as her files get infected at a rapid pace- sucks. I'm not going to spend days trying to recover all these files just because she couldn't resist yet another cute animal.
Do your data backups often.
Run these programs regularly.