got trojan?

doing a housecall scan i found some files that shouldnt be on my computer,, im having problems removing them, anybody got some advice for a semi-computer-literate user?? the files are


C:\_RESTORE\TEMP\A0291996.CPY

C:\_RESTORE\ARCHIVE\FS1041.CAB
C:\_RESTORE\ARCHIVE\FS1033.CAB
C:\_RESTORE\ARCHIVE\FS1034.CAB
C:\_RESTORE\ARCHIVE\FS2022.CAB

C:\WINDOWS\SYSTEM\wthunk.32.dll


thanks...

 

Right click on My Computer, select Properties. System Properties will open, click on Performance tab, then click on File System. Another window opens, click on Troubleshooting, then put a check for Disable System Restore. OK yourself all the way out and reboot as prompted.

Screenshot

To delete the file, create a boot floppy, you can get a file from Bootdisk's that will create one for you by doubleclicking on it with a floppy in the drive. When at the A:\> prompt, type in this command:
del c:\windows\system\wthunk32.dll <press enter>
Take out floppy and reboot. Note there is not a period between Wthunk and 32.

Then when the system is up and running, go back and uncheck Disable System Restore.

 

thanks for your help. needless to say i got lost... i saved the bootdisck on my floppy but then you say "when at the a:\ prompt.... type in.... " this part i cant follow... do you mean rename the 'bootme' as what you want me to type in?

more clearly, where do i type in "del c:\windows\system\wthunk32.dll "


i thank you greatly for your help...

 

That will not work. You need to have the downloaded file on the hard drive. Then you insert a floppy disk in the drive. Now you doubleclick the downloaded file that is now on the hard drive. This file is a program that creates boot up floppies, it will not do anything at all just copied on the floppy, you will get a NON SYSTEM DISK error. When this program is done, leave the floppy in the drive. Now Restart or reboot.
When the floppy is loading, you will see a screen, one option will be Without CD ROM support, use the arrow keys to select this and press Enter.
Now wait while the floppy loads an operating system. When done you will see this one the screen, with a blinking _ .
A:\>_
This is called the Command Prompt. This is where you type:
del c:\windows\system\wthunk32.dll <press enter>
DEL is short for DELETE. Note: make sure you type that in correctly before pressing Enter, because dos is very unforgiving about mistakes. If you get a "bad command or filename ", you made a typo. If done correctly, nothing will appear to have happened, you will see A:\>_ appear again.
Now take out the floppy, and press CTRL+ALT+DEL at the same time, this will reboot the computer.

 

again, thanks for your help.. your instructions are clear... however, i saved the boot file to my hard drive, then ran it and it created a boot disk for me.. then i re-booted and nothing different happened, just a normal boot up.. i cant seem to get that prompt screen to come up... my computer is not acknowleding the disk in the drive during the booting process.. any tips?

 

I was hoping that this wouldn't happen. What you need to do is change the Boot Sequence in the Bios. When the computer is booting, you should see a message like "Press F10 to enter setup ", it may say DEL there instead of F10. If a Compaq you press F10 right when the cursor is on the upper right side of the screen. You have to quick on this.
When done correctly you will see a screen, with stuff like BIOS Features, CMOS, Chipset, Power Management, Intregrated Peripherals, PNP PCI, these are only examples. On my computer I would go into Bios Features using the keyboard buttons listed on the screen. When you find the Boot Sequence, change to A: C:, it may say CDROM C: right now. Be sure to Save Settings.

 

alright, i was also afraid of that, because i have had to access the bios before and its not easy on my comp,, anyways, after many tries i got there and successfully did what you said.. now im gonna go do housecall again and see what comes up.. thanks.. i will post my findings in a minute...

 

yet again, this board and nice computer literate people helped me fix a problem.. i thank you very much and hope i didnt cause you any grief....

sox.

 

Cool, now I am off to go shoot some pool. Should do good, shot down a trojan already tonight.