No mom don't push that button! =/

[Erik_Twice]

So I got a troyan in my computer. My mom got a mail from my sister (Yes, the 13 year old one that never sends e-mails, much less to mom) and decided to open it.

This mail had a .rar file attached and since that is not suspicious she opened it and clicked on the perfectly common .exe file.

So yeah. Well, it doesn't really do much, it opens a window that rask for access to a protected element (whatever that means) and the name of the aplication is a weird A with a - on the top, like a card on top of two cards.

This unusual fellow seems to go by the process name of "mesengerwindows.exe" (Only one s) and has files on C:\WINDOWS\System32\mesengerwin\mesengerwindows.exe

This file is the one that boots on startup and it shows up several times on the Start menu.

Looking for the name of the .exe doesn't give any results on the internets so I'm going to install a decent antivirus, boot on Safe mode, run it, run SUPERAntiSpyware, run CCleaner, run some kind of online scan, delete the files and see how it goes.

Any tips?

[YoshiEgg25]

1. Boot in safe mode.

2. Run CCleaner.

3. Run Malwarebytes.

I'd suggest running the two programs off of a flash drive, else it's possible (unlikely, but possible) that the virus can override them.

[GSZX1337]

The AntiVirus Software I use is AVG Free. Is formatting and reinstalling Windows not an option? If a Malware scan doesn't bring up anything, I just format.

EDIT: Have you tried disabling that process?

After a quick search, I found these:
http://www.threatexpert.com/report.aspx ... 0b15f30a03
http://comprolive.com/remove/trojan/adh ... server-exe

[irixith]

I like to clean viruses/malware the old fashioned way. Guess it's all that old DOS heritage, but it's still more effective than most of these silly anti-malware programs.

Boot into safe mode.

I keep a copy of SysInternals Process Explorer & Autoruns on a USB stick. Process Explorer is more useful if you've booted into regular mode and/or can't get yourself into safe mode for some reason.

Use Autoruns to find the location(s) that your nasty files are booting from. 99% of the time these days they will be in your "Temp" directory due to the limits Win7 places on where programs can install themselves. Drop out to the command line, and fry the whole Directory. (i.e. rd /s /q Temp). Might take a while depending on how often you clean it out. Make sure to "md Temp" when you're finished to create a new empty Temp directory. Then find where (if any) in Autoruns any other nasty files have buried themselves. Drop out to the command line, and fry those suckers. If they're hidden, a quick "attrib -s -r -h file.ext" will bring them out for deletion. Once you've found them (and their directories, if they were nasty enough to make them), delete all the entries related to them in Autoruns.

Then reboot in regular mode and run your scanner of choice to catch any miscellenea. It's the quickest and easiest way to recover from just about anything you can catch these days.

[D.D.D.]

Protip: remove the mom & sister from computer privileges. Or get them on Mac (not a knock on Mac users, I just know tons of PC noobs that have never sent me a virus from their Mac - my completely PC inept family included ).

[Hobie-wan]

Combofix is also good for removing crap once it has already made it onto your PC.

[Gamerforlife]

Nothing beats a good reformat

One trojan is just the beginning of a spiral of other crap getting on your computer

[Jamisonia]

avast antivirus bootscan!