Just ran a scan (I have McAfee) on my computer and for the first time it detected and quarantined a couple of files that it says have a Trojan.

I'm in the 'View Results' window, and I'm using the McAfee help, and it says I should have the option to restore or remove these files. However, I only have the option to restore these files.

I have no idea what these files are and whether I want to restore them or not.

Can I just leave them in quarantine with no ill-effects? How can I remove them?

More info, the detection type is 'Trojan'
the detection name is Downloader-UA.h
and the file name is just a string of numbers in C:\$Recycle.Bin\


Thanks for any help.

You want to check if it managed to install its payload and you have running processes on your PC.

Two ways to do this, the old way and the new way I found recently.

New way first. Download this http://www.neuber.com/taskmanager/index.html
(security task manager). It checks all the processes you are running and removes anything offending.

Old way: Download hijack this (cant be arsed to give you a link), post the log file on here, one us nice 2+2ers will have a look at it for you and you can remove it old fashioned hard core way.

It's up to you. Like I say I found this neuber thing the other day and it worked like a charm.

As for the quaranteened file. Leave it where it is. It's quaranteened, it will do you no more harm if you leave it there.

I googled 'how to remove trojans' and found this site. it tells you what to do but it seems like a bit of work. http://www.bleepingcomputer.com/tuto...torial101.html
Maybe someone more experienced than me will say whether it's necesarry or not.

Those two proggies I listed basically do all that for you. That article was written in 2005, things have moved on a bit :-)

**** sake, I suck so bad at computerz. It won't let me download that security task manager (got some message halfway through about elevation - wtf does that mean?

Is there any way of telling from McAfee what date I supposedly got infected with these files? If it's a while ago then I've not been experiencing any problems, so maybe I can just leave it? (he says optimistically)

does the mcafee software have an event log?

Yeah, just had a look at this. Don't really know what I'm supposed to be looking for, but under 'scan information' there were 'scheduled scans' on 2 May, 25 April and 11 April (are these automatic scans? If so why is a one week gap between 2 May and 25 April, yet 2 week gap between 25 April and 11 April?).

No files were detected or quarantined in any of these scheduled scans, but today when I ran a Manual scan (does this do the exact same operation as a scheduled scan?) I got the two files with a Trojan detected and quarantined.


Basically what I really want to know is should I postpone any pokerz, or doing anything on the internet that involves bank or card details until I have this resolved?

OK, after restarting my laptop I was able to install the security task manager from neuber.com.

It's bringing up a list of stuff with a 'rating' and how much memory they are taking up, but what am I supposed to be looking for here? Would be obvious to a computer spazz if it had found something serious?

Does the program automatically get rid of anything bad? I can't view the program's help file because I have Vista and apparently cannot therefore access it.

The items at the top of the list all have a 'seems to be harmless' Rating. Presumably this is good news?

First. If you are getting issues with Vista not letting you run stuff, right click on where the program (what you'd normally double click to run the program), right click on that and choose 'run as admininstrator'

So what the program does. It lists all the processes running on your PC.

If gives you a rating of how potentially dangerous these programs are. If you click the rating column you can sort by most dangerous.

See if you can find one that looks like the trojan mcafee found.

remember that it may not be there, because hopefully mcaffee quaranteened in time, we're just checking.

dont just remove stuff that you dont know what it is, you can disable important part of your Vista.

if you want, use vista's snipping tool, take a pic of the screen, upload that to imageshack.us and post that here. i'll have a look at it for you.

there no need to panic, you're probably ok, were just gonna check. but the nature of trojans is they can often sneak past virus checkers. i had one the other day, no idea how the little ****er got on there.

You should be OK, the really nasty **** like keyloggers need to connect to a remote PC to work, and your firewall will prevent that.

OK here's a screen capture of my security task manager run. Lets hope I've done this right.

Hmm, no. That image is too small. Let's try again

Bah, third time lucky?

And the next screen of the run..

When you say next run, you mean you rebooted your PC and ran it again yes? You didn't delete anything did you?

I officialy give you the all clear. Go on and lead a happy life.

No, didn't delete anything. And I didn't mean 'next run' I just meant 'next screen' as the results covered nearly 2 pages, so it's just 2 images covering 1 run.

Thanks again. Your help has been much appreciated. If you have a Stars account I'd be happy to ship you $10.

I do but keep it - it's good for my soul.