# Removing a Trojan



## Otter (Jan 15, 2008)

I've followed most of the steps in the top link, and have run AVG and Malwarebytes several times, and I've run CCleaner. There is a Trojan still showing up.

Is the link for the Rkill program still good? It keeps bringing me back to the top of the page where I am invited to download Reimage or Spyware Doctor 2011.

Or should I just skip to the next step and find my Ubuntu disk?


----------



## How Do I (Feb 11, 2008)

It looks like they did change the URL for the download link. You can download it from the same site at this URL - http://www.bleepingcomputer.com/download/anti-virus/rkill

The big green Start Download button at the very top is an ad (at least that is the ad I see at the moment). The download links for Rkill are below it. They give you different file names because some malware will recognize Rkill and shut it down to prevent malware removal.


----------



## farmerj (Aug 20, 2011)

Until you go in the and wipe it out of your registry file and delete all those entries, it will continue to run return.

Sometimes there are routines you can download from AVG. And others to clean it out, other times it's purely a manual thing.

When it turns manual, simpler to just reformat the hard drive has been the my experience.


----------



## Otter (Jan 15, 2008)

TY, I got the Rkill and ran it, it stopped 6 processes.
Malwarbytes has been running for an hour and has found nothing so far. But AVG finished it's scan and found 100 things, some of them seem to be Rkill and Malwarbytes, but it also keeps popping up 
"";"C:\Windows\System32\svchost.exe (940):\memory_00010000"; and marking it as a Trojan

The "\memory_00010000" is coming up on the end of nearly everything that AVG picks up.
Anyone know what that is or how to get rid of it?


----------



## farmerj (Aug 20, 2011)

what's the name of the trojan you have....

without that, we can't give any other help


----------



## Otter (Jan 15, 2008)

"Trojan horse Agent3.ATLI"

Hope this helps, ty


----------



## arabian knight (Dec 19, 2005)

Otter said:


> "Trojan horse Agent3.ATLI"
> 
> Hope this helps, ty


Just put that in a Google search and many things come up and how to remove here is just one page from AVG

http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=186347


----------



## farmerj (Aug 20, 2011)

best answers I have seen...

http://blog.teesupport.com/absolutely-remove-trojan-horse-agent3-atli-manually-delete-agent3-atli/


A lot of softwares want you to "pay" for a chance for them to remove it for it. Sometimes it's just best to remove manually.

Worst case. Re-format. 

Personally, if you have not reformatted in at least a year or more, I would do it just for peace of mind.


----------



## Kung (Jan 19, 2004)

I have to be honest and say that unless you're VERY opposed to the idea of reloading a computer, I'd agree with farmerj, for two reasons:

1) Despite all the great AV programs out there, one of the standard statements of the IT/IS world is that it is almost impossible to *know* that you got the virus completely removed.

2) Depending upon if you have a backup hard drive (to backup your files), the reload process usually takes about 4 hours (one to backup your stuff, one to reload the PC, one to reload drivers, and one to restore files).


----------



## Nevada (Sep 9, 2004)

Kung said:


> I have to be honest and say that unless you're VERY opposed to the idea of reloading a computer, I'd agree with farmerj


Reloading the hard drive with a fresh Windows installation can be extremely disruptive to business. I know I wouldn't want to do it. Years ago I reformatted my hard drives regularly as a matter of course, but hard drives are stable to the point where I don't do that any longer. When I buy a computer today I never reformat. I may upgrade the operating system, but I don't wipe-out the hard drive and start from scratch.

I picked-up an adware virus in IE a while back. It manifested itself as audio commercials, and the audio continued even after closing IE. Only rebooting stopped it. Until I had time to address the problem I just used Firefox.

I eventually fixed it by doing an entire system scan with Adaware as an overnight job. Did I get it all? It seems to be gone because there are no audio ads with IE, but I can't say for sure. All I know for sure is that the problem is gone. But I'm not considering wiping-out my hard drive.


----------



## farmerj (Aug 20, 2011)

that is the risk you must way your options under and live with.

I watch my parents do this stuff on a daily basis with both personal and business computers. It generally results in employees being restricted from the computer for visiting sites at work they would not normally go to at home.


----------



## Kung (Jan 19, 2004)

Nevada said:


> Reloading the hard drive with a fresh Windows installation can be extremely disruptive to business.


I'd agree...but if you DON'T get the whole thing and it crops up later, it's not much better. I don't always advocate it, but to be honest, what people want 99% of the time is the quickest resolution with the least fuss...and a Windows reload achieves that, most of the time.


----------

