Classic British Flight Sim

I need some help please from the experts on here.

Has anyone come across the above as it's driving me mad?

It generates a fake Windows Defender Alert window pop up which when you click on it apparently does unpleasant things to your computer (fortunately I did not click on it but some files are on my system). I've Googled it and tried all the suggested removal procedures but to no avail, in fact none of the suggested free scans even identify it.

My registry cleaner identifies the files but can't seem to delete them all. I've System Restored back to before I had the problem and on doing a registry scan all is OK. However, if I then go into Windows Mail then scan again the files are there, which seems to indicate that it came in on an e-mail. I deleted all e-mails back to before the problem arose, went through the restore process again but activating Windows Mail throws the files up again in the registry so it seems that the damage is done and that the infection is now somewhere in the root of Windows Mail or even Vista. As Windows Mail is apparently part of the Vista O/S it can't be unistalled seperately.

So, short of a format and complete re-instal of Vista does anyone have any ideas?

Thanks,

Pete

Hi Pete.

I was going to ask if you had tried MalwareBytes Anti-Malware (free) as it seems to be the most effective prog around at the moment. I did a google and found this post that does indeed suggest that it will remove that trojan for you and explains in a lot of detail how it works. It's helped me get rid of some difficult stuff on friends' PCs so I keep it on mine and use it weekly.

http://www.bleepingcomputer.com/malware ... WIN32.Fung

http://www.malwarebytes.org/mbam.php

Hopefully - if it's one you haven't tried, it might do the trick.

Ian

Thanks Ian,

Malwarebytes was the first one I tried but it found nothing.

It seems that what is left on the system is the registry files and I can only throw these up by searching the registry for the specific files. As none of the "try first" scanners I have tried have identified anything malicious I am reluctant to invest in the associated commercial malware removers.

I am not sure now if there is anything malicious left on the system but do I take the chance????

Pete

It does seem as though you have got rid of the Trojan and are just left with a few orphan registry entries but I don't understand why your reg cleaner won't delete them.

Sorry, if this sound like I'm stating the bleedin' obvious Pete, it seems as though you are pretty well on top of it, but just to make sure you've tried everything I can think of:

Is it that you delete the registry entries and they return after a reboot? If so it may be because there are copies in the System Restore file. You could switch off system restore, reboot, delete the entries and reboot again and if that's the case then they won't return and you can switch it on again. On the downside you won't have a restore file previous to your last reboot.

Ian

Pete,

Here is another link with removal instructions to try:

http://www.removeonline.com/remove-troj ... tructions/

Nigel²

www.spywarewarrior.com this is agood site for info use their forum, also use hijack this its a good prog for finding out whats going on!

That's a useful site, Tony. I've put that on favorites - just in case ...

Ian

Thanks for your help everyone.

I've tried all the suggestions including running all the malware scans and registry cleaners (the free ones anyway) known to man but the registry entries keep regenerating (Dr Who?).
I'm wondering if what I am seeing are the registry entries for the searches I am running but as I have no idea how registry entries are generated I'm in unknown territory here. If not, what bothers me is that if the entries keep regenerating what is causing it? It seems to me that something is buried in the system and hidden and could well be doing other things as well.

In the time it has taken so far to try fixing the problem I could have reinstalled Vista and rebuilt it back to where I was!!!!

Not sure where to go from here but I can see a reinstall looming.

Thanks again,

Pete

A trip to the spywarrior forum will see you resolve this, I have used them to great effect in the past, I would suggest trying to remove things in safe mode...if Vista has sucha thing??