How do I get rid of this specific Trojan Virus?

I currently use Avira Anti-Virus software, and it's been working well for quite some time.

But this new virus (I haven't had a serious one like this for a couple years) is creating some problems, I want to get rid of it safely, without doing a clean XP boot(I haven't the time or patience):

- C:\WINDOWS\system32\ncntltdm.exe is the TR/Downloader.Gen Trojan (according to Avira)

I've tried 'moving it to quarantine', 'deleting' it, as well as 'deny access' but its allowing Internet Explorer to use my cpu (create a process on boot, which is using too much memory) causing strange noises and pop ups (which I think my pop up blocker is blocking, but I think it's doing that constantly) which in turn slows down my system. Every time I log I get this problem, and then I have to end the iexplore.exe process (crtl,alt,delete)

Note, I use Firefox, not IE ... Tried a 3 hour virus scan, which deleted 3 items, but this major one is still occurring.

What should I do?
Delete the file from the WINDOWS folder myself?
Are there any specific trojan anti-virus programs that I could use then uninstall?
Uninstall IE? Then Reinstall IE?

 

I suggest a Google search which will lead you to quite a few discussions of that virus, or try this site. Read the pertinent info though, before posting if you so choose. Those folks are very good with these sorts of issues, but are sticklers about following their procedures. Good luck.

FWIW, there are several sites on the web which can help you with HiJackThis logs, and rooting out malware, but this is best of them, IMHO.

 

I have heard good things about Avira, but I personally use and favor Symantec Norton AntiVirus with which I always have a trouble-free computer. Might want to think about getting a copy for yourself.

 

Download a trial copy of Norton and use that to wipe the virus.

 

Ok, let I'll try getting the trial.

If Norton doesn't work, then I'll definitely check out those forums. Just don't have that kind of time right now ..

 

Don’t bother downloading trial versions or *other versions of virus protection, fundamentally they are all so similar with very tiny differences. Nearly every popular program out there has difficulty removing TR/Downloader.Gen Trojan generations. Plus you can waste days scanning.

Your best bet is to download utilities like unlocker.exe and other shell utilities.

Finding the .dll or .exe or X that pumps out new copies is your first priority, locating it isn’t usually that difficult, and looks like you found it. Unlocking it from its core windows file, typically winlogon.exe or a svchost.exe can be the trickiest part.

I just posted about removing a very similar style virus.

Try http://ccollomb.free.fr/unlocker/

 

hmm that sux bro, well just throwing it out there if everything fails. Fresh install ftw! At least that way you will be 100% sure you are virus free

 

Your right, Norton didn't do much

I'll try that utility, I know where the .dll is (it says there is an error there each time I log in...)

I'll search your post.

 

You might try this program--I have had luck with it: http://www.freedrweb.com/cureit/

Also try SuperAntispyware.

 

Sorry to hear that, It was the first program I bought when I got my laptop. Let me know how your situation turns out...

 

Well I Finally deleted it using this quick guide:

http://www.bleepingcomputer.com/tutorials/tutorial101.html

And this (small) yet awesome program needed for the guide:

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Steps:
(1)Run in Safe Mode
(2)Use 'Autoruns' to find out what unknowns are running in the services or programs at startup
(3)Delete the virus/malware using Autoruns (right click, delete) [The one I deleted stuck out from the short list]
(4)Delete the virus/malware from your windows\windows32(or what ever 'bit', Windows you have) folder

No more problems:

By the way, it seems like the virus was created in the wee hours of the morning while 'limewire' was running. I think it's time I get rid of that p2p crap, if I'm not really using it

 

Glad you got rid of it and thanks for sharing how you did!

I parallel AV/FW software to flack jackets, not even those great Kevlar ones of today, the old sort they wore in WWII. Mild body protection at best, but good scripts go for the head and never miss. With that in mind

get to know your ports processes and events intimately, and kill what you don’t need.

Another great tool every windows user should not be without is DropMyRights
http://nonadmin.editme.com/DropMyRights