deleting 2 specific viruses

A friend of mine's PC has gotten 8 viruses. he was running Norton -I suggested that he download AVG. AVG killed 6 of them. 2 viruses remain. The viruses are:
1. Trojan horse PSW.Tofger.F
2. Trojan horse PSW.Tofger.E

Any idea how he can get rid of them?
Thanks for your time.
He is running:
MS XP Pro
P2 400 mhz
Ram: 512
I/he would really appreciate any advice.
Thanks,
522.

 

try this
http://www.majorgeeks.com/download.php?det=1666

 

Thanks for the quick reply Kodo:
My freind ran the proggie but it found nothing...any other ideas?
Again AVG is finding (but not deleting):
1. Trojan horse PSW.Tofger.F
2. Trojan horse PSW.Tofger.E
-I relly do appreciate your help!
-522..

 

That virus/trojan must be new, apparently AVG just added it to their detection list on 12/4... I can't find any other info on it (by that name) anywhere but from AVG. Other AV proggies must call it something else.

What may be happening is that XP is not allowing AVG to access the file(s) that are infected (to clean them) cuz they're in use by Windows. I've seen that before.

A couple of things you can try:

This online trojan scanner: http://www.trojanscan.com/

Avast has a boot-time scan feature that might get the job done before XP can boot up and lock the files.

 

Panda ActiveScan currently detects this, so you should give it a go.

Regards,
Jade.

 

What has worked for me for files used by windows is to boot in MS DOS mode and renaming the files. Then you can move them to a floppy and then you can rename them again an virscan the floppy. I had to do it with the loader.exe.

 

Did you

disable system restore?

If you did not then those viruses will still be there and some programs might still detect them.

 

My friend has Sys. Restore disabled -he has tried Panda Online -which says that it has killed the trojans -but AVG continues to detect them.
Any other ideas? -I reallize that these items are fairly new -does it take some time for fixes to become available?
Thanks again,
-522.
(ps - I'm going to have to get my friend signed up to the MG boards, lol)
edit: My friend has not tried Alexps' idea of going to MS DOS> Renaming> moving to floppy -as he (and I) aren't sure how to do this.
Is it just a matter of noting the trojan's location and navigating to it through DOS? -and if so -how do you bring up DOS in XP?
(thanks again),
522.

 

fiver22,

Could you please follow this FAQ.

After following the FAQ, could you post your information/problem
here.

I promise you that the problem will be rectified.

Then could you post back here at MajorGeeks to let everyone know what the problem was after you get it sorted out .

Regards,
Jade.

 

Well, hopefully my friend will do exactly that -if you think it will help.
I'll hforward him the .lnk.
(thanks fer the help)
-522.

 

Glad to hear you will forward him the link.....make sure that he gathers all the information he can before posting over there - it will help.
Many antivirus/antitrojan developers/workers frequent that forum: Magnus Mischel of TrojanHunter , Kevin and Nancy Mcleavey of BOClean and the makers of TDS-3( Wayne,Gavin,Jason) etc,etc.

Regards,
Jade.

 

Maybe this will Help?
Has the info I think you are looking for.
http://www.sophos.com/virusinfo/analyses/trojtofgera.html

I googled it...hope this is the right one for recovery.


P.S. Says trojan is still in the wild....and when I put in
Tofger.F in their search it returns to the original Tofger-A
and Tofger-B

 

Hello folks, I'm Fiver22's friend and have just become an active member of this forum... my first post.

Update...
Thank you for all the suggestions, I'm still trying to systimatically go through all the ideas that everybody has posted, I'm hoping that one of these online or downloaded anti-virus services can help fix the problem...

I'm not very comfortable modifying files in MS-DOS or such... but I'll try to keep an update on some of my results.

Regards,

Jetboatguy

 

Welcome to MajorGeeks jetboatguy .

Please follow the links I provided in my former post as I am certain your problem will be resolved _very_ quickly .

Ezaxs99.....Sophos referance I have seen _BUT_.....the problem is that their are many variants of trojans/virii/ etc. and this one just happens to be a password and keystroke thieving trojan. That is why I referrenced the other site earlier (best to deal with the problem _quickly_) - leave it to the professional malware researchers I say (especially when dealing with password stealing and keylogging malware).

Many regards,
Jade.

 

Things got a whole lot better...

4 nasty links on my desktop are now gone on the reboots, and my browsers favorites folder is clean on the reboot as well...


Seems like Trojan Hunter is the winner for fixing my virus/registry problem...

thanx alot you all...

 

Good stuff jetboatguy . Glad to see you got it sorted.

Regards,
Jade.

 

@Jabman

Welcome JetBoatGuy!

And I defer to the Advice given by Jabman....less confusing
to go to the Source...

Jabman....sorry, I failed to read your post carefully...and hope
JetBoatGuy was not confused by my entr;y....

 

Wild,
problem resolved: that's always a good thing. -Jabman: great link(s) by the way! -everyone should have that(/those) one(s). Ive been reading through the forums and there is a ton of great info. Interresting and useful(l).
-522.