Different Windows

I thought you were my friend!

I contacted Symantec Tech support, which informed me that the file I found was indeed the Trojan Horse causing the problems. Its full name was "UninstallMS.exe\Mine.exe. The latter part, Mine.exe, is the name of the host file. I was told it was probably hiding somewhere else on the hard disk, and that is what was re-creating the Uninstallms.exe file in the Windows directory. Symantec emailed me a document file with the procedure for cleaning the Trojan from the system.

By this point, I had developed most of the cleaning procedure on my own; the only thing I didn't know was where the host file that was recreating the virus after deletion was hiding. Using the Symantec information, I removed the virus from the computer and went looking for the host file. Since I wasn't sure which EXE file was the host of the Trojan without actually running it and re-infecting the computer, I deleted everything that I found in a few download folders located on the hard drive.

Rematch with Uninstallms.exe

I contacted Mrs. Smith and explained her problem and that her computer was fixed. She seemed rather shocked and upset about it, asking how she could have received a Trojan horse virus. I stated that most likely either her, or one of her kids had downloaded an infected file from a friend, or opened an e-mail attachment from someone they didn't know.

"But, why would my friends do this to me? That doesn't make any sense!" she lamented.

I tried to explain to her that more than likely, the person the virus came from wasn't even aware it was there, or possibly didn't even know the mail had been sent. She did have a 14-year-old son, so I inferred that he probably infected the computer with the virus accidentally. I suggested that she contact AOL and inform them of the virus and to change her passwords, and finally to keep a close eye on what her son was downloading to prevent re-infection.