I have a trojan horse infection that lives in memory and seems to be impossible to get rid of. I've tried a few antivirus products (Norton, Windows Essentials and AVG Free) all to no avail and I've recently tried a few bootable antivirus solutions.

  • Kaspersky Rescue Disk 2008: failed - it wouldn't even load the UI, is there a newer one out there?
  • F Secure Rescue Disk: updates and scanner ran, found 10 infections, stated it was going to delete or repair them, but didn't get rid of them.
  • Avira: found a lot of infections but froze when I tried to interact with the UI after the scan.

Every time I run these I'll boot Windows afterwards and run AVG - it still finds Trojan Horse Generic.15.apnz (in Services.exe) and Trojan Horse Generic.16.ARSU (in svchost.exe)

Is anyone familiar with a virus like this? Is there a working solution for removing it?

5 Answers 5


Backup your important files, format your hard drive and reïnstall your OS.

I think this is probably the safest way to get rid of the trojan horse; the longer it takes the more damage you will probably experience.

  • turns out nothing i tried worked.. I had to reformat.
    – DaveDev
    Commented Jul 18, 2010 at 11:59

I have not tried it (I don't have that virus), but the following link shows steps to remove and at least one user that got rid of it:



Back up your data, format the machine and reinstall from trusted backups/restore media.

Then virus scan your data and do not allow anything on that backup to execute before putting it back on the now clean machine.

That's generally enough for a home system.


I know this is old now, but it came up again on the active view and I had to add my two cents:

Penny #1 (first mistake): This isn't a forum. It's a question and answer site. The difference is subtle but important.

Penny #2 (second mistake): Never try to clean up any confirmed malware infection.

These days, one virus will often download other, sneakier viruses. You may clean up the original problem and still have another, more dangerous miscreant lurking about. Once upon a time, just removing obvious symptoms was enough; the odds of something more dangerous surviving your cleanup were low enough and the risk you took on for this gamble was low. These days, both terms of that equation have changed. Modern rootkits make a virus more likely to survive a general clean up, and things like online banking and purchasing make your risk much greater. The best thing to do now is save your data, reformat your drive, and then reinstall everything. Don't even try to clean up a confirmed infection.

That said, if you must make the attempt, the way to do it is with a clean operating system. Boot from a cd or other external media, mount your hard drive from there, and use an antivirus tool included as part of that external boot device to clean your system.

  • just out of curiosity, what do you mean by the point you make with 'Penny #1'?
    – DaveDev
    Commented Jul 20, 2010 at 21:06
  • @DaveDev - It means there is no right or wrong place for the question. If it fits the site, it fits the whole site. It also means we don't do certain kinds of threads: polls, discussions, subjective questions, and come down much harder on off-topic content. Commented Jul 21, 2010 at 0:36
  • "we don't do certain kinds of threads: polls, discussions, subjective questions, and come down much harder on off-topic content".. this question is none of those. I asked a question to which I needed an answer. I got received a number of answers, and eventually marked one of them as correct.
    – DaveDev
    Commented Jul 23, 2010 at 7:35
  • @Dave - Yes, this question is fine. My point, though, is that it's best to be in the habit early not to think of the site as a forum. Commented Jul 24, 2010 at 0:08

Symantec Endpoint Protection, Microsoft Malicious Software Removal Tool, Malwarebytes and Spybot. Load them all up at the same time and you should kill it.

If it doesn't, reformat.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .