# Trojan removal



## plschley (Apr 11, 2007)

I have the Trojan Gord on two XPpro user computers on my network. I use Symantec Endpoint for network and computer protection. I have run the virus scan several times and every time the user restarts the computer it shows that Gord has been picked up. I have followed the directions from Symantec such as disabling system restore and run full scan, I tried using safe more and still Im not ale to remove it. I use Malwarebytes- Antivirus and it doesnt see the file. Symantec logs indicated that it was located in a file called overlay.xul. I found that and deleted it. Yet when I restart the computer, Symantec still shows Im infected. There must be an exe file somewhere I don't see. I found one Google link explaining how to manually remove it but the files the article said I had, I didn't. Maybe because Endpoint took them out already, not sure. Any ideas?


----------



## plschley (Apr 11, 2007)

Has anyone had this problem? Any help for me?


----------



## plschley (Apr 11, 2007)

Trojan.gord 
Hello, 
I have the basically same situation as the following post with a few exceptions I'm running xp home sp2 and have NAV2010 as security. Basically what is happening is that Norton is picking up and blocking trojan.gord(my browser isn't redirecting in search at any rate) but it is not resolving the underlying issue as the virus seems to reappear and is blocked on EVERY subsequent start up. I've run malwarebytes ...it didnt get it either. Also spent a bunch of time online with symantec trying to get the tech to give me manual removal instructions to no avail. The only knowledge I've found on the subject states that it is related to overlay.xul in firefox. I would really like to remove this manually as i have read other accounts of many programs being used to no avail. I'm not very well versed in this but i cant see that it would take much more than a few file/directory deletions and registry edits to fix this i just need the info to do it. Thanks very much for help in resolving this issue. As below i have followed the symantec directions(useless) and run malwarebytes
quote
Trojan removal I have the Trojan Gord on two XPpro user computers on my network. I use Symantec Endpoint for network and computer protection. I have run the virus scan several times and every time the user restarts the computer it shows that Gord has been picked up. I have followed the directions from Symantec such as disabling system restore and run full scan, I tried using safe more and still Im not ale to remove it. I use Malwarebytes- Antivirus and it doesnt see the file. Symantec logs indicated that it was located in a file called overlay.xul. I found that and deleted it. Yet when I restart the computer, Symantec still shows Im infected. There must be an exe file somewhere I don't see. I found one Google link explaining how to manually remove it but the files the article said I had, I didn't. Maybe because Endpoint took them out already, not sure. Any ideas?

--------------------------------------------------------------------------------
Last edited by bdog1963 : 26-Dec-2009 10:36 PM. Reason: add tags 
Register for free to hide this ad!

bdog1963

Junior Member with 4 posts. Join Date: Dec 2009

30-Dec-2009, 12:19 AM #2 
bump for assistance thanx!!!

bdog1963

Junior Member with 4 posts. Join Date: Dec 2009

31-Dec-2009, 01:49 AM #3 
update 
i dont know that these are related at all but.... norton required a restart of my computer after quarantining udefitequwez.dll (Trojan.Zefarch) since this occurrence i no longer get the trojan.gord message but i get this run dll notification on every startup... Error loading c:/windows/udefitequwez.dll specified module couldn't be found. I have searched fort this file and it doesnt exist but the warning persists on startup. This is also a browzer hijack per symantec so not sure if the issue is related it also states this has been on maching since 10/24/09 but just caught today ...hmmm.

bdog1963

Junior Member with 4 posts. Join Date: Dec 2009

01-Jan-2010, 09:58 PM #4 
update2 
A couple of notes since the finding and quarantining of trojan.zefarch i've no longer had the recurring issuse with trojan gord. And as to the run dll startup issue i cited earlier it seems norton deleted the udefitequwez.dll but failed to remove the associated start up item. Unchecking the item in msconfig startup has stopped the process but i still an not sure how to remove the orphaned startup entry .

Dear blog1963

I too have the same thing, the Zefarch Trojan. I ran Symantec and tried the restart as you did but it was no help. I found how to remove Zefarch manually but the strings are different then what I see. This has been tough! I notice on both machines that the key boards wont work and I have to re-boot several times. If anyone would have any idea, I would surely be grateful. I was not able to post a reply to your account blog1993. I hope you see this. . Pat


----------

