HI, Can anyone out there help me, I have Viruses or Trojan Horses(whatever you want to call them, I'm sure it's a Trojan) on my computer. I currently use Avast antivirus, Ad-Aware SE, Search and Destroy, Microsoft Antispyware and nothing seems to get them off. I use Windows xp. The names of the Trojans are:
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
 
Win32:Kelvir[wrm]
tmp.exe
 
updater.exe
 
setup.exe
 
 
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
 
Jason ;(

HI, Can anyone out there help me, I have Viruses or Trojan Horses(whatever you want to call them, I'm sure it's a Trojan) on my computer. I currently use Avast antivirus, Ad-Aware SE, Search and Destroy, Microsoft Antispyware and nothing seems to get them off. I use Windows xp. The names of the Trojans are:
 
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
 
Win32:Kelvir[wrm]
tmp.exe
 
updater.exe
 
setup.exe
 
 
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
 
Jason ;(

HI, Can anyone out there help me, I have Viruses or Trojan Horses(whatever you want to call them, I'm sure it's a Trojan) on my computer. I currently use Avast antivirus, Ad-Aware SE, Search and Destroy, Microsoft Antispyware and nothing seems to get them off. I use Windows xp. The names of the Trojans are:
 
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
 
Win32:Kelvir[wrm]
tmp.exe
 
updater.exe
 
setup.exe
 
 
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
 
Jason ;(

HI, Can anyone out there help me, I have Viruses or Trojan Horses(whatever you want to call them, I'm sure it's a Trojan) on my computer. I currently use Avast antivirus, Ad-Aware SE, Search and Destroy, Microsoft Antispyware and nothing seems to get them off. I use Windows xp. The names of the Trojans are:
 
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
 
Win32:Kelvir[wrm]
tmp.exe
 
updater.exe
 
setup.exe
 
 
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
 
Jason ;(

HI, Can anyone out there help me, I have Viruses or Trojan Horses(whatever you want to call them, I'm sure it's a Trojan) on my computer. I currently use Avast antivirus, Ad-Aware SE, Search and Destroy, Microsoft Antispyware and nothing seems to get them off. I use Windows xp. The names of the Trojans are:
 
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
 
Win32:Kelvir[wrm]
tmp.exe
 
updater.exe
 
setup.exe
 
 
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
 
Jason ;(

HI, Can anyone out there help me, I have Viruses or Trojan Horses(whatever you want to call them, I'm sure it's a Trojan) on my computer. I currently use Avast antivirus, Ad-Aware SE, Search and Destroy, Microsoft Antispyware and nothing seems to get them off. I use Windows xp. The names of the Trojans are:
 
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
 
Win32:Kelvir[wrm]
tmp.exe
 
updater.exe
 
setup.exe
 
 
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
 
Jason ;(

First: Do not multipost.

Second:
update all your antivirus/antiad/spy/malware programs.
Download program called hijack this.
Scan and save log. Post the log here.
 
Reboot into Safe mode. Press F8 after BIOS loads and before Windows loads.
Do system scan with all programs you got.
 
The Avast! have nice feature called boot-time scan.
Use it.
In the Simple User Interface, go to the main menu, "Settings" and select "Schedule Boot-Time Scan". From the Enhanced User Interface, select the Scheduler toolbar and you'll see the icon "Schedule boot-time scan" (the rightmost one).
 
These for start.
 
<edit>
1) Boot into Safe Mode.
 
2) Disable System Restore.
Log on as Administrator.
Right-click the My Computer icon on the desktop and click Properties.
Click the System Restore tab.
Select Turn off System Restore.
Click Apply > Yes > OK.
Continue with the scan/clean process. Files under the _Restore folder can now be deleted.
Re-enable System Restore by clearing Turn off System Restore, if you want to re-enable it.
 
3) Terminate malware processes
Press Ctrl+Shift+Esc at same time to open Task Manager. Goto Processes tab, find the processes you mentioned. Select them one by one and right-click and select End Process from pop-up menu.
 
4) Remove autostart entries from the registry.
Open Registry Editor.
Click Start>Run, type REGEDIT, then press Enter.
 
In the left panel, double-click the following:
"HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Run" In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
 
In the left panel, double-click the following:
"HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>RunServices"
In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
 
In the left panel, double-click the following:
"HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run"
In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
 
In the left panel, double-click the following: "HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>
RunServices"
In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
 
In the left panel, double-click the following:
"HKEY_CURRENT_USER>Software>Microsoft>Ole"
In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
 
In the left panel, double-click the following:
"HKEY_CURRENT_USER>Software>Microsoft>Lsa"
In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
 
5) Restoring Modified Registry Entries
In the left panel, double-click the following:
"HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>Ole"
In the right panel, locate and modify the following registry entry from:
EnableDCOM = "N" to
EnableDCOM = "Y"
 
In the left panel, double-click the following:
"HKEY_LOCAL_MACHINE>System>CurrentControlSet>Control>Lsa"
In the right panel, locate and modify the following registry entry from:
Restrictanonymous = "00001" to
Restrictanonymous = "00000"
 
Close Registry Editor.
 
6) Rescan system
 
</edit>

AND:
Open System Configuration Editor.
To do this, click Start>Run, type SYSEDIT, then press Enter.
Select the SYSTEM.INI window.
Under the [boot] section, locate the line that begins with:
"Shell = explorer.exe load.exe –dontrunold"
Modify that line so that it will read:
"Shell = explorer.exe"
Select the WIN.INI window.
Under the [windows] section, locate the line that begins with:
"run =".
Modify the line to:
"run ="
Close System Configuration Editor and click Yes when prompted to save.
Click Start>Run, type WININIT.INI then hit the Enter key.
Look for and then delete the lines that contain the following text string:
mepXXXXX.tmp.exe
Save and close WININIT.INI file.

I assume you cannot delete them with avast nor send them to the virus chest. Then what I do when avast fails is to go for the files and rename them manually Or delete them permanently with shift+del.

I assume you couldnt delete them with avast itself nor send them to the chest. So try deleting them manually and permanently by shift+del or rename them. If necessary in safe mode.

HI j12a3s4o5n6,
Immediately scan with updated Kaspersky Personal / Pro Trail version. If you can't do that then try Mcafee VirusScan Enterprise 90-day trial available.