Hey, i have mcafee security centre and when i connect to my internet mcafee detects a trojan called downloader-AFH. I have tried using my virus scan but it doesnt seem to be going away.

Can anyone help me please???

11 Years
Discussion Span
Last Post by hazdude

Go here and read the characteristics,symptoms and such and it will tell you how to remove.you will need to get into the registry so do exactly as it says.

to see the winstall.exe you may need to go to in my computer - tools - folder options - view and uncheck Hide protected operating system files.



It had gone away for a while but its back now and it doesnt seem to be going away as none of the files in that link are actually there, but its still keeps coming up.

HELP!!! please


Do it again but this time disable your system restore if you do not know how go here.


Also run this free online scan:


After you have done that go here and get HiJackTthis.


run it save log file it will put it where ever you put HJT.I make a folder in my root directory called HiJackThis and put HJT in there.now open the log file copy and paste it in this site.


Click analayze it will tell you what to have it fix and what not to fix.

after you are done reboot re-eanble system restore that should take care of it.


This might seem like a really stupid question. but how do i delete the files that need deleting?
and do i only delete the files with the crosses next to them?


the reason the virus might keep coming back is it may be hiding in your system restore area.

boot into safemode (hit f8 repeatedly during windows initial startup)
login as admin
right click on your harddisk and turn system restore off under properties (this wil delete any restore points!)
reboot back into safemode again and turn it back on
start windows normally


That's not a stupid question Bud.

No such thing as a Stupid Question just Stupid Answers.LOL

Yes when you paste the log in the analyzer it will have a green check next to good and a yellow next to what has been reported as non threat read the thing next to the marks the red Xs definetley Fix.

The yellow if your not for sure what they are fix anyway.

what you do is with HiJackThis is when you do a scan it has a list of stuff there will be a box next to each one.any box you put a check mark in and at the bottom click fix checked it will fix.


Not to tempt fate but it looks like its gone for now. Turned my computer on and off a couple of times and it hasnt appeared so thanks for the help. Appreciate it.


Man alive its come back... i cant believe it. I checked the HijackThis list and found that this (below) was the only red mark that came up. so i can only assume that this is whats causing the problem. Im getting pretty cheesed off, it could be a website that im going on that is getting the trojan on my computer. Any suggestion?O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

The entry &AOL Toolbar search has been identified as nasty.


Actually, this is a Smitfraud infection.

There are a couple dedicated removal tools for this.

-- A note on HJT and Online Analyzers.
Both miss a lot. An online analyzer is only as good as it's DB and there are a ton of baddies that do not show in a HJT Log in the first place.

-- Hazdude,
I'd be happy to help you clean this, time permitting (I am juggling a number of threads in a number of forums at the moment).
At this point, I am not sure what you have and haven't done to your machine. So, please do the following:
Please look at the steps I have written here and obtain the three logs as directed and post them here.
1- Kaspersky
2- AVG Anti-Spy
3- Fresh HJT Log

Often, there are multiple malware issues with this infection and it helps to get a good baseline from which to start. Those scans will do it and we'll go from there.

Cheers :)


Thanks alot everyone who replyed i ran a couple off virus scans and deleted a few of the files they found and it seems to have disappeared.

Thanks again to everyone

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.