Home | Details | Download | Updates | Register | Support | FAQ | Contact Us
If your question is not covered here, you can click on the Details link above for general information on Trojan Remover. If you have a particular query, click on the Support link above. If you have a question that you think should be in this FAQ, email us the details - us the Contact Us link above.
Trojan Remover contains a comprehensive help file. To access the help file start Trojan Remover and select Help | Help Contents. Context-sensitive help is also available in most Trojan Remover screens - simply tap the F1 key to show the help for that screen. The help file can also be accessed online, here. When minor updates are made to the help file, they may appear in this online version before they are released in a Program Update.
FAQ last updated: 24th June 2008
Firewall/Process
Monitor Issues
Why does my Process Monitor always raise an alert when I start Trojan Remover?
My
Firewall/Process Monitor shows an alert saying that Trojan Remover wants to
create a service called TRDUMMYnn (where nn are random numbers). Is it
safe to allow this?
Kaspersky Antivirus shows an alert screen every time I
start Trojan Remover, about a "hidden install". I have added Trojan Remover
to the Trusted Zone, but I still get the alerts - how do I stop this?
Installing/Uninstalling
When I run Trojan Remover's installation (or Update)
program the installation screen appears, and then disappears. I cannot
install the program.
Why do I
get an error message about a missing file when I try to uninstall Trojan
Remover?
Malware
Issues
How
do I submit a file for analysis?
Trojan
Remover renames Malware files. Why doesn't the program just delete these
malicious files completely?
Problems
Starting Trojan Remover
I get
the error message "A required DLL file, GDIPLUS.DLL, was not found" (or "The
dynamic link library gdiplus.dll could not be found") when I try to start
Trojan Remover (or the FastScan
runs).
Why, when I start
Trojan Remover, does it just hang, consuming 100% (50% on dual-core
processors) of CPU time?
How do I fix the error message
"The application failed to initialize properly (0xc0000005)."?
Windows
Vista Issues
Why
does the FastScan screen appear blacked out when I start the PC?
Why
do I get a User Account Control prompt every time I start Trojan Remover?
Firewall/Process Monitor Issues
Why does my Process Monitor always raise an alert when I start Trojan Remover?
When Trojan Remover launches, it creates a randomly-named copy of the main executable file, then launches this copy. This is part of Trojan Remover's defenses against malicious process killers. Some Process Monitors see this behaviour as suspicious. You should instruct your Process Monitor to always allow this behaviour by Trojan Remover, or you will continue to get alerts each time the program is launched. However, if your Process Monitor acts simply on filenames, and not by checking the executable properly (by MD5 signature, for example), then you may continue to see alerts as Trojan Remover's main filename is different each time it is launched.
One way to stop these alerts is to start Trojan Remover, select Options and click on "Random filename generation protection enabled" to turn this option off. You should then instruct your Process Monitor to always allow Trojan Remover to launch RMT.EXE.
Turning off random filename generation does make Trojan Remover more vulnerable to malicious process killers: however, your Process Monitor itself should prevent any such malicious activity, so there should be no increased risk.
My
Firewall/Process Monitor shows an alert saying that Trojan Remover wants to
create a service called TRDUMMYnn (where nn are random numbers). Is it
safe to allow this?
Yes, you should allow this action. TRDUMMYnnn is part of Trojan
Remover's routines to check for stealthed (rootkit) drivers. Basically, Trojan Remover writes a dummy service entry to the registry, just to confirm that it has write access. The entry is immediately deleted. You should instruct
your Firewall/Process Monitor to always allow this.
Kaspersky Antivirus shows an alert screen every time I start Trojan
Remover, about a "hidden install". I have added Trojan Remover to the
Trusted Zone, but I still get alerts - how do I stop this?
Start Trojan Remover. When the
"hidden install" alert appears, click on "Add to Trusted
Zone". In the screen that appears, click on the blue highlighted "Hidden
install.." message next to Verdict mask. In the box that appears, remove
the checkmark from the "Advanced Settings" box. Click on OK to close the
box, click on OK again to close the Exclusion Mask box. The "hidden
install" alert should no longer appear when you start Trojan Remover.
General
When Trojan
Remover has completed a scan, why do I see the message "One or more files
are currently excluded from scanning"?
This means that during the scan (or
during an earlier scan) you selected the option to disable one or more files
from scanning when you were presented with an alert screen. You can review
which files are currently excluded from scanning by selecting File | Manage
Excluded Files from Trojan Remover's main menu. Here you can add, remove or
edit the entries.
Installing/Uninstalling
When I run
Trojan Remover's installation (or Update) program the installation screen
appears, and then disappears. I cannot install/update the program.
Some malware programs deliberately try
to prevent the installation of anti-malware programs. If, when trying to
install Trojan Remover, you see the installation screen completely disappear
whilst you are installing the program, this is probably being caused by the
malware program shutting down our installer. The work-around for this is to
run a "silent" install. Ensure that you have saved the trjsetup[nnn].exe
file (or trj[nnn].exe, if you are trying to run the
Program Update) where [nnn] is the version number, to a directory on your PC. Click START > Run. In the
box that comes up, type in:
"<path to file>\trjsetup[nnn].exe" /silent
("<path to file>\trj[nnn].exe" /silent if installing the Program Update)
and press the ENTER key. Replace <path to file> with the actual path to
where you saved the downloaded setup file. Make sure that the path and
filename are surrounded by quotes, as shown in the examples above. For
example, if you have saved the setup file to C:\My
Downloads, then the command would look like this:
"C:\My Downloads\trjsetup675.exe" /silent (there is a space before the /silent).
This will install Trojan Remover to the default directory, i.e. C:\Program
Files\Trojan Remover. You will see a progress window as the installation
proceeds.
You may need to try this a couple of times - the installation is fast, but it needs to be faster than the malware trying to stop it.. You will know when the install has succeeded when Trojan Remover's icon appears on the desktop.
If you still cannot install Trojan Remover using this method, then you should try to install the program in SAFE mode.
Why
do I get an error message about a missing file when I try to uninstall
Trojan Remover?
The usual reason for errors when
uninstalling Trojan Remover is that one or more components have been
manually removed. The fix is to
download
and install a new FULL copy of the program. Once installed go to START | All
Programs | Trojan Remover | Uninstall Trojan Remover (in Windows Vista, go
to Start | Control Panel | Programs | Uninstall a Program - select Trojan
Remover then click on the Uninstall button near the top of the window).
Malware Issues
How
do I submit a file for analysis?
Instructions on how to send file(s) to Simply
Super Software for analysis are on the Contact
Us page.
Trojan
Remover renames Malware files. Why doesn't the program just delete these
malicious files completely?
This is a quarantine function. Trojan Remover
renames Malware files by adding the extension '.VIR' to the filename. This
disables the file from being run. If the file was immediately permanently
deleted, and then you realised that you wanted to keep the file (either for
analysis, or (rarely) if it was a false positive detection), it would be too
late. By renaming the file, you have the opportunity to restore it should
you wish to (simply by removing the '.VIR' extension). When you have decided
you do not want to keep the disabled file, you can simply delete it. You can
also run a Directory scan with the option 'Scan Files already renamed by
Trojan Remover' checked. When such a file is located, Trojan Remover will
then offer to permanently delete the file.
Problems Starting Trojan Remover
I get the
error message "A required DLL file, GDIPLUS.DLL, was not found" (or "The
dynamic link library gdiplus.dll could not be found") when I try to
start Trojan Remover (or the FastScan runs).
Earlier versions of Trojan Remover required the use of the Microsoft
Windows file GDIPLUS.DLL. Later versions do not. Update your program to the
latest version and this should resolve the issue. To update, download and manually install the latest Program Update for Trojan
Remover from the
Updates page.
Why,
when I start Trojan Remover, does it just hang, consuming 100% (50% on
dual-core processors) of CPU time?
The most likely cause is a known
conflict with System Mechanic, from Iolo Systems. Our Support
page has more detailed information on this problem and a work-around.
How do I fix the error message "The application failed
to initialize properly (0xc0000005)."?
This error message can be caused by a
malware program attempting to prevent Trojan Remover from running. Try the
following work-around to run a scan with Trojan Remover:
Locate the Trojan Remover program files directory (normally
C:\Program Files\Trojan Remover). Make a copy of
the "rmvtrjan.exe" file. Rename this copy to a different name (anything you
choose, e.g. "mynewprog.exe"). Double-click on this renamed file to start
Trojan Remover. The program should now start, and you will be able to run a
scan.
Windows Vista Issues
Why
does the FastScan screen appear blacked out when I start the PC?
When you start the PC and the FastScan
screen appears, sometimes the screen appears to be blacked out, and the
titlebar says that the FastScan program is "not responding". This
happens when Vista is busy dealing with all the other program startup
requirements. There is no need for you to do anything, the FastScan will
start scanning correctly once it is allocated enough processor time.
Why
do I get a User Account Control prompt every time I start Trojan Remover?
If you have User Access Control
(UAC) enabled (it is enabled by default, and Microsoft highly recommend you
leave it enabled), each time you start Trojan Remover you will see a UAC
elevation prompt. This is because Trojan Remover requires access to
protected system areas and processes. It is more sensible to ask for UAC
elevation the one time, when the program starts, rather than ask each time a
different protected area is accessed during the scan.