Win32/fynlovski.aa trojan problem

[jackthewar]

Win32/fynloski.aa trojan problem

Hello,

I got Win32/fynloski.aa trojan today & I am not sure if I had completely removed it, as I had heard it reappears after some time if not successfully removed from the computer.
Well, firstly I scanned my computer with Eset NOD 32 Antivirus & it found the trojan attached to my calc.exe (C:/Windows/SysWOW64/calc.exe), but it had failed to remove it. I tried to put it into quarantine which also ended up failing.
Afterwards, I ran CCleaner, Spybot S&D + removed the calc.exe manually from my computer & re-checked all of the registries connected to that trojan(listed below)

(The problem about this trojan is that it always changes places where it is, which makes it hard to remove manually, and even harder for an antivirus to remove it.
It also stealthily installs the backdoor encased in a Cabinet self-extractor, on the affected system. Also, it is a type of RAT (Remote Administration Tool) trojans and so far, no RAT actions have been taken on my PC, which is why I don't know if it's gone or not.
So far, as I had searched through internet, I found absolutely no antivirus programs that are capable of removing it themselves, without having to do it manually.)

This is all I had found about this trojan so far & that's why I'm asking is there something else left to do to remove it permanently off my computer?
(I had re-scanned my PC with Eset and it found no viruses, however, many people complain that the trojan stays hidden & undetectable after so called "temporary remove".)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0′

 

[C-11]

Welcome to Seven Forums.

Older thread but may help
Virus: Backdoor:Win32/Fynloski.A keeps reappearing. - Windows 7 Forums

 

[jackthewar]

Malwarebytes Anti-Malware -> Found no threats
HitmanPro 3.6.0 -> only found GameMon.des as suspicious file, but it is a anti-cheat for multiplayer games so it should be safe.

I guess there's no other programs to check it with? (Still believe CCleaner, S&D & ESET are the best for such stuff so far, as they have one of the biggest databases)

PS: I had contacted my friend who is a student in system-, security- and network administration & he had said that the trojan might still be somewhere on the PC, but that I would have to wait for a while to see if something happens or not. Other solutions?