how to edit/manipulate .exe files to remove parts?

[Xylob the Destroyer]

My anti-virus is telling me that an .exe file on my server has a Trojan Horse embedded in it.
This .exe contains several other .exe files and one of them is either the Trojan itself or infected with the Trojan.

I've managed to explore the main .exe with WinRAR and can drill down to the "bad" file, but cannot delete it from within WinRAR.
I've been able to perform such activity with other files, but they were all .zip or .rar files...

How can I extract/delete this bad .exe file from within the .exe file that contains it?
I'm not a programmer or coder, so a hex editor will do nothing for me.
I need a GUI.

I've tried Restorator, M Exe Editor, and PE Explorer but none seem able to do what I need.

TIA!!

[jman98]

You don't say what your anti-virus program is, but you should be aware that some do report false positives. This is what I would recommend.

1) Install another anti-virus program such as AVG or Avast (both free) and see if it confirms the Trojan. Some anti-virus just basically assume that any executable archive has a Trojan in it and it reports a false positive, so you should definitely confirm it. Note that it's kind of tricky to get the free AVG without having to agree to some sort of offer you don't want, so try getting it at http://www.download.com as I was able to get it there without all that "Free offer" nonsense on the main AVG website.
2) If another anti-virus program confirms the trojan, the safest thing to do is delete the whole *.exe file. Generally *.exe archives are actually based on ZIP technology, so WinZip might be able to delete the infected file from the archive. Or it's possible that the anti-viirus program you installed in step 1 to check the file can delete it.

[AlanHK]

My anti-virus is telling me that an .exe file on my server has a Trojan Horse embedded in it.
This .exe contains several other .exe files and one of them is either the Trojan itself or infected with the Trojan.

I've managed to explore the main .exe with WinRAR and can drill down to the "bad" file, but cannot delete it from within WinRAR.

Presumably then it's a self-extracting archive. Possibly it's the self-extracting code itself that's the problem.
If WinRAR can open it, click the "Extract" button and extract everything to a folder. Then you'll have the separate files, scan them and separate the "safe" ones. You can use WinRAR to make a new archive of these if you want.

[Xylob the Destroyer]

good thinking! I'll give it a whirl later on.

[Ai Haibara]

I believe you can also use www.virustotal.com to possibly get a better idea if the file(s) are generating a false positive or not.

How up-to-date are the definitions/etc. for your virus scanner? Have you tried updating them, and then running the scan again?

Another thing that seems to generate a lot of false positives are packed EXEs (those compressed with UPX or other packers).

[Xylob the Destroyer]

Using Norton 16.0.0.125.
definitions updated last night and this morning.