Trojan!!

[vinnym86]

I was watching a streaming video of a Bugatti on a test track, and the sound came, but not the video, and there was a box that said i need the proper codec. so, ok, i go get that codec, and BAM... i've got a trojan. I should have known better, i've always been wary and never gotten infected before, always had a clean computer, and now... well, lets just say Wayne Brady's gonna hafta choke a bitch...

I've been running Ad-Aware, Norton Anti-Virus, and eWido Anti-Malware, and they've taken out infected files, then i reboot, and they seem to still be there. I keep getting pop-ups even when i'm not browsing, and they're all the same: either an ad telling me my computers been infected and i need to download some wierd antivirus to get it out, and "horny teens in my zip code!"... also, my homepage which was AF.com is now this, even after i change it back in internet options:



(sry for that large image)

and right away as soon as i open my browser, i get this:




...Does anyone know how i can get rid of this bastard? I had just formatted several weeks ago, so if that's the only solution, i'll do it... but it'll be a bitch... thanks for any help

[MonsterBengt]

Hmm.. the times i've had trojans, they've been files that i just had to change the extension of, then they dissapeared and the files could be deleted. You should download Avast! Antivirus. Just google it, im unsure of their site. I've had it for along time and it gets rid of trojans quick and easy.

I never, ever download codecs. You shouldn't either. Nor 'licenses'. If you get a suspicious video (dont work properly) delete it immediatly.

[Moppie]

Oh dear, you really have gotten got.

It sounds like you have really nasty little bastard, that writes itself 3 differnt files, that then spend all day checking with each other. As soon as you try and remove one, the other two rewrite it somewhere else, all the time making changes to your registry.
I can't remember whats its called, but, there is only really good way of getting rid of it. And thats a format.
Every other method Iv seen has involved the use of "fileshredder" and multiple registry changes.

[Neutrino]

well vinny, this is not a told you so, but do you now see why we keep advocating the use of Firefox or Opera in the other tread. This thing most likely installed itself through the ActiveX functionality of Internet Explorer then gain direct access to any and all your system due to the fact IE has basically "root" priveledges in the windows system.


Now onto the removal. The first thing you do is: window key+pause, when the system properties opens select system restore and disable it. From the sound of it its using it to reinstall itself each time it gets removed.


No try the removal procedure again. Afterwards go here:
http://www.kaspersky.com/ ----- probably the ebst at scanning archives
and here:
http://www.bitdefender.com/ ----- very good heuristics


And run their free online scans. The last one in particular will be useful since it will attempt to remove stuff too not just report it. If you keep getting strage errors it means the piece of malware is blocking access to security sites and we'll have to edit your hosts file.

You might also give a try to the trial version of Nod32 its an excellent antivir app. Just make sure you don't run two antivir apps in the same time.


monster avast its ok if you are on a budget but I've seen it fail numerous times personally to know its quality is so-so. Oh and downloading codecs is not different from downloading any of the other stuff on the internet. What it matters is where you get it from.

[Oz]

Just a quick suggestion - do all of the above, get those antivirus and antispyware apps and update their defintions, then boot into safe mode and run them, remove whatever they find.

Good luck Vinny.

[vinnym86]

thank you guys. I turned off system restore and ran norton one more time. It found the corrupt registry keys and corrupt executables, but couldn't do anything about them. I rebooted in safe mode and found them myself and deleted them. Ran norton and ewido again, and it cleaned up pretty well, i'm not having any problems so far...
I did the online scan from bitefender.com and it found 6 more malicious files and deleted them. I don't know if it's clean now, i'll keep running different anti-vir's and see whats up, but til' then i'm not doing anything online that reveals important info such as banking activities. if anything lingers after a week or so, i'm just formatting again.
thank you all again for the help

[Neutrino]

as a temporary fix: If you do need to do something that requires a secure OS download a linux Live CD like Knoppix or Ubuntu and use it. It will not install anything and run straight off the CD bypasing virus infected drive and all.

[Oz]

Seriously, uninstall Norton NOW and install and run NOD32, if you want a copy that doesn't have time limitations copy PM me.

[mellowboy]

I heard lots of good things about NOD32. Too bad I can't find that program anywhere in retail stores.

[Neutrino]

Its true Nod32 is quite good, its what I'm using right now actually. Anyway mellow i do not think Nod32 is sold as retail but you can purchase an online copy here:

http://www.eset.com/purchase/index.php


Another antivir that i also higly recomend is bitdefender. As you have already seen in the only free scan its very throurough and even without definitions it can catch a good amount just through heuristics. The standard standalone antivir is also quite cheap:
http://www.bitdefender.com/site/Buy/products/

here is a good review of a few of the most popular antivir programs:
http://www.pcworld.com/reviews/artic...63,pg,1,00.asp

[vinnym86]

Well, I uninstalled ewido and norton, and have NOD32 now. also installed firefox again. As far as my knowledge, i've cleaned up that trojan, but then again, it could still be hidden in there, right? i'll keep scanning and if nothing shows up, i guess it was sucessfully removed. thanks again for the help

[Neutrino]

Well if you scanned with all that and it still comes clean then its a fair chance you are clean. However me personally i never have 100% trust in a compromised system especially in light of how advanced some of the new rootkits are.

Here try this other tool that is for now still free:
https://europe.f-secure.com/blacklight/

its a rootkit scanner

[Toksin]

As an aside, I've used Avast! Antivirus for about a year, it's fantastic. Functions as an antispyware app as well. And it's free.

[mellowboy]

Quote:

Originally Posted by Neutrino

Its true Nod32 is quite good, its what I'm using right now actually. Anyway mellow i do not think Nod32 is sold as retail but you can purchase an online copy here:

Yeh im planning to purchase it today. I also downloaded spybot. Ran it and it found so much crap on my computer. I just bought the damn thing like a month ago.

[vinnym86]

I ran the rootkit scanner, and it turned up nothing. I think its clean, finally, but i'm still going to hold off from online shopping/banking for a while... just incase.