FRIHOSTFORUMSSEARCHFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

Help! Trojan!

   Frihost Forum Index -> Computers -> Computer Problems and Support
 


guissmo
Yeah. I'm 95% sure I'm infected with a Trojan right now. But how do I remove it? Since I'm young, I have some limitations. So, I can't buy some stuff because I don't have credit cards or so. I can understand a few computer lingo, so, I feel it's safe to explain it that way.

Please help.

The major problem is that all programs I open end up with an ERROR message (even though the program isn't really encountering an error). So, I just have to shove it to the right side of the screen. But it's annoying. And it might be some "intro" to what the virus really does.

HEEEELLLPP. Sad
Roald
Download AVG and scan your pc, and install a firewall Comodo. They're both free.
guissmo
I'll try that. But I'm gonna need all the programs I can find. This seems very "strong" and "consistent". I can't seem to find the stuff to delete.
mystzero
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here
  5. Please upload extra.txt and post the url here.

What DSS will do:

  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
bukaida
from the information you provided, it is difficult to say that it is indeed a virus.It may appear from a corrupted registry also.Anyway try the followings--

Download nod32 antivirus and install it.It is free for 30 days and is one of the best.before installing it, uninstall any existing antivirus software(Like AVG).Get it from--
http://www.eset.com/download/index.php
Choose the 30 days trial option.

Install spysweeper by clicking on get free scan from
http://www.webroot.com/consumer/downloads/

Scan with both of them one after another. No trojan can escape both of them.

Lastly, if it is a registry or other system problem, install system mechanic
and run it.It will take some time but will definitely fixup your problem.

Get it from--

http://www.iolo.com/sm/7/std/download.aspx

Your problem will definitely be solved. And BTW, always install windows updates and patches.
knullbar
If it's a RAT, try to kill explorer.exe and/or iexplorer.exe/firefox.exe and make sure they don't appear again. Now go on a hunt in the Win/sys32 map for latest changed files, look for something which shouldn't be there.

Then go and check the registry at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components."
Here you must be really careful what you doing, check carefully on every key with ONLY a value named "stubpath".

Last option: AV, it's not reliable to 100% but you might have some luck. I'd recommend you to use NOD32 or KAV. Also a great FW like Agnitum Outpost would be great.
Urban
knullbar wrote:
If it's a RAT, try to kill explorer.exe and/or iexplorer.exe/firefox.exe and make sure they don't appear again. Now go on a hunt in the Win/sys32 map for latest changed files, look for something which shouldn't be there.



What's the point? explorer.exe is a Windows component and iexplorer.exe/firefox.exe are for the browsers IE and FF so how it could make this error?
knullbar
Urban wrote:
knullbar wrote:
If it's a RAT, try to kill explorer.exe and/or iexplorer.exe/firefox.exe and make sure they don't appear again. Now go on a hunt in the Win/sys32 map for latest changed files, look for something which shouldn't be there.



What's the point? explorer.exe is a Windows component and iexplorer.exe/firefox.exe are for the browsers IE and FF so how it could make this error?



I will tell you, the rat injects into IE/FF to bypass the firewalls. If so, you will usually end up with 2 FF/IE processes, to delete the processes you need to delete the explorer.exe process so the rat wont inject again in the session.
After that you can run explorer.exe again...

I hope you got it this time ,

Kindest regards..
scofrezo
In order to properly troubleshoot this issue, it would be helpful to know what these error messages are saying.

I would not advise downloading or replacing software to fix an issue that you do not really understand. Most of the posts here jump to conclusions about your situation.

However, HijackThis is a safe tool to use for creating reports for technicians to get the information needed about what could be happening.

Download HijackThis here: http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

Install the program and run it. At the Main Menu, click "Open the Misc Tools section". Under Startup List, check the box for "List also minor sections (full) and click "Generate StartupList log." This will open a text document. Select all (CTRL+A) of the text and copy (CTRL + C) it. Paste (CTRL + V) into a reply post in this forum.

Also, At the Main Menu, click "Open the Misc Tools section". Under System Tools, click "Open processs manager." Click the "Copy list to clipboard" icon on the top right above the text window." Paste into a reply post in this forum.

I'll get back to you then.

In the meantime, run an online virus scan by TrendMicro just in case.

http://housecall.trendmicro.com/
rowebil
If this trojan does not delete, and close up, try to restore your computer to a earlier time. That may work. It will, and it will delete it forcefully. It will force it to leave. Needless to say, you may still have some leftover files in there from the trojan. So, I say download a Virus scanner, free, and scan your computer, and delete everything it finds.

Download "spyware terminator" for free. Enable AV Clam Antivirus, and then scan your FULL computer. EVERY FILE! Not just efectable files. Now these days, the technology is growing, and more people are trying to find out on how to effect a computer without using a effectable files. Some are succeding on this. You have to SEARCH every file on your computer. Plug in your USB if applicable. Your USB may be the effected drive. A file, on the USB may be effected, and every computer that is be used with this USB or Camera, or flash drive, PSP, iPod, etc, will be effected. Like I said, Technology is growing, and that can do that stuff.

Best of luck!
FunDa
Hey Guissmo, was the problem sorted out ?

No replies from you yet ???
HijackThis would give a report of the changed settings, so you can post it here for all of us to analyse.

Good luck
Indyan
If you still have the problem go and download AOL Active Virus Shield. It is a freeware using Kaspersky engine. That should fix the problem.
vaoger
Indyan wrote:
If you still have the problem go and download AOL Active Virus Shield. It is a freeware using Kaspersky engine. That should fix the problem.


it accually have being change to mc afee pluc aol edition...


by the way..
you can go try the "trojan remover.."
http://www.simplysup.com/
go check it out... Need to pay.. SOrry bout that...
Related topics

Trojan-Clicker HTML IFrame.gv" removal from code help.
Did you hear about Trojan.Brisv.A ? (HELP!)
HELP ME BONDINGS!!!!
Internet Goes of every 20 mins Help??
VERY URGENT! Please Help Me!
Virus Spyware removal need help?
can i help?
help,Bonding
HELP!!
Help me with MySQL Account Maintenance and phpBB 2.0.15 :((
help, change pass my acc in cpanel
help me upgrade php to 5.
Need help adding a domain
help add admin in phpbb forum
How to solve this problem? Thanks
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.