Trojan

[fishinchicks]

Hubby downloaded a trojan virus on his desktop, and now he cannot connect to the internet. Norton is unable to remove it.

Can I download a malware buster and put it onto a flash drive to install on his computer? If I cannot go that route, I'll be taking it in.

He is running Vista, with Norton Anti-virus.

[muddpuppy]

The best thing to do in my opinion is document what is running. that is stopping from getting to the internet. From another machine research the Manual removal prosess for this threat. Boot into safe mode and remove.

The problem I find with adware etc is the machine needs to be uptodat and your removal tools need to be uptodate in order to work properly.

If you could post what the threat is, it would be easier to point you in one direction or another

[Jim Almquist]

There is a tutorial and the software needed on Major Geeks so if you have a good computer that can connect to the web so you can download the software on to a flash drive and follow instructions you should be good to go. I just did the repair part and did not post any results but it did get rid of 172 trojans and is still running good today.

[fishinchicks]

Thanks for the replys, guys.

I believe it was something related to mywebsearch. It disabled the Norton antivirus, so I uninstalled that, and installed a different brand. I was finally able to log onto the internet under the administrator user name after hubby finally remembered his password.

The malware had messed up the router settings for the dsl as well, but I was able to reset the internet connection by replicating the settings under the admin user. I was also able to update the virus definitions on the new software before I switched to the infected user. I am currently rescanning the computer, so hopefully this will kill the malware.

While I was waiting for hubby to finish moving grain and remember his password, I tried a few other ways to get around the malware without success. Biggest lesson learned today...don't let hubby on the internet when he is tired, and make sure I have everything up to date so he doesn't have to worry about installing anything.

[fishinchicks]

Update: Three Viruses found

FakeAV-BV

Badsrc-D

Generic-A

The FakeAV-BV is the one that caused all of the problems.

[Dbl]

Try running Malwarebytes as well. Nifty free program that does a very good job. Glad you are back up and on the right track!

[upnorth]

Some tips for removing these dang things.

1. Update your Anti Virus, if you can't get to the internet download the new virus definitions to a USB drive and run the install, probably do the same for Malware bytes and CCleaner.

2. Download CCleaner

3. Download Malware bytes

4. In windows explorer go to the Windows folder and delete the Prefetch folder, just the prefetch folder not windows, this is where malware and other re-occurring viruses, malware, spyware etc normally put themselves to be re -installed. Don't worry windows will recreate the folder when you reboot, so don't reboot til you are done. This makes removal of malware much easier as it can't re install it self. If you have to reboot delete the folder again.

5. Run CCleaner this will clean out an amazing amount of junk from your PC

6. Run Malware bytes.

7. Run your anti virus app.

8. At this point if you still have a problem, you really have a problem and will have to decide how much time you are willing to spend fixing this compared to getting your data off and doing a clean install. You can still get it removed but you will spend some real time on it.

9. Make sure you keep your Anti Virus and Anti Spyware definitions upto date.

10. Final tip. Do not, and I repeat do not install anything from any HSOforum that you get pointed to for install an app or driver or any thing, quite often these are just a way to get you to install spyware. If you need an application, driver, etc to run or view something go find it yourself. Preferably from a reputable manufacturer or device vendor. There are plenty of reputable shareware/freeware sites that you can free apps from.

[fishinchicks]

Thanks Dbl and upnorth. I'll be printing your list just in case, upnorth.

Today I will be downloading and running Malwarebytes. His Norton was supposedly up to date on its virus definitions, but the new antivirus cleaned out about 60 cookies, four adware type files, and three major malwares. It detected one of the malwares, but was unable to remove it.

I run AVG on my computer, and haven't had any issues. It catches things better than Norton or McAfee in my opinion.

[upnorth]

Some AV suites have Anti Spyware rolled in and some don't. I run Mcaffee at work, Symantec on my laptop and AVG on 2 PCs at home. I have yet to get nailed from any of them in quite sometime. But I live by the rule of don't click anything to download a program that I get directed too from any site. I also have rule of not clicking inside of any suspect window to cancel for any of the redirects. I always close the window by clicking the X to X out or if that don't work I use task manager to kill the web browser and if that fails I find the process in process under task manager and kill the process. Who knows if cancel really means cancel in a window of an attack sites window. I may be a little paranoid, but part of my job where I work is network security and firewalls. I have watched enough webinars to see a lot of stuff that they try to do and they are sneaky little turds

[fishinchicks]

But I live by the rule of don't click anything to download a program that I get directed too from any site. I also have rule of not clicking inside of any suspect window to cancel for any of the redirects. I always close the window by clicking the X to X out

Good to know I do a few things right. I may have a sit down with hubby and the kids to go over this stuff again.

Could it be possible that some of the newer viruses coming out have code in them to prevent the more popular antivirus software from taking action? When I was looking at the Norton antivirus log for the source of my problems, one target was symantec. It was unable to take action on that one.

[upnorth]

Many of them do and if you get hit before the AV companies find the ploy is does get by. I know a few AV apps have anti tamper features, but have not looked at that for a while and it is a feature that can be turned on and off be the end user.

[JollyT]

You are actually better off right clicking the pop up, and choosing "close" on the menu list. There have been pop ups written where the "X" actually activates the Trojan.

[upnorth]

The X is part of windows. Could it be used to activate an install app? Maybe, but I have not heard of an actual case of it as of yet.

[BobT]

upnorth, what are your thoughts about HijackThis? I've used that in the past to clean up registry infections. Just have to be really careful about what you let it fix but I also found some very helpful tutorial information to help sort through it all and if you don't know, you can send a log file and have them help.

[Dbl]

I use Hijack This and if you have the time to let someone read and recommend line by line removal it is a great program. I have always removed everything reading the log file myself, that works if you have an idea what is running on your computer. If you don't....better to leave things alone so you don't remove something critical. I think you hit the nail on the head when you said you need to be really careful.

[upnorth]

Hijack Yhis is a very good tool along with a few other that I have in a folder somewhere that I have used in the past. But like Dbl already said it is a time consuming tool and even tho it works well, it takes time to go through every thing. Malwarebytes on the other hand is a quick, simple, efffective tool that does a good job fairly easily. It is easy for most general users to use. Adaware and spybot used to be my go to tools but the the dang hackers have evolved too. I won't spend a lot of time on most PCs unless it is somebody like me that has so many apps and tools installed that it can take days to install and fine tune.

Anytime you are messing with anything in the registry, back the registry. Or if you know what keys you are removing, or editing export those keys in case you need to revert back.

[lotsofish]

Booting into safe mode will usually let you access the computer when the normal login doesn't work. Before you get the Windows loading screen, hit F8 a few times until a menu comes up, then choose Safe Mode with Networking. Running the malware/virus scanners in safe mode can work sometimes if you can't get in otherwise.

Also, if you ever do get an infection, as a precaution you should always remove and then reinstall your antivirus. Many of the more "popular" malwares will cause problems that will break your protection.

[upnorth]

Quote:

Also, if you ever do get an infection, as a precaution you should always remove and then reinstall your antivirus. Many of the more "popular" malwares will cause problems that will break your protection.

That is why more than a few AV apps have tamper protection.