Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Backdoor Agent Iql (identity Theft)


  • Please log in to reply
17 replies to this topic

#1 Vince86

Vince86

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 17 July 2007 - 05:46 PM

Hi i just been charged 3 times on sum adult website for stuff i havent done. So i went on and cancelled my acct and put out a fraud alert. Now i scanned my computer today and found trojan horse backdoor.agent.IQL with avg antivirus. Its been happening since may 2007. I havent had the chance to put do a scan on spyware but i will soon. I have a few questions on what i should do now? Has my SSN been stolen??? i have recently tried applying for colleges and i put my ssn on the forms to be sent online. could this info have been stolen?? How could i have my credit card stolen? By keylogging, if so what do i do now? Please help me im so distressed i want to buy a new computer just to get rid of the virus. thank you!

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:09 AM

Posted 17 July 2007 - 06:13 PM

You have to assume every piece of private/financial information has been retrieved from your computer by the backdoor trojan. All of it.
The only sure way of knowing that this type of malware has been completely removed and left no access that can later be used to hack your computer is to wipe the drive and reinstall. You should change all passwords using a different computer and notify criedit cards, banks, paypal, etc.

Here are two programs you can scan with and you should also post a Hijack This log.

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

Edited by buddy215, 17 July 2007 - 06:15 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 17 July 2007 - 07:19 PM

hi, i just posted a hijack log but also i found an error while scnning with spybot. it said during the scan "There were problems in the include file c:/program files/spybot-search_destroy/includes/trojan.sb. see include errors.log for detail."

Also how should i wipe out my hardrive i heard u need to use 2 computers to do that? one to delete the other completely. and i also wouldnt know how to do it either. can anyone help or advise on what to do.

#4 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:03:09 AM

Posted 17 July 2007 - 07:26 PM

Immediately disconnect this computer from the internet, call all your banks/credit cards. I also recommend immediate wipe of the hard drive and reinstalling everything.

what kind of computer do you have?

Edited by oldf@rt, 17 July 2007 - 07:27 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#5 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 17 July 2007 - 07:26 PM

dell inspiron 9200 laptop

#6 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 17 July 2007 - 07:28 PM

i have called my bank and credit card companies and requested cancellations and bank fraud alerts. i have filed for new credit cards and i just wanna get this problem fix asap!! please :thumbsup:

#7 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:03:09 AM

Posted 17 July 2007 - 07:30 PM

tap the {CTRL F11} keys when you see the dell logo on screen this will put you into the recovery program WARNING THIS WILL ERASE EVERYTHING ON THE HARD DRIVE AND THE LAPTOP WILL BE LIKE BRAND NEW if you have anything that you need to save do not do this.

i have called my bank and credit card companies and requested cancellations and bank fraud alerts. i have filed for new credit cards and i just wanna get this problem fix asap!! please sad.gif


You have a hijack this log pending. you can wait and see it the team member that helps you can completely eliminate your problem.

Edited by oldf@rt, 17 July 2007 - 07:33 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#8 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 17 July 2007 - 07:32 PM

i have music on my computer that i want to save, but by saving it wouldnt i be transfering the virus to the cd backup? please stay here im sorry, im refreshing the page constantly for new info

it isnt true that you would need another computer to flash the drive?

#9 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:03:09 AM

Posted 17 July 2007 - 07:39 PM

No, you do not need another computer. if the laptop has a burner, you can save the music to a blank cd or dvd, you should scan it with an antivirus before you copy to the new installation on the computer. You can also run the file and settings transfer wizard, and just transfer the files. If you do this tell the wizard that your on the old computer.

Edited by oldf@rt, 17 July 2007 - 07:40 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#10 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 17 July 2007 - 07:42 PM

would u suggest deleting my whole harddrive rather than deleting the virus?

#11 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:03:09 AM

Posted 17 July 2007 - 07:54 PM

1. Call the credit card company that the charges were on, and contest the charges.

So i went on and cancelled my acct and put out a fraud alert.


2. I would recommend that you completely redo everything on the laptop. Whichever member of the hijack this team that replies to your hijack this log may have a different opinion.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#12 Trevuren

Trevuren

  • Malware Response Team
  • 1,006 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:06:09 AM

Posted 17 July 2007 - 08:51 PM

Your computer appears to have been infected by a backdoor trojan. These programs have the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

* Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
* Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
* Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

If you wish to reformat then please let us know in the same thread as your HJT log.
Microsoft MVP - Consumer Security 2008 - 2009

Posted Image

#13 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 17 July 2007 - 09:42 PM

yes i have changed my pws on all other accts. i have found the trojan in avg antivirus but the problem is, i have scanned before for viruses and it hasnt showed up b4. The first unauthorized transaction occured in may 2007, and i had done scans inbetween then and now. And suddenly today i figure out i had false charges, and the avg picks up the trojan. Is it still hiding in my computer?

#14 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:03:09 AM

Posted 17 July 2007 - 09:51 PM

It is probably still in there somewhere!.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#15 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 17 July 2007 - 10:10 PM

just how long would it take reformatting my computer??? im considering doing it, would it be a hard task reinstalling everything?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users