Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Situation- A Question About The Next Step.


  • Please log in to reply
8 replies to this topic

#1 ze_shoopuff

ze_shoopuff

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:04:35 PM

Posted 22 October 2007 - 06:11 PM

Hello. Here is my situation.

My desktop is gone. Now I have this black screen and a message in red letters saying that my IP address has been used by someone else (something like that).

Right away when Windows starts up, some pop window says something about 'nursr' starting up too.

I have been infected with Adware & Trojan Downloader. After finding this website and reading about Trojans, I learned how to sign in on 'safe mode' and have also downloaded 'Autoruns'.

I guess my question is- Now that I have Autoruns, how do I determine what to get rid of? There are so many?

Any ideas would be greatly appreciated.

Thank you.

ze_shoopuff

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,507 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:35 PM

Posted 22 October 2007 - 07:49 PM

One thing you could do while in safe mode is to perform a "system restore".
Once in safe mode you can then access system restore just as you would normally from the Windows XP desktop (Start>Accessories>System Tools>System Restore).

Post back with whether the restore was successful or not. Be sure to restore to a date before you got infected.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 ze_shoopuff

ze_shoopuff
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:04:35 PM

Posted 22 October 2007 - 07:54 PM

One thing you could do while in safe mode is to perform a "system restore".
Once in safe mode you can then access system restore just as you would normally from the Windows XP desktop (Start>Accessories>System Tools>System Restore).

Post back with whether the restore was successful or not. Be sure to restore to a date before you got infected.


Thank you for responding, buddy215:thumbsup:

Yes, I tried the system restore 5 times, it didn't work and I am sure the times were before the infection date.

After each attempt, it said- Nothing on your computer was changed.

z_s

#4 buddy215

buddy215

  • Moderator
  • 13,507 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:35 PM

Posted 22 October 2007 - 08:06 PM

Can you still download programs? If you can, follow the directions below.
Install Super Antispyware free. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

I am not sure which malware is causing the problem and SAS is very effective at finding and removing several.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 ze_shoopuff

ze_shoopuff
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:04:35 PM

Posted 22 October 2007 - 08:20 PM

Can you still download programs? If you can, follow the directions below.
Install Super Antispyware free. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

I am not sure which malware is causing the problem and SAS is very effective at finding and removing several.


Yes. I can still download programs. I bought Norton360 and installed it and scanned ect... It removed some problems, but the others are still there.

My anti-virus software expired and I was momentarily unprotected and that's when the viruses occured.

I will now try this program that you've suggested.

Thanks,
z_s

#6 ze_shoopuff

ze_shoopuff
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:04:35 PM

Posted 22 October 2007 - 08:29 PM

I downloaded the SAS program, but when I tried to install it, I got a message saying-

The system administrator has policies against installing this program.

#7 ze_shoopuff

ze_shoopuff
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:04:35 PM

Posted 22 October 2007 - 08:31 PM

Okay, I tried it again. This is the word for word message I got-

The system administrator has set policies to prevent this installation.

#8 buddy215

buddy215

  • Moderator
  • 13,507 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:35 PM

Posted 22 October 2007 - 08:46 PM

Okay, give Smitfraudfix a try. Read and follow the directions carefully.

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:35 PM

Posted 22 October 2007 - 08:50 PM

Are you logging in on an "Administrator Account" or an "account with administrator privileges"? You can also Use the "Run As" Command to Start or install a Program as an Administrator.

I have Autoruns, how do I determine what to get rid of? There are so many?

If you are unsure what any of the program entries are or if they are safe to disable, then do a search on Google or at one of the following databases:
BC's Startup Programs Database
StartupList Index

Anytime you come across a suspicious file which you cannot find any information, the file has a legitimate name but is not located where it is supposed to be or you want a second opinion, then submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Then post back with the results of the file analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users