Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Got Dinged With A Trojan


  • Please log in to reply
9 replies to this topic

#1 vetmilcop

vetmilcop

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 02 December 2007 - 04:06 PM

Hello. I recently clicked on something I shouldn't have and wound up with a Trojan. I have managed to get rid of almost all the malware except for this one. When I log onto the Web, I get a page with an apparent legitimate Windows warning about I have malware/spyware and to click on the link to clear it up. That sends me to "antispywareupdates.net. I can get to my home page, but when I want to get to a different site (like this one) I sometimes get a blank page and have to refresh. If I go back a page, I get a blank page until I refresh.

Anyone got any ideas about where I go in my PC to clean this out or software to help?

Thanks in advance.

Trooper (my BF2 nick)

Edited by vetmilcop, 02 December 2007 - 04:24 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:07 PM

Posted 02 December 2007 - 04:32 PM

Hello vetmilcop and welcome to Bleeping Computer, Please run these...

Follow these instructions: How to remove the Smitfraud / Generic Zlob
From Normal mode Next:
Download,install (save to desktop),update SUPERAntiSpyware.. ..
Now reboot PC into Safe Mode. How to start Windows in Safe Mode
Scan by clicking on the Super icon on the desktop or Look up Superantispyware in the programs list.
Scan the root drive (usually C:\)
Quarantine all found.
Reboot back into normal Mode.
Let us know how it went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 vetmilcop

vetmilcop
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 03 December 2007 - 03:04 AM

Thanks for the quick reply, boopme. I work grave shift so I had to go to bed. I am now at work, but will try this when I get home. I forgot to mention whatever is griping my PC willnot allow me to boot into safe mode. It will get to the safe mode screen with safe mode in the corners, then go to the "windows is starting" screen and reboot normally. If following what you have put down will allow me to get into safe mode, then my battle is halfway won.

I will post more after I get home and try your suggestions. :thumbsup:



vetmilcop

#4 vetmilcop

vetmilcop
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 05 December 2007 - 03:53 AM

Ok, so far I was able to run Smitfraud.exe, although not in safe mode. I did not have enough time today to try the info I found about the boot disk and the boot.ini file. I will try that in the next day or so since I have a couple of vacation days. Smitfraud did find some stuff, which it removed. SAS found 435 different pieces of crap (417 adware cookies) which were also removed. The official-looking web page that says I had spyware is gone, but I think I will have to run Smitfraud.exe in safe mode to run get rid of everything.

I do have Adaware, Spybot S & D, Spyware terminator, and SAS to work with. They all find something, so I know I am not cured yet.

Thanks for your help, boopme. I will post again when I have gotten into safe mode to run Smitfraud .exe.


vetmilcop

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:07 PM

Posted 05 December 2007 - 09:55 AM

Ok good job. Yes at least try running the safe mode. Let us know when you've completed it all as there is a final step..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 vetmilcop

vetmilcop
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 07 December 2007 - 02:28 AM

OK, still cannot get into Safe Mode and I don't feel safe in mucking around with changing files names. I am continuing to run SAS, Spyware Terminator, Spybot S & D and AVG to check. All I get is some cookies, nothing major. What else would you suggest I try?

Thanks for your help and these forums are great!!


vetmilcop

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:07 PM

Posted 07 December 2007 - 10:35 AM

Good news ...last step is to create a new Sysytem Restore Point. This will prevent possible accidental reinfection from restoring your Computer to an earlier infected date. Malware somtimes remains in restore points as they are closed to the scanners.

Go to Start > Programs > Accessories > System Tools and click "System Restore".
Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then use Disk CleanUp to remove all but the most recently created Restore Point.
Go to Start > Run and type: Cleanmgr
Click "OK".
Click the "More Options" Tab.
Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,069 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:07 PM

Posted 07 December 2007 - 10:37 AM

Go to Start Run and type: regedit
  • Click OK.
  • On the left side, click to highlight My Computer at the top.
  • Go up to File Export
    • Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put RegBackup.
  • Choose to save it to C:\
  • Click save and then go to File Exit.
Download SafeBootKeyRepair.exe by sUBs and save to your desktop.
  • Double-click on it and follow the instructions.
  • When finished, let us know whether you can access safe mode or not.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 vetmilcop

vetmilcop
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 10 December 2007 - 06:40 AM

Thanks for your replies, boopme & quietman 7. I will try quietman's recommendation later this week when I have some time. I really appreciate all the help. I think I have most of the problemware removed, but I will give quietmans' idea a run.

I will post back when I have done this.

Thanks again!!

vetmilcop

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,069 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:07 PM

Posted 10 December 2007 - 08:24 AM

Your welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users