Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected?urgent Help Please!


  • Please log in to reply
10 replies to this topic

#1 SRK62

SRK62

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 09 February 2008 - 12:45 AM

Suddenly when I double click on the desk tp icons like my computer,my documents,recycle bin etc a window with the following warning suddenly comes.
"Your computer was infected by unknown trojan. It's dangerous for your system(critical files can be lost)!Check ok to download the anti spyware program to clean your system!(Recommended)"

I have windows Xp+sp2 and zonealarm,AVG home edition free,Lavasoft and spybot s&d.
In spite of all these I think I am infected?
What should I do now.How can I get rid of this infection?
Please advise me urgently.

BC AdBot (Login to Remove)

 


m

#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,720 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:33 AM

Posted 09 February 2008 - 01:03 AM

Hello SRK62 and welcome to BC :flowers:

The alert itself is caused by malware itself. I hope you didn't download that software because it would really mess you up.

Can you tell us what software that alert told you to download? Can you describe the appearance of the alert?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 SRK62

SRK62
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 09 February 2008 - 07:22 AM

Hello Orange Blossom,
It was rectangular box right in the middle of the screen with words just as I have given except that it was in different lines to command greater attention.Luckily I did not go and download anything from the site as the Mcafee Siteadviser turned red when it was opening.
I might have got the infection while opening a porn site 2 days before while trying out a new video downloader.But I got rid of it by doing an online scan with 'housecall.trendmicro.com'.
But please let me have your comments on this if.What about the 'GarbageClean"?
I might have ignored the warning from McAfee site adviser while trying that downloader and opened a few porn sites but why did not AVG catch it?

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,720 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:33 AM

Posted 09 February 2008 - 03:16 PM

Hello SRK62,

No one security product can catch everything which is why a multi-layered approach to security is best. In addition, malware writers are always 'upgrading' their programs and it takes a while for the anti-malware writers to counter it.

What are you referring to when you say "GarbageClean"? Was that the name of the rogue anti-spyware cleaner?

You are probably right about the source of your infection.

Did you happen to save the log from housecall.TrendMicro? If so, please post it as a reply.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 SRK62

SRK62
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 10 February 2008 - 12:58 AM

Dear Orange Blossom,

trojan horse SHeur and trojan horse downloader zlob uaq were the malwares my computer was affected with.
Garbage clean is the name of an online scan I got from another form.I am not familiar with the name so I did not use it.
One of these trojans also affected my AVG Anti virus as its auto updater stopped working and when I tried to do it manually, error messages were flashed.I did not copy them.So I am not able to give them here.So I had to re install it and update.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,720 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:33 AM

Posted 10 February 2008 - 01:04 AM

Thank you SRK62. I believe we have enough information to begin the disinfection. I'm going to contact someone with more experience to take over from this point.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:33 AM

Posted 10 February 2008 - 10:04 AM

Hello, lets give these a run and see what we find and clean.

NOTE: all blue wording are links to instructions/tools.

First you will need to follow the instructions in our Tutorial
How to remove the Smitfraud / Generic Zlob
NOTE: in the Tutorial after step 7 first press #1,Search. creates a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt.

Now Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Also copy and paste the Scan Log results from the Tutorial.
The report can be found at the root of the system drive, usually at C:\rapport.txt.

Please ask any needed questions,post logs and Let us know how it is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 SRK62

SRK62
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 10 February 2008 - 08:42 PM

Thank you very much for the detailed advice.I will follow them and let you know the results afterwards.Now I have one question.When I need to reinstall the anti virus,there will be a gap in time when the computer is left unprotected.How to plug the gap?
Regards
Kaimal

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:33 AM

Posted 10 February 2008 - 10:15 PM

What antivirus and why are you reinstalling it, I missed that part.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 SRK62

SRK62
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 12 February 2008 - 02:14 AM

Dear Boopme,
I have downloaded everything and done the scan with Superantispyware using its own boot safe option.F8 method did not work for me.Hope that is OK?I did this after cleaning with the ATF cleaner.No malware was detected.I am yet to do the scan with the smitfraud removal tool.I think the infected trojans were removed by the on line scan done with Housecall.Trendmicro.But I will do it anyway and let you have the results.
When the computer was infected it disabled the auto updater of AVG Free Home edition I am using and when I tried to manually update, the whole thing disappeared.So I had to download the file all over again from the net and install.While I was downloading I was without protection?In future if a similar situation comes up again,how can I do it without sacrificing my security?
Is there any screening site or tool through which I can browse safely all the time?It should be able to filter out all malwares/virus.McAfee site adviser seems to be good but certain egreetings sites are not cleared by it eventhough they contain the best greetings as per my taste. 123india.com is a typical case.
Thanks
Kaimal

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:33 AM

Posted 12 February 2008 - 08:52 AM

While I was downloading I was without protection?In future if a similar situation comes up again,how can I do it without sacrificing my security?

Unless the AV vendor offers a manual download page as an alternative to downloading virus defintions to a usb stick from another computer, (or if it does, but the download does not work) you may have no choice but to use the program's auto update feature. To keep risk to a minimum, don't surf the net. Just download your anti-virus updates, disconnect from the Internet immediately afterwards and do a full system scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users