Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With W32/trats


  • Please log in to reply
11 replies to this topic

#1 harrison200

harrison200

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 07 March 2008 - 05:25 PM

Hey there. This is my first post. I've had the w32/trats virus for a few weeks now and it's steadily getting more annoying. At first it was just pop-ups, then my computer started running very slowly and browsing has become a paint at times. Now, I'm also getting both fake Security Software advertising and also pornographic advertising being replaced in areas where regular web ads appear, even on some sites as Yahoo. Need help.

Thanks,

Raf

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:44 PM

Posted 07 March 2008 - 09:53 PM

Please follow the instructions here to remove your SmitFraud problem.
http://www.bleepingcomputer.com/forums/ind...mp;#entry103417

Please do an online scan with Kaspersky WebScanner.
  • Hold down your "Shift" key and click on this link: Kaspersky WebScanner, to open the Kaspersky WebScanner in a new window.
  • Click on "Kaspersky Online Scanner".
    • You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "NEXT".
  • Now click on "Scan Settings".
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK.
  • Under select a target to scan, select "My Computer".
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Upon completion, click on the "Save as Text" button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 harrison200

harrison200
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 07 March 2008 - 11:32 PM

hey Billy,
I did the smitfraud program.

but the kaspersky one wouldnt start up for me in both firefox or IE.


can you recommend another program?

Raf

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:44 PM

Posted 07 March 2008 - 11:33 PM

Try this one:

http://eset.com/onlinescan

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 harrison200

harrison200
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 07 March 2008 - 11:47 PM

I'm sorry, that doesn't seem to work either. After I accept the Terms of Use and hit Start, it's sending me to the next page, but the main part of the page is blank. My IE is just messed up. I never use it anymore anyway. I use Firefox, but that's been getting all the ads on the pages too. And when I'm browsing on it, sometimes I have to reload the pages for them to actually come up. Especially Yahoo and Myspace pages. Also, when I'm browsing, every now and then, I get IE to pop up one of the advertising sites out of nowhere. I just X that out.

Any other programs that might work?

I do have Mcafee but obviously that didn't stop the w32/trats. I also have the companion Vondu virus too. I run MCafee and it locates them, but I guess it's in the registry and keeps coming back.

Should I just run that Hijack This program and post the results, or try another anti-virus program?

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:44 PM

Posted 07 March 2008 - 11:56 PM

I dont like internet exploder anymore than you do ;)

Lets try one more thing.
Open IE, go to Tools -> Internet Options
Click the security tab
Click the "Trusted Sites" section.
Press "Default Level"
Drag the slider all the way to low.
Go to Sites...
Uncheck "require https verification....." in the bottom of the window.
Add this site: http://eset.com
Press ok a ton of times.

Then try http://eset.com/onlinescan again

If that doesnt work, the we'll move on to HiJack This.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:44 PM

Posted 07 March 2008 - 11:59 PM

Oh, and just to let you know, Im trying to get you fixed up before sending you to the HJT team, because they are very busy right now. (I think we're 2 weeks behind right now)
So I really want to get you help here and now before sending you on. :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 harrison200

harrison200
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 08 March 2008 - 12:06 AM

billy,

still doesnt work. it did go to the next step, but i got a drop down saying the browser is trying to run ActiveX and my browser isnt accepting it. then it crashed. lol.

and as soon as i open up IE anyway, the popups start.

next step?

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:44 PM

Posted 08 March 2008 - 12:10 AM

One moment, I want to ask a member one question before I forward you over.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 harrison200

harrison200
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 08 March 2008 - 12:16 AM

thanks.

the main thing is, when i run mcafee, i see the w32/trats listed and repaired. they are mostly in the quicktime folder.
but then they restart over. mcafee doesnt really remove them. and ive read up on a lot of it already. i had trats. haha.

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:44 PM

Posted 08 March 2008 - 12:28 AM

Ok, I have handed this off to the moderating team. They will help you more, or send you on if necessary.

Have a nice night,
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:44 PM

Posted 08 March 2008 - 08:22 AM

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.

If HijackThis will not run, try renaming it. Open the HijackThis Folder, right-click on the HijackThis.exe file and rename it Scanner.exe. Double-click on Scanner.exe (which is still HijackThis) and then run your scan. If needed, change the .exe extension to .bat, .com, .pif, or .scr. Example: Scanner.bat or Scanner.com and then double-click to run.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users