Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan keep trying to re-install...grrrrr


  • Please log in to reply
21 replies to this topic

#1 elliojoy

elliojoy

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 November 2008 - 03:41 PM

Hi Everyone!
I'm new to this site. This is my first post. I'm not a IT professional, just a regular person with a bleeping computer...LOL!

Here's what is happening:

I was infected by trojans via an old version of Java. (which I now have updated) I have Spyware Dr on my computer which quarntined and got rid of all of the junk. (Or so I thought) I've also ran SuperAnti spyware.

The problem is trojans keep trying to download again and again!


SpywareDr notes:
Infection: C:\System Volume Information\_Restore (there's more code here which I can give you, if needed)

Is this an indication that the trojans are in my system restore files? If yes NOW what do to fix this?

I have learned a LOT from reading the post here. I thank you all for the information, you are all great!

BC AdBot (Login to Remove)

 


#2 rick982

rick982

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 November 2008 - 03:47 PM

Download Malware Byte's AntiMalware program. Once downloaded update it. After updating, run the quick scan. When finished click show results, and then at the bottom of that window, hit remove selected. Reboot if asked and you should be fine. Let me know how your computer is after doing that.

Edited by rick982, 01 November 2008 - 03:49 PM.


#3 rick982

rick982

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 November 2008 - 04:37 PM

And yes as you have asked, if a trojan has infected your system restore then there is no point in doing a system restore. If you do a system restore, the trojan is carried along with it since it has infected your system restore files.

#4 elliojoy

elliojoy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 November 2008 - 04:40 PM

WOW, Rick!
Thanks for the advice! :thumbsup: I just ran Malware Byte's. It DID find JUNK. Now, my computer is running faster! I'll know by tomorrow morning if that FINALLY got rid of everything. I will keep you posted. As for now I am very optomistic :flowers:
Thanks again! I've learned so much here!
~elli<----weary from the trojan wars

#5 rick982

rick982

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 November 2008 - 04:40 PM

:thumbsup: Your welcome. Just make sure to keep an anti-virus running on your computer at all times. It also helps to get a firewall too.

Edited by rick982, 01 November 2008 - 04:41 PM.


#6 elliojoy

elliojoy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 November 2008 - 04:42 PM

Is there any way to get the JUNK out of my sys restore??

#7 rick982

rick982

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 November 2008 - 04:43 PM

Yep. Could you post the recent log from the Malware byte's antimalware scan? If you don't know how just let me know.

Edited by rick982, 01 November 2008 - 04:46 PM.


#8 elliojoy

elliojoy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 November 2008 - 04:51 PM

Also one other question about firewalls: My compter runs through a router. I've been told that the router IS my fire wall. Is this true? I am using the Windows firewall currently. (probably not the best)

#9 rick982

rick982

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 November 2008 - 04:53 PM

Yes it is true. The firewalls in the routers and modems are not very strong though. It is best to have both a router or modem firewall and a software firewall. A software firewall i would recommend is ZoneAlarm. Free download and is great. Also, please post your Malware Byte's AntiMalware log of the recent scan. Windows firewall is probably the weakest and most insecure firewall out there. It is no good against anything.

Edited by rick982, 01 November 2008 - 04:54 PM.


#10 elliojoy

elliojoy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 November 2008 - 04:55 PM

This is the Antimalware Byet's Log after I told it to remove the Junk:

Malwarebytes' Anti-Malware 1.30
Database version: 1354
Windows 5.1.2600 Service Pack 3

11/1/2008 4:14:18 PM
mbam-log-2008-11-01 (16-14-18).txt

Scan type: Quick Scan
Objects scanned: 52724
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\JOYCE ELLIOT\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\JOYCE ELLIOT\Application Data\GetModule\dicik.crap (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\JOYCE ELLIOT\Application Data\GetModule\kwdik.crap (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\JOYCE ELLIOT\Application Data\GetModule\ofadik.crap (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\JOYCE ELLIOT\Local Settings\Temp\TDSSb35c.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#11 rick982

rick982

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 November 2008 - 04:58 PM

Seems good. The scan got rid of trojans and a rogue installer. It deleted everything it found which is great. The rogue installer is a program which tricks you into buying fake software. Also, tell me, what did your background of your computer look like?

#12 elliojoy

elliojoy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 November 2008 - 05:11 PM

It was just "micosoft" solid blue. Yes that did chage too! Now I am at something that looks like a star burst or warp.

#13 rick982

rick982

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 November 2008 - 05:12 PM

Hmm, is that a picture you chose for the background?

#14 rick982

rick982

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 November 2008 - 05:13 PM

If not then we have a bigger problem on our hands.

#15 elliojoy

elliojoy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 November 2008 - 05:15 PM

Yes it was. I wondered what happened to it..LOL! I only got a glimpse of it when I shut down the 'puter for a re-boot.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users