Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Shuerz?


  • Please log in to reply
10 replies to this topic

#1 jofus1959

jofus1959

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 16 March 2009 - 03:33 PM

Hello Folks,

Working on a buddy's computer. He said he was having trouble with trojans popping up all the time. Used AVG to get rid of, but they returned. The last time he booted up, the screen displayed a message about a Trojan Horse Shuerz?? Don't know exactly whay he has done. I also don't know his system hardware because he had another friend of his build & didn't supply documentation - (what are friends for?). I can't replicate it because the computer automatically boots to the safe mode command line without prompting everytime. Any help would be appreciated.

Thanks,

Jofus1959

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:34 AM

Posted 16 March 2009 - 04:34 PM

Hello and welcome, let's start with a scan and log.
run MBAM:
Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jofus1959

jofus1959
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 16 March 2009 - 06:28 PM

boopme,

I wish I could get to the desktop. Upon power up it immediately boots to Safe Mode, I pick a user and then it gives me the command line - no desktop. If I try using F8, any option I pick, it always boots directly to the command line. The only way I've found to stop this, is to insert the WinXP disc. It then starts the install process. Also, the computer is totally offline, so I'll be using a USB drive to transfer files. What next?

Thanks

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:34 AM

Posted 16 March 2009 - 07:00 PM

Dang!! Please look at quietman7's post #5.. If you cannot bootup in normal or safe mode
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jofus1959

jofus1959
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 17 March 2009 - 04:52 PM

I"ll check it out and get back to you.

#6 jofus1959

jofus1959
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 11 April 2009 - 11:58 AM

Sorry for the long delay. After reading the article, I still could not get the computer to boot properly. I removed the drive and installed it into another computer as a slave drive. This allowed me to remove Packed.Generic.200 and a few other malicious problems. After reinstalling the drive back into the original computer, still no luck. Booted from the WinXP install cd & chose install new copy & then tried to do a repair of the existing OS. EVerthing went fine. When it tried to restart setup to complete the installation, it keeps automatically booting into safe mode, without any input from me. Then screen displays that setup cannot run in safe mode. Any ideas?

Thanks for your patience!

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:34 AM

Posted 11 April 2009 - 08:29 PM

Hi, Is a full wipe and reinstall an option here. As usually with a safe mode error it is the best thing to do.
2 guidelines/rules when backing up your files.

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe's, .scr, .com, .pif etc... as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 jofus1959

jofus1959
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 12 April 2009 - 09:17 AM

Yes, a reformat & reinstall are a last resort. I've already done a backup of the disk after all the virus signatures were removed. I tried a recovery using the Recovery Console. This let me get to the command line & I was able to look at the boot.ini file. It looks like safemode is being called out for every boot. I thought I might try editing this. What's the worst that could happen? If it doesn't boot at all, I'm back to doing a reinstall. Thoughts?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:34 AM

Posted 12 April 2009 - 01:30 PM

Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.
Use the free version of Active@ KillDisk.
Or Darik's Boot And Nuke

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech

Of course also feel free to ask anything on this in the XP forum. They'd be glad to help.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 jofus1959

jofus1959
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 13 April 2009 - 09:14 AM

Okay the problem is finally resolved. I went into the Recovery Console and did a bootcfg /rebuild & added no options. This allowed the system to reboot into safe mode normally, instead of going directly to the command line. It also created an additional Windows installation choice to boot from. I selected this & it continued into safemode. I then started msconfig & edited the boot.ini file removing all the checked option boxes. Then on the general tab I selected the "boot from original ini file" & restarted the system. Everything came up fine except for the video resolution which I changed in the Properties tab. I then ran Norton Enterprise Security 3 times to check for viruses & malware & it came back clean everytime. Seems to be running just fine. This might seem a little unorthodox, but hey, whatever works. Thanks for all your time & effort!!

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:34 AM

Posted 13 April 2009 - 08:41 PM

Hi, no that was a great job.. Please run the MBAM program anyway to be sure as no one application will get them all.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users