Jump to content
Posted 23 June 2009 - 01:55 PM
Posted 26 June 2009 - 04:38 PM
Backdoor Trojans are the most dangerous and most widespread type of Trojan. They provide the author or "master" of the Trojan with remote "administrative" access and control to the infected machines. Unlike legitimate remote administration utilities, backdooors install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more. In other words, take over the control of your computer.
Disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
In addition to the backdoor Trojan that has been identified, your computer has other infections as well. Although we can attempt to clean this machine, we cannot guarantee that it will be secure afterwards. Your best and safest course of action is a reformat and reinstallation of the Windows operating system.
You have two options now, and how we proceed here, will depend on which choice you make. If you want to attempt to clean the machine, we can, but you will not know if the trojan left an entry to your machine which we can't identify. The other choice would be to reformat and reinstall your operating system. I'll post a couple of links to help you with the changing of your passwords, and if you want to reinstall, instructions for that. This decision depends to some degree on what the computer is used for.
Finally, you should be aware that even if we successfully remove these infections from your computer, some parts of the computer's system may be altered by the removal process itself, which could prevent it from ever regaining its former stability or full functionality without a reformat.
Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
If you have any questions, please ask.
Please post back to let me know what you've decided.
If you're running XP, please run ATF cleaner according to the following instructions. If you're using Vista, please skip this step and continue with step 2.
Please download ATF Cleaner by Atribune & save it to your desktop.
Please download Malwarebytes Anti-Malware and save it to your desktop.
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable security programs or permit them to allow the changes.
Click on Kaspersky Online Scanner
Note: you'll need to run this scan with Internet Explorer with ActiveX enabled.
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Posted 29 June 2009 - 10:25 PM
Posted 30 June 2009 - 12:35 AM
Spybot and SpywareBlaster can be used simultaneously with other protection software without causing conflicts. Some antivirus software is throwing up warnings about Spybot, but these warnings are an annoyance to try and get people to stop using Spybot. There's a court case going on about this.
Spybot Search & Destroy:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Using SpywareBlaster to protect your computer from Spyware and Malware
Update all antispyware programs regularly
Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
In the previous instructions I mentioned that you are missing the service packs for Windows. The easiest way to correct this is to set your computer to accept automatic updates. This will ensure that the updates are installed in the recommended order. To make sure they are turned on, go to Start > Control Panel and double-click on Security Center to open it. At the bottom you'll see four icons. One of these is Automatic Updates. Click on this, and in the small window that opens up, check Automatic (recommended). For further reading about windows updates and if you wish to install the updates manually, please see the information in the box below.
unpatched Windows systems are a security risk to everyone on the internet. Malware spreads faster and more extensively. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. So keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. Here is some more information about using updates:How to use Microsoft Update. Further information can be found at Windows Xp Service Pack 3 (sp3) Information
You can check for and install Microsoft applications at Microsoft applications
Please reboot and repeat the update process until there are no more updates to install.
Practice Safe Internet
Below is a list of simple precautions to take to keep your computer clean and running securely:
[*] If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
[*] If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
[*] If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
[*] If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.
There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
[*] Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
[*] Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
[*] When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
[*] Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
[*] Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
[*] DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
(unless you are using ZoneAlarm Security Suite or something similar, then you would secure the browser thru the firewall).* From within Internet Explorer click on the Tools menu and then click on Options.
* Click once on the Security tab
* Click once on the Internet icon so it becomes highlighted.
* Click once on the Custom Level button.
* Change the Download signed ActiveX controls to Prompt
* Change the Download unsigned ActiveX controls to Disable
* Change the Initialise and script ActiveX controls not marked as safe to Disable
* Change the Installation of desktop items to Prompt
* Change the Launching programs and files in an IFRAME to Prompt
* Change the Navigate sub-frames across different domains to Prompt
* When all these settings have been made, click on the OK button.
* If it prompts you as to whether or not you want to save the settings, press the Yes button.
* Next press the Apply button and then the OK to exit the Internet Properties page.
Also see the following:
Working with Internet Explorer 6 Security Settings
Use a different browser other than IE (most exploits are pointed towards IE). One of them is Firefox
It is also worth trying Thunderbird for controlling spam in your e-mail.
Free software for keeping your computer safe
And more freeware programs regarded as useful by the users of this forum:
Commonly Used Freeware Replacements
Please also have a look at the following links, giving some advice and suggestions for preventing future infections:
0 members, 0 guests, 0 anonymous users