Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

So stupid, yet so stuffed! Trojan Zlob help please (I think)


  • Please log in to reply
1 reply to this topic

#1 blackberryx

blackberryx

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 16 July 2009 - 08:35 AM

I have windows vista on another laptop but when I downloaded a file from the internet it prompted me to download a licence. I saved it so I could then scan it before I open it just incase there were any viruses. AVG said it was ok so I opened it and from that moment on whenever I try to open firefox it says it has crashed (when I say I want to restore it it just displays the same message again). I tried to go back in time using a system restore point but when my computer reloaded it said it didnt work because of a 'disk problem'. The same happens with IE - crash (which I never use and when I havent tried to open the program.

I have already scanned my computer with avg free and two trojans (name in the title) have been found and deleted. They were in the temp files so I have gone into the temp files and deleted the last few days worth and then tried to restore again but now it says i have no system restore points?

Avg has found another trojan and I just dont know what to do. I cant restore, I cant get onto the internet to download any more software to kill this horrible thing?

I then tried to install spybot s&d via memory stick as I have no internet access on the infected one and it wouldnt let me install it. I have downloaded and transferred kaspersky virus removal tool which I have ran (and it showed up two trojans in the recycle bin which I emptied).

I opened IE with my internet turned off in safe mode and it showed up loads of weird dodgy looking websites in the history in the last two days when I have had no access to the internet. I restored the factory settings on IE thinking that they have just been f****d up and went back into normal mode and I still have no joy.

I have also checked and the windows firewall/defender is off so i'm not sure of the next steps to take.

I have also tried to make a restore point and it won't let me do that either.

All help is much appreciated.

BC AdBot (Login to Remove)

 


#2 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:08 PM

Posted 17 July 2009 - 08:29 PM

I would start out by doing a scan with Malwarebytes and then SuperAntiSpyware. Since you cannot access the internet with that computer, you will have to download the programs to another computer and save them to disk or usb and then transfer them to the infected one. I do not know how to have you update them before installing them though, but maybe running them unupdated and allowing them to fix whatever they find will be enough to get you back on the internet to where you can update them and then run them again.

Malwarebytes can be downloaded from any of these places...

http://www.malwarebytes.org/mbam.php

alternate download link 1
http://malwarebytes.gt500.org/mbam-setup.exe

alternate download link 2
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

Double-click on mbam-setup.exe to install the application. (If it will not download, install, or open after installation, change the name of it to whatever you want and change the .exe extension to .bat or .com or .pif or scr and then double click on it to run.)

When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:

Update Malwarebytes' Anti-Malware (guess you will have to skip this one for now)
Launch Malwarebytes' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.

Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process.

After running that scan, post the complete log of the results here and then install SuperAntiSpyware, update (if possible) and run a quick scan with it and post the complete log of the results here. This scan may take some time to complete so please be patient.

That can be downloaded from SuperAntiSpyware.com

If it will not download, install, or open after installation, change the name of it to whatever you want and change the .exe extension to .bat or .com or .pif or scr and then double click on it to run.

If possible, both programs should be run in regular Windows, not safe mode. Allow both programs to remove whatever they find and if they tell you that you need to reboot your computer to complete the removal process, reboot into normal Windows.

Make sure you turn the firewall back on as soon as you are able to connect to the internet.

I found a way to update Malwarebytes without having an internet connection on the infected computer. You can get the most current database definitions by installing Malwarebytes on a clean computer, launch the program, update through the Malwarebytes program, copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine.

Copy rules.ref file to the location indicated for your operating system.

XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware

Edited by Stang777, 18 July 2009 - 02:46 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users