Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected PC again... [Moved]


  • Please log in to reply
19 replies to this topic

#1 Mikazumi

Mikazumi

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 01 September 2009 - 09:40 PM

I'm back! This time I am worried as I've got a password-stealing trojan on my computer. I came onto my computer this morning and my Spyware Doctor (the computer technician put it on there when I got it to get checked because of my monitor) told me it had blocked Trojan-PWS.Bancos...so now I'm quite worried and have made sure my family does not log on to anything important for now. I have disconnected the internet from my computer so nothing else can get on my computer and I am using an uninfected computer and also my mobile phone to check the forums. Please help me out ASAP!

EDIT: I did a scan...MBAM and avast! found nothing, Spyware Doctor found 2 traces of Trojan-PWS.Bancos again (registry and .exe file), and quarantined it. I looked at its information to see which file it was coming from, and I identified the program on my computer where it seems to have come from, which seems to make sense (I remember downloading a program - a game I think, and I believe it downloaded a torrent program that downloads torrents and such to my computer too...ugh. I had a choice whether to install it or not, I should've known better...) and since have uninstalled this program, so I'm not sure if I've gotten rid of the trojan completely or not.

From other topics in this forum other people had multiple trojans and viruses etc as well as the Trojan-PWS, and simply just reformatted their PCs...I can't find my Windows disk (Dad's fault...) so I'm not sure if this is the end and if my computer can be safe!

(Editted to ramble on about stuff.)

Edited by Mikazumi, 02 September 2009 - 06:37 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:53 PM

Posted 01 September 2009 - 10:16 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Mikazumi

Mikazumi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 02 September 2009 - 08:54 AM

Okay, I decided that if I'm going to fix my other computer, I might as well do this one too. I scanned it (PC #2) just now with Avira and I found 6 Trojans, those being either Downloaders or Droppers, though I cannot exactly remember the names of what was there. I uninstalled one program I had just incase it was planning to do similar to that program I had on PC #1 (not the same program, but they are similar...note, PC #2 is my sister's/mum's computer, PC #1 is mine).

In addition, when i start PC #1, it always says "Windows host process (Rundll32) has stopped working". It has done that for quite a while now (sometime after the first time I posted at BC about issues with my computer being slow), and I am concerned about that too. I am running a MBAM scan on PC #1 now to see if it can pick up anything.

(Editted to include better information)

Edited by Mikazumi, 03 September 2009 - 03:49 AM.


#4 Mikazumi

Mikazumi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 03 September 2009 - 06:52 PM

I did MBAM and Spyware Doctor scans and they both found nothing, but I want to be sure my computer is safe >_>

#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:53 PM

Posted 03 September 2009 - 07:24 PM

Hello Mikazumi and welcome back.

First. . . let's deal with one PC at a time. once we get one fixed, we'll move on to the other one. Trying to address two different machines with unrelated issues is incredibly confusing. :thumbsup:

Second, for as long as we're working together please do not run anything that I or another helper do not ask you to run. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process.

Finally, attention to detail is important! Since I cannot see or directly interact with your computer I am completely dependent on you to "be my eyes" and provide as much information as you can.

Now, let's get started. :flowers:

To begin, please choose which PC you wish to work on first. Please restate the issues you are having with the computer, and list any steps you have taken independently, as well as the results of your efforts.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 Mikazumi

Mikazumi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 04 September 2009 - 12:45 AM

Okay, I understand. I found it confusing typing up about both computers! We will work on what I named PC #1, AKA the one which has/had Trojan-PWS.Bancos on it. I will explain as much as I can what has happened so far with this one:

I turned on my computer a few mornings ago and there was a little popup in the corner from Spyware Doctor that said it had blocked Trojan-PWS.Bancos and asked if I wanted to continue blocking it. I clicked to continue blocking it, and immediately disconnected to the internet and looked it up, and I was very concerned about what it was I had found. I ran virus scans with what I have which is probably too many (Spyware Doctor (I took my computer in to a computer shop a few months ago regarding my monitor and he had put that on there), Malwarebytes, SUPERantispyware and Avast!) and only Spyware Doctor found the two traces of it, and put it in quarantine.

Yesterday I scanned over with Malwarebytes and Spyware Doctor, and they did not find anything. I'm not too keen to turn on the internet again incase of a re-infection. However the Trojan managed to come in through a P2P program which I uninstalled immediately after (I shouldn't have downloaded it in the first place, I don't even know why I did...)

I have not done anything further than that, as I have been awaiting a reply to see what further instructions I should take. Also, I did not notice anything different on my PC when that was detected. When I searched up about the Trojan I got no redirects, I had no random popups or whatnot or error messages that I have never seen. However, on startup I get "Windows host process (rundll32) has stopped working" and I'm not sure how that happened or how to fix that...

Hopefully I've said everything I needed to say. Thankyou so much in advance for helping me and I understand, I will not fiddle with my computer unless you tell me so!

Edited by Mikazumi, 04 September 2009 - 02:46 AM.


#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:53 PM

Posted 04 September 2009 - 04:48 PM

Hello.

Sorry for the delay. I just got in from a long day of work. Excellent job on describing your issues! I'll have some instructions ready for you tonight.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:53 PM

Posted 04 September 2009 - 07:33 PM

Alright. . . let's do an online virus scan; obviously you'll need to connect the machine to the Internet for this. I'm not too worried about reinfection here though.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
~Blade


In your next reply, please include the following:
KOS results

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 Mikazumi

Mikazumi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 05 September 2009 - 01:50 AM

Still no sign of infection on PC, I'm still scanning too (43%...going real slow. It kind of took awhile on a few files) and so far everything looks good ;o but then again it's not even halfway. Will edit & update when it's finished...

Edited by Mikazumi, 05 September 2009 - 05:10 AM.


#10 Mikazumi

Mikazumi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 05 September 2009 - 05:41 AM

Okay I finished the scan and did the log. I hope I did it right!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, September 5, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, September 05, 2009 08:49:14
Records in database: 2748833
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\

Scan statistics:
Objects scanned: 234672
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:20:55

No threats found. Scanned area is clean.

Selected area has been scanned.

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:53 PM

Posted 05 September 2009 - 09:39 AM

The log looks clean. . . are you having any symptoms of a malware infection?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#12 Mikazumi

Mikazumi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 05 September 2009 - 07:10 PM

Well I'm on the PC right now, it is all looking fine from what I can see, no symptoms at all. I find it strange that I find a trojan like that and then nothing happens after that o.O so far no redirects, no strange popups, no warnings about viruses from fake programs, no fake virus scanners on the PC. It will still let me use my virus scanners.

Edited by Mikazumi, 05 September 2009 - 07:11 PM.


#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:53 PM

Posted 05 September 2009 - 07:16 PM

I'm thinking you caught it quickly, which is good. I'd still change all your passwords using another computer though. . . just to be certain. Especially passwords to online banking sites and the like.

Unless you have other questions regarding this PC, please give me the rundown on your other PC, just as you did for the first one in Post #6

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#14 Mikazumi

Mikazumi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 05 September 2009 - 07:21 PM

I must be lucky to catch things quickly! I do not use any online banking sites or anything too important on this computer, but I have changed passwords anyway.

Oh, I do have a question about this PC. I used to have Outpost Firewall, but that expired. Is there any other free firewalls you can recommend to me?

Okay, the other PC I'd like to check just in case something is wrong on that. Better to be safe than sorry! Anyway I did not notice anything different on that PC to normal as I have been using it regularly, I did a virus scan a few days back to find 6 trojans which I cannot remember their names using Avira. They were on the lines of downloaders and droppers if that helps.

#15 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:53 PM

Posted 05 September 2009 - 08:19 PM

Is there any other free firewalls you can recommend to me?

Sure thing! Comodo Firewall (remember to uncheck Install Comodo Antivirus) or Kerio
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one firewall program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.

Out of the above two; my personal recommendation is Kerio. I've seen far fewer instances of Kerio causing problems than I have Comodo. Kerio is also lighter weight. But they're both good.

***************************************************

For the second PC, let's go ahead and hit it with a Kaspersky scan as well. I'll repost the instructions here for your convenience.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
~Blade


In your next reply, please include the following:
KOS results

Edited by Blade Zephon, 05 September 2009 - 08:20 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users