Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do you tell when trojan rollercoaster ride is over?


  • Please log in to reply
4 replies to this topic

#1 JupiterJ

JupiterJ

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 13 September 2009 - 06:34 PM

Over the past week I have been running constant scans and clean-ups of my demon possessed laptop, and have found different trojans everytime. I've done daily updates on my anti-virus/malware programs, but I don't think that's why the trojans keep popping up. I guess something is holding a back door open.

I have McAfee Internet Security Suite, and at first, the trojans would not let it run. I loaded Malware Bytes, which let McAfee run a little longer, but I would still get this message - "McAfee has experienced a problem and needs to close."

Next, I loaded and ran SuperAntiSpyware, which finally cleared the trojans up enough to allow McAfee to run. Yet each scan and quarantine/cleanup seemed to reveal a new trojan. After running a combo of McAfee and SuperAntiSpyware 4 times, I am finally getting clean results.

Even though all of the anti-virus/malware programs are now showing clean scans, the computer is still running sticky and slow. I think it's still infected, and I need some help. I have logs dating back as far as September 4th, so tell me what you need to see, and I'll send it - but you might have to tell me how to do that. I'm basically computer illiterate, but I will do my best to post what you ask for.

BTW - I'm not sure if this will help, but some of the malware and trojans that I have cleaned, or quarantined, so far are:
Windows Police pro
Trojan.FakeAlert
Rootkit. trace
Rogue.ASC-Antispyware
Malware.Trace
Trojan.Agent
Broken.OpenCommand
Disabled.SecurityCenter
Hijack.DisplayProperties
Hijack.TaskManager
Trojan.Dropper
Rootkit.Agent/Gen (uacd.sys files)
Generic Rootkit.d!rootkit
Rootkit.Agent/Gen-Skynet
SKYNETjieacjsy.dll, SKYNETourxnwyu.dll (and a slew of other skynet files) -- these 2 were the most stubborn, not convienced they are gone.
desktop.htt
Artemis!
FakeAlert-av360.gen.b

Once again, since 9/4/09, I've done so many different scans from so many different programs that I don't know what to post. Please help! :thumbsup:

BC AdBot (Login to Remove)

 


#2 JupiterJ

JupiterJ
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 13 September 2009 - 10:07 PM

I meant to mention a couple of things on the previous post. First of all, I have a wireless connection, and I kept the connection disabled until I signed on to join the bleepingcomputer community.

Secondly, everytime I completed a scan that "cleaned/quarantined" trojans, or anything else, I would reboot, and then run more scans. Malware Bytes, SUPERAntiSpyware, and Spybot would find no problems, and then McAfee would find 2 or 3+ trojans, but couldn't do anything with them.

Then I would run scans from the other programs again, and each one would suddenly find one of the trojans that McAfee had found, as well as other associated files that McAfee didn't find. I kept this rebooting and re-scanning cycle up until all of the scans consistently found nothing.

I just rebooted and did the round robin again, and none of the programs found anything. What do I do to check to make sure they are all gone?

Thanks again for the info!

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 14 September 2009 - 04:29 PM

Moved from HJT to a more appropriate forum. Tw

#4 JupiterJ

JupiterJ
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 26 September 2009 - 11:25 AM

I have not actually started the laptop for a few weeks, but when I started it yesterday, it was extremely sticky, and sluggish, and McAfee was disabled again, so I ran another scan (using SUPERAntispyware) and discovered that the cycle seems to have started again. The scan found two infected registry files: HKUS\.DEFAULT\Software\Windows Police Pro, and HKUS\S-1-5-18\Software\Windows Police Pro. So I guess I answered my own question, and the problem is still there. My next question is, how do I get rid of the trojans once and for all? If there is another source that I should consult, please let me know. Thank you.

#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:31 PM

Posted 26 September 2009 - 03:24 PM

Hello JupiterJ

Let's see what we're dealing with here.

Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • At the top of the window, click Settings, then Options.
  • Click the Ssdt & Shadow Ssdt Tab.
  • Make sure the box next to "Only display hooked functions." is checked.
  • Click the "X" in the top right corner of the Settings window to close it.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade


In your next reply, please include the following:
RootRepeal log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users