Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Questions about trojan removal.


  • Please log in to reply
4 replies to this topic

#1 jon51

jon51

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 18 February 2010 - 02:02 AM

I am working on a computer for a friend and it has one of those annoying TrojanDownloader viruses. Is there a generic way to get rid of these or is it a long tedious process? I found it with AVG and removed it but it just came back. Spybot didn't find it. Malwarebytes found it and removed it. I restarted and ran scan again and it didn't pick up anything new.

I'm not sure if its actually gone. I thought I read somewhere that using Safe mode can sometimes help while scanning and removing but I can't remember where I saw this. Is it true?

I have the ok to reformat if needed but if I can avoid it that would be nice. If there is a sticky somewhere about these types of trojans that would be awesome.
They always seem to get these types of viruses and I really don't know what to do to help them prevent them. AVG doesn't seem to stop it. I was going to suggest Adblock and No Script but for people that don't know what to allow and what not to this may be too inconvenient.

Any suggestions is much appreciated.
Thanks

Edited by Pandy, 18 February 2010 - 11:21 AM.
Moved from Windows XP Home and Pro ~Pandy


BC AdBot (Login to Remove)

 


#2 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:10:38 AM

Posted 18 February 2010 - 08:42 AM

Give this a shot, it seems to find a bit more then others and it is free for home use.

http://www.superantispyware.com/?tag=GOOGLE-SUPERANTISPYWARE

Phil

Honesty & Integrity Above All!


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:38 AM

Posted 18 February 2010 - 11:43 AM

Hello also post the infected scan log from Malwarebytes (MBAM)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 jon51

jon51
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 19 February 2010 - 07:35 PM

Here is the log file that was requested. I'm running another scan right now to see if it finds it again.




Malwarebytes' Anti-Malware 1.44
Database version: 3754
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/17/2010 10:07:18 PM
mbam-log-2010-02-17 (22-07-18).txt

Scan type: Full Scan (C:\|)
Objects scanned: 159525
Time elapsed: 17 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Mary Allen\My Documents\Downloads\install_flash_player.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:38 AM

Posted 19 February 2010 - 08:59 PM

Hello, did you run the Superantispyware scan also?

Your Flash player looks like it may need to be updated or reinstalled as it looks like it was exploited.

Update and rescan with MBAM. On;y a Quick scan is needed now.

Edited by boopme, 19 February 2010 - 09:18 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users