Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A trojan horse has taken my computer hostage!


  • Please log in to reply
9 replies to this topic

#1 zoomgirl

zoomgirl

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 19 September 2005 - 02:35 PM

Hello All,

This is my first post but I have to make it quick as I am using my bosses computer! I am really not computer savvy at all so please bear with me.

I currently have my mother's computer in my home which is a Gateway running Windows XP. I bought and installed Trend Micro's PC-cillian this weekend due to problems I had been having. My computer friend had fixed my computer which had been having problems just a few days ago.
I installed Trend Micro on Saturday, Sunday everything seemed fine. This morning I believed I clicked on a link that installed a Trojan on my computer. Now I can't do anything! I can't even get to my Trend Micro softward to run a systems check or anything. My computer keeps shutting itself off....and I don't have the Windows XP disk that came with the computer....and my mother can't find it.
What do I do?

Remember: Please "dumb down" as much as possible...because I am clueless!

Thank you!

BC AdBot (Login to Remove)

 


#2 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 19 September 2005 - 02:47 PM

If you think you are infected submit a hijackthis log here.

How to submit a hijackthis log

Download Hijackthis

Try running the following from safe-mode Sysclean you'll also need the virus template file from here lpt***.zip

or

DrWeb CureIT

If your good with the command line also try Sophos Command Line scanner

Also install and run A2 Free and Ewido

I'd also run Spybot and Adaware

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt"

At the C:\ prompt type the following:-

cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

#3 zoomgirl

zoomgirl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 19 September 2005 - 02:51 PM

Thank you, I am printing out some of you advice.....I will try it when I get home.
I will have access to the computer at work again tomorrow so I will post and let you know what happens.

Thank you again!

#4 sakaman

sakaman

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 19 September 2005 - 02:56 PM

hi Zoomgirl,


you should start your computer on Safe Mode.
This will happen by pressing F8 when you open your pc. Otherwise click Start, click Run, type msconfig, click OK, then choose BOOT.INI tab, Check /SAFEBOOT, click OK and restart your pc . (with the last way your pc will automatically start on safe mode. So to start normally uncheck "/SAFEBOOT")
On Safe Mode you can try running your Trend Micro softward or others such as Ad-Aware, Spybot-Search and Destroy, Spyblaster, Microsot AntiSpyware and of course your antivirus.

#5 zoomgirl

zoomgirl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 19 September 2005 - 03:02 PM

Thank you Sakaman!

#6 zoomgirl

zoomgirl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 20 September 2005 - 02:55 PM

I hope I am posting in the right spot. I was unable to take any steps that were suggested to me yesterday. I was able to follow your advice and get to "Safe Mode" but once there I was unable to get to any websites in order to download any of the "free ware" that could help me. I also tried doing the "command mode" but honestly, I have no idea what I am doing and was unable to do that either :thumbsup:

When I tried to run Trend Micro I got a message that said " No network device was found, or there is a conflict with existing antivirus or security software. Only the virus scan, spyware scan, and Security functions will be available. To enable full product funcionality uninstall conflicting software or enable a network connection to restart the program"
When I click okay I get the following error message
"Unable to read configurartion. Restart
(hr=0x8007043C, 10C=7413, num=234)

Being the genius I am, I went to add/remove programs to see if I could get to the culprit from there. I removed the following things that had the date of 9/20/05 (since I hadn't added anything that day)
IST.svc
Media Gateway
New.net Domains
Surf Sidekick (which asked me to input a security code they provide to remove)
I tried to remove something called "The Best Offers" but it would not let me remove it....told me to go to the website to do it......but I can't get to the Internet
Windows Incontext
Your Side Bar

The bottom line, I can't get to the Internet....can't run Trend Micro.....I don't even think I can uninstall Trend Micro and reinstall it. I may have tried, I don't remember. Then I cried tears of frustration for not being smarter and clicking on that freaking link to begin with.!

What now?

#7 zoomgirl

zoomgirl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 20 September 2005 - 02:56 PM

Oh yes, I almost forgot....my computer keeps shutting itself off as well....... :thumbsup:

#8 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:10:22 PM

Posted 20 September 2005 - 08:22 PM

Restart in normal mode, open Internet Explorer and go to the following site:

Trend Micro antivirus and malware scan:
http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scan

Set it to fix all problems it finds.

Additional scans to run:
Kaspersky Anti-Virus Web Scanner
http://www.kaspersky.com/service?chapter=161739400#betatest

Windows Security Trojanscan
http://www.windowsecurity.com/trojanscan/trojanscan.asp

Panda Activescan
http://www.pandasoftware.com/activescan/co...n_principal.htm

Etrust Anti-virus web scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

#9 zoomgirl

zoomgirl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 21 September 2005 - 03:33 PM

Thank you....but when I try to restart in normal mode.....IE won't open at all.
Is there any other way to get to it besides clicking the Icon?

#10 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:10:22 PM

Posted 21 September 2005 - 10:44 PM

Yes, you can get to it by clicking on "start" then programs, then on Internet Explorer.

You will not be able to get on the internet in safe mode.

In safe mode, default settings are used, ie (VGA monitor, Microsoft mouse driver, no network connections, and the minimum device drivers required to start Windows).

The safe mode options are:

Safe Mode

Starts Windows using only basic files and drivers (mouse, except serial mice; monitor; keyboard; mass storage; base video; default system services; and no network connections). If your computer does not start successfully using safe mode, you may need to use the Emergency Repair Disk (ERD) feature to repair your system.

Safe Mode with Networking

Starts Windows using only basic files and drivers, plus network connections.


Safe Mode with Command Prompt

Starts Windows using only basic files and drivers. After logging on, the command prompt is displayed instead of the Windows desktop, Start menu, and Taskbar.

Enable Boot Logging

Starts Windows while logging all the drivers and services that were loaded (or not loaded) by the system to a file. This file is called ntbtlog.txt and it is located in the %windir% directory. Safe Mode, Safe Mode with Networking, and Safe Mode with Command Prompt add to the boot log a list of all the drivers and services that are loaded. The boot log is useful in determining the exact cause of system startup problems.

Enable VGA Mode

Starts Windows using the basic VGA driver. This mode is useful when you have installed a new driver for your video card that is causing Windows not to start properly. The basic video driver is always used when you start Windows in Safe Mode (either Safe Mode, Safe Mode with Networking, or Safe Mode with Command Prompt).

Last Known Good Configuration

Starts Windows using the registry information that Windows saved at the last shutdown. Use only in cases of incorrect configuration. Last known good configuration does not solve problems caused by corrupted or missing drivers or files. Also, any changes made since the last successful startup will be lost.

Start in Safe Mode with networking and see if you can use IE to get on the internet with it.

But before you even try to download off the net, try to run your TrendMicro AV scan.

The message it gave you was "Only the virus scan, spyware scan, and Security functions will be available.", so you may be able to run it. If not, if you can get on the internet try a few of the web based scans that were listed in my previous post.

Edited by Enthusiast, 21 September 2005 - 10:47 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users