Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse


  • Please log in to reply
8 replies to this topic

#1 Shippou

Shippou

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 03 September 2012 - 07:29 AM

I pretty much know my computer has a trojan horse infecting it, what can I do about it? I am pretty sure it is my dad but I am not sure how to remove it.

Thanks, I am using windows 7.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:12 PM

Posted 03 September 2012 - 07:30 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Shippou

Shippou
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 03 September 2012 - 07:38 AM

tsk0000 is the log file? If not then where is it? I used tdsskiller

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:12 PM

Posted 03 September 2012 - 07:41 AM

You should find something like this

C:\TDSSKiller.~~~~~log.txt

#5 Shippou

Shippou
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 04 September 2012 - 01:20 PM

It is not there, I have this:
C:\TDSSKiller_Quarantine\03.09.2012_15.32.59\susp0000\svc0000

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:12 PM

Posted 04 September 2012 - 01:29 PM

Go ahead with other scans

#7 Shippou

Shippou
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 09 September 2012 - 02:51 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-09 10:50:38
-----------------------------
10:50:38.327 OS Version: Windows x64 6.1.7601 Service Pack 1
10:50:38.327 Number of processors: 4 586 0x2A07
10:50:38.328 ComputerName: PC UserName:
10:50:41.576 Initialize success
10:50:58.455 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-6
10:50:58.457 Disk 0 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 3
10:50:58.468 Disk 0 MBR read successfully
10:50:58.470 Disk 0 MBR scan
10:50:58.473 Disk 0 Windows 7 default MBR code
10:50:58.476 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:50:58.492 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 999898 MB offset 206848
10:50:58.519 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 907727 MB offset 2048000000
10:50:58.555 Disk 0 scanning C:\Windows\system32\drivers
10:51:02.721 Service scanning
10:51:11.611 Modules scanning
10:51:11.619 Disk 0 trace - called modules:
10:51:11.643 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:51:11.648 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a22060]
10:51:11.654 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80043d2ad0]
10:51:11.659 5 ACPI.sys[fffff880011937a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-6[0xfffffa80044c8060]
10:51:11.664 Scan finished successfully
10:51:19.620 Disk 0 MBR has been saved successfully to "C:\Users\עידית\Desktop\MBR.dat"
10:51:19.632 The log file has been saved successfully to "C:\Users\עידית\Desktop\aswMBR.txt"

#8 Shippou

Shippou
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 18 September 2012 - 01:42 PM

Did a new scan:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-18 21:41:26
-----------------------------
21:41:26.642 OS Version: Windows x64 6.1.7601 Service Pack 1
21:41:26.642 Number of processors: 4 586 0x2A07
21:41:26.643 ComputerName: PC UserName:
21:41:28.909 Initialize success
21:41:32.800 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-6
21:41:32.802 Disk 0 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 3
21:41:32.837 Disk 0 MBR read successfully
21:41:32.840 Disk 0 MBR scan
21:41:32.842 Disk 0 Windows 7 default MBR code
21:41:32.845 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:41:32.849 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 999898 MB offset 206848
21:41:32.877 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 907727 MB offset 2048000000
21:41:32.912 Disk 0 scanning C:\Windows\system32\drivers
21:41:37.739 Service scanning
21:41:46.764 Modules scanning
21:41:46.772 Disk 0 trace - called modules:
21:41:46.805 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:41:46.810 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a27060]
21:41:47.096 3 CLASSPNP.SYS[fffff88001b9843f] -> nt!IofCallDriver -> [0xfffffa8004407b60]
21:41:47.102 5 ACPI.sys[fffff8800118e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-6[0xfffffa80047c3060]
21:41:47.107 Scan finished successfully
21:42:05.593 Disk 0 MBR has been saved successfully to "C:\Users\עידית\Desktop\MBR.dat"
21:42:05.606 The log file has been saved successfully to "C:\Users\עידית\Desktop\aswMBR.txt"

I have no trojan horses?

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:12 PM

Posted 18 September 2012 - 01:47 PM

ESET log?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users