Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Contracted DHS Trojan


  • Please log in to reply
No replies to this topic

#1 CG_97

CG_97

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 26 December 2013 - 10:26 PM

First, let's start with I am not an active IT guy who is current on the latest stuff. It's been a few years since I was active beyond basic user functions. Early on a recent weekend morning, I was alerted by my spouse that after booting her laptop she received a strange page that said her computer was locked for looking at Child Porn and that she had to pay a $300 fine. I told her to turn off the machine, unplug it and leave it until I could get to it. The funny part is my wife is a hard core church type, so porn is definitely not her thing. I spent some time searching around and ended up coming across some online guidance using Malware bytes rootkit and Malware bytes Anti-Malware tools. Norton Boot Recovery Tool and Norton Power Erasure were failures. NPE couldn't run and NBRT found nothing. This version of the DHS Trojan had already shut me out of all versions of Safe Mode. I was able to lock into the user account and force the DHS blocker page to come down by brute force. In repeated succession I hit the ctrl-alt-del keys and Windows-R until I received several error messages and the system said it was shutting down. Then I was able to prevent the system from shutting down and back out of the error messages. I ran the Mal Ware tools and removed 6 Trojan entries. I followed that by running the anti-root kit, and CCcleaner to clean up the registry. Everything seemed to be working fine and I was a hero. This was on 12/22. On 12/25 I went to install Skype for family video chats on Christmas. It was then I discovered that that both my Admin account and the XP Default Admin account have had their privileges downgraded. Now I can't access any system files, not the registry, restore, command prompt or install any programs. I was able to search around and discovered what I think are remnants of the virus in the start-up folder pointing to the rundll32.exe file. So I have backed up all my important files to a removable drive at this point. I haven't seen the software CD's for this laptop in years, so reloading the OS is not my preferred choice. What Can I do to regain administrative access and get rid of the strap-hanger files from this DHS Trojan?



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users