Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about Trojans


  • Please log in to reply
13 replies to this topic

#1 bob1212

bob1212

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 28 January 2016 - 04:42 PM

About 7 years ago I was infected by a backdoor Trojan virus (somebody I knew did it) and It made my life a living hell.

 

The other day I see that there is another Trojan on my laptop ( I don't remember the name of it, but it said it was possible that the backdoor could be opened from it I really don't want to believe that these people are still harassing me but..

 

I guess my question is if I'm infected by a Trojan, does that mean I was SPECIFICALLY or Personally targeted by somebody?

 

What are the chances this Trojan was not by somebody I know who is out to get me?



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,900 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:32 PM

Posted 28 January 2016 - 05:37 PM

The information you provided doesn't help much. Who or what told you there was a trojan on your computer? What action

if any have you taken to clean the computer of adware and malware if any?

 

What security programs are installed on your computer and which ones are not free programs?

 

Another topic of yours mentions you loaned your computer recently to someone? Have you asked that person about your concerns

as to what the computer was used for?


Edited by buddy215, 28 January 2016 - 05:38 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:09:32 AM

Posted 28 January 2016 - 05:39 PM

Just a little further info...

 

It is highly unlikely that you were specifically targeted unless you are a high profile scientist, businessman or politician. (or other person of extreme interest)

 

There are literally millions of different types of trojans with many thousands of new infections every day.

 

There would have to be a very good reason (normally financial) for someone with the capabilities to try to own your machine. Personal vendettas are way down the list of probable causes... it's just not not worth it (the old reward vs effort factor).



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 PM

Posted 28 January 2016 - 06:00 PM

A Trojan Horse is a destructive stand-alone application that masquerades as a benign program and hides "malicious code" within the original source code in such a way that it can gain control and do its chosen form of damage. This malicious code is a process or function specifically added by the Trojan's programmer that performs an activity the user is unaware of. Trojans are executable programs (.exe, .vbs, .com, .bat, etc) which means that when you open the file, they will perform some action.

A Backdoor Trojan allows a remote attacker to have access to or send commands to a compromised computer. This type of malware not only compromise your system, they have the ability to download even more malicious files so infections and severity of damage will vary.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 bob1212

bob1212
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 01 February 2016 - 11:36 AM

The information you provided doesn't help much. Who or what told you there was a trojan on your computer? What action

if any have you taken to clean the computer of adware and malware if any?

 

What security programs are installed on your computer and which ones are not free programs?

 

Another topic of yours mentions you loaned your computer recently to someone? Have you asked that person about your concerns

as to what the computer was used for?

 

The Trojan was Exploit:JS/Axpergle.BY 

 

I found it with Windows Defender (Windows 10) and it said it was removed.



#6 bob1212

bob1212
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 01 February 2016 - 11:42 AM

Just a little further info...

 

It is highly unlikely that you were specifically targeted unless you are a high profile scientist, businessman or politician. (or other person of extreme interest)

 

There are literally millions of different types of trojans with many thousands of new infections every day.

 

There would have to be a very good reason (normally financial) for someone with the capabilities to try to own your machine. Personal vendettas are way down the list of probable causes... it's just not not worth it (the old reward vs effort factor).

 

The thing is, I was specifically targeted years ago, by somebody I went to school with. This I know for a fact. I just find it disheartening that that person could STILL be doing this to me, which leads to my original question..

****************

Is it likely that this was done by somebody specifically targeting me? What other way could I possibly be infected with a Trojan if it weren't somebody trying to get a backdoor on my computer? Lets say nobody was out to get me, what are the chances I get infected with a Trojan? Is it likely? It seems to me that a Trojan is something you only get is somebody wants you to have it, am I wrong in that?


Edited by bob1212, 01 February 2016 - 11:43 AM.


#7 buddy215

buddy215

  • BC Advisor
  • 12,900 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:32 PM

Posted 01 February 2016 - 12:40 PM

As the info from Microsoft says:

This threat is a member of the JS/Axpergle family.

Microsoft security software detects and removes this threat.

This exploit uses a vulnerability in your software to infect your PC.

It's usually used to install other malware or unwanted software without your knowledge.

 

Make sure your Windows OS, all Adobe products such as Flash and Reader, Windows programs such as Office, Java, browsers, etc. are kept up to

date with the latest security patches.

 

It would be a good idea to look for other malware and adware that the trojan may have installed.

 

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 bob1212

bob1212
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 01 February 2016 - 01:23 PM

Thanks. So do you think I was specifically targeted or it was more of a fluke thing?

 

 

As the info from Microsoft says:

This threat is a member of the JS/Axpergle family.

Microsoft security software detects and removes this threat.

This exploit uses a vulnerability in your software to infect your PC.

It's usually used to install other malware or unwanted software without your knowledge.

 

Make sure your Windows OS, all Adobe products such as Flash and Reader, Windows programs such as Office, Java, browsers, etc. are kept up to

date with the latest security patches.

 

It would be a good idea to look for other malware and adware that the trojan may have installed.

 

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 


Edited by bob1212, 01 February 2016 - 01:24 PM.


#9 buddy215

buddy215

  • BC Advisor
  • 12,900 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:32 PM

Posted 01 February 2016 - 01:40 PM

I think what Microsoft says about the trojan....This exploit uses a vulnerability in your software to infect your PC

Those that follow this forum see exploits and other types of malware almost every day....adware multiple times a day.

I have no reason to think anyone specifically targeted you.

Are you going to run the scans...check your programs for updates?....it's up to you.

 

EDIT: Microsoft Malware Protection Center - Exploit malware family

QUOTE: (read more in link above)

 

The exploit malware family

Exploits take advantage of weaknesses or “vulnerabilities” in common software, such as Java and Adobe Flash.

A vulnerability is like a hole in your software that malware can use to get onto your PC. Malware can use these vulnerabilities to exploit the way the software works and further infect your PC.

Some of the worst exploits allow attackers to run malicious code on your PC without your knowledge.

We categorize exploits in our encyclopedia by the "platform" they target. For example, Exploit:Java/CVE-2013-1489.A is an exploit that targets a vulnerability in Java.

Prevention

The best prevention for exploits is to keep all of your software up-to-date.

See our Updating software help page for information on how to keep your software updated, and what you can do to reduce the risk of malware infection your PC.

 

Edited by buddy215, 01 February 2016 - 01:44 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 bob1212

bob1212
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 01 February 2016 - 02:00 PM

 

I think what Microsoft says about the trojan....This exploit uses a vulnerability in your software to infect your PC

Those that follow this forum see exploits and other types of malware almost every day....adware multiple times a day.

I have no reason to think anyone specifically targeted you.

Are you going to run the scans...check your programs for updates?....it's up to you.

 

EDIT: Microsoft Malware Protection Center - Exploit malware family

QUOTE: (read more in link above)

 

The exploit malware family

Exploits take advantage of weaknesses or “vulnerabilities” in common software, such as Java and Adobe Flash.

A vulnerability is like a hole in your software that malware can use to get onto your PC. Malware can use these vulnerabilities to exploit the way the software works and further infect your PC.

Some of the worst exploits allow attackers to run malicious code on your PC without your knowledge.

We categorize exploits in our encyclopedia by the "platform" they target. For example, Exploit:Java/CVE-2013-1489.A is an exploit that targets a vulnerability in Java.

Prevention

The best prevention for exploits is to keep all of your software up-to-date.

See our Updating software help page for information on how to keep your software updated, and what you can do to reduce the risk of malware infection your PC.

 

 

I'll probably do what you said. Would you say this is the kind of Trojan one would use if trying to open the backdoor for remote access? I seen my computer light up to the desktop and then pop the internet open. I thought that was very odd, and that's why I think it may have been the same people who backdoored me years ago.

 

"You can only get a Trojan if somebody specifically targets you"  Is that an accurate statement ? I know you say there is no reason why you would believe I was specifically targeted, so how could I have gotten it?Like the one I have, could I have gotten that just from accidently downloading it from the internet or is it something that somebody specifically tried to infect me and me personally with.

 

Sorry if I'm sounding repetitive, I'm just having trouble making sense of this.


Edited by bob1212, 01 February 2016 - 02:07 PM.


#11 buddy215

buddy215

  • BC Advisor
  • 12,900 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:32 PM

Posted 01 February 2016 - 02:47 PM

Yes, you are being repetitive and I have given you enough info to explain what you need to do to prevent known exploits.

I think you just want me to agree with you that you were specifically targeted......I have no reason to do that.

Read the info in the link I provided.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:09:32 AM

Posted 01 February 2016 - 05:26 PM

The thing is, I was specifically targeted years ago, by somebody I went to school with. This I know for a fact. I just find it disheartening that that person could STILL be doing this to me, which leads to my original question..

 

Kids grow out of this stuff. There's a difference between healthy caution and paranoia.

 

Is it likely that this was done by somebody specifically targeting me?

Are you a high profile scientist, businessman or politician. (or other person of extreme interest), if not.... no.

 

What other way could I possibly be infected with a Trojan if it weren't somebody trying to get a backdoor on my computer?

Email, site adverts, downloads, outdated software... the list goes on. It happens to ordinary people every day.

 

Lets say nobody was out to get me, what are the chances I get infected with a Trojan? Is it likely?

Yes, very likely. Happens all the time, particularly to no savvy computer people who don't update their software regularly, download files, use the internet and click emails. It's a jungle out there.

 

It seems to me that a Trojan is something you only get is somebody wants you to have it, am I wrong in that?

Totally wrong. The primary motivation for infecting people with trojans is money, not vendettas. They want to own your traffic, ransom you, dump ads on you and steal your financial data. Happens all the time, every day to ordinary people who don't know anybody.

 

If you had the skills to backdoor someones computer (meanwhile breaking scores of laws and risking prison) would you do it just to irritate someone? or would you do it for a big pile of money?

 

If someone was targeting you they would be breaking less laws and facing less jail time if they just came over your house and beat you up.



#13 bob1212

bob1212
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 03 February 2016 - 03:32 PM

I'm going to do the Malwarebytes scan and see what happens.

 

Thanks for the help guys, I was always under the impression that Trojans were something that somebody gave you on purpose, not something you could randomly get.

 

I'll let you know what the scan says



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 PM

Posted 03 February 2016 - 05:22 PM

...I was always under the impression that Trojans were something that somebody gave you on purpose, not something you could randomly get.

In some cases that is true. An attacker can go after a specific individual in order to compromise and gain control of a machine by using a backdoor Trojan. Fortunately most malware writers are in it for financial gain and they would rather target a wide audience where the payoffs are more lucrative.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users