Desktop infected with Trojans

Discussion in 'Windows - Virus and spyware problems' started by EzyDuzIt, Apr 6, 2011.

  1. EzyDuzIt

    EzyDuzIt Regular member

    Joined:
    Sep 27, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    26
    Hi guys,

    Just been at my friend's house and his desktop is infected with three different Trojans.

    He was complaining about his pc being slower than usual; so I immediately installed Anti-Malwarebytes Anti-Malware, and then also VIPRE AV & AS.

    After updating both programs, I disconnected his pc from the internet.


    So scanning with AMAM(full scan), it found 30-40 pieces of malware, and I followed AMAM guidance and removed all of them.

    Then I performed a "deep scan" with VIPRE AV & AS. Which is where it gets interesting...

    Up comes the following:

    Trojan.JS.Generic(v)
    Trojan.Win32.Generic!BT
    PSWTool.Win32.Pdfcracker.GeN (Password Cracker/Stealer)

    All of them rated Risk level "high".


    So VIPRE suggests quarantine, and I change it to clean, and confirm. Then I reboot, rescan and they pop up again.


    Except this time, when the scan completes, the results disappear and consequently I can't remove/quarantine or do anything. It appears as if the scan picked up nothing (the table is blank), but the values in the table at the top (No of threats detected etc) all say "x100000".




    If anyone could tell me how to remove these Trojans and password stealer, I would really appreciate it.


    Thanks

    Ezy
     
  2. tech_slave

    tech_slave Member

    Joined:
    May 4, 2011
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    im not sure but if i were u i would try to remember the program's name tht has the trogan on it and see if it's running from task manager and try to end it and track it's source and manually delete it and if it's with a certain program remove it and re-install it if you need it but if not....since removing it is not working i would back up the really important files that u cant get again like docs,pics, music...etc. and do a clean install of the windows or watever OS and start from scratch and watch ur steps from a clean begining and try scans after installing ur programs again and after restoring ur back-up and re-scan the enitre hard drive and make sure to use several anit-virus programs to make sure and i hope i helped and plz reply back with the results :))
     
  3. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,169
    Likes Received:
    137
    Trophy Points:
    143
    try a system restore to before they appeared if possible.
     
  4. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    I never save or type passwords for any site that involves money ect. Most stealers are either key loggers or steal saved passwords. The loggers are smart enough to work only while you are in a browser. Type the passwords in note pad and cut and paste them into the browser as a habbit. I also use a keyscrambler.
     
  5. jantanik

    jantanik Member

    Joined:
    Aug 3, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    First backup your data to flash drive.Then reinstall windows by formatting, or do factory restore.
    Then install the anti-virus from avast.com. Then do all the windows update manually forcing it.
    Then scan the flash drive,then copy the data back to the computer.Your computer will be faster and safe.
     
    Last edited: Apr 5, 2012
  6. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    Hopefully all the data can fit on a flash drive. My C: is 1.5 T. However you can copy your info to a different disk and do the exact same thing. I had to do something like that last weekend. You might even wish to clone C: viruses and all. I get the clean drive up and running with AV then plug in the old C: as a USB drive. Your new C: will be safe because the AV is up and running before you connect. Then you can scan the disk. I would use several different scanners before I deemed the old C: save to copy over all your files. Then keep the old C: as a back up C:. They come in handy. If you have problems like this ever again just swap drives.
     
  7. ps355528

    ps355528 Active member

    Joined:
    Aug 17, 2010
    Messages:
    1,071
    Likes Received:
    28
    Trophy Points:
    78
    hehehe.. copy data to stick.. clean reinstall (it's crapdoze remember) .. bring data back from stick.. back come baddies..

    nobody understands my "hidden partition" setups these days.. clean install of everything "stock".. copy to little stashed away "*" partition (fat32) ..puppy is fantastic.. when sleepdoze screws up just copy everything back either with puppy or with dd.. for data just "move" instead of "copy".. doesn't move anything, just shifts the file listing down a level.. it's almost instant. lmfao!!
     
  8. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    I beg to differ, with a healthy virus scanner up and running with orders to scan anything on a USB connection the bad guys don't have a chance if the scanner knows the malware's signature.

    I have seen malware hide in places far outside where the core functionality resides. Still, if there was a crapdoz version of Puppy I would check it out.

    Since I have a few 500g disks not really doing much I can afford to keep a clean one and a 'dirty' one. The clean disk has minimumal software, a browser and some malware scanners. I only use the browser to get more virus scanners ect.

    The dirty has my darker utilities that I only use occasionally that I don’t want Big Brother to find on my computer. I figure all firewalls have back doors so they are useless against big brother. With persons stealing into wireless networks so often big brother can’t be sure what is going on if it finds something on your IP every few months.
     
  9. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    fannyy what does your post have to do with this? Do you believe that a data or flow is being intercepted and viruses are added?

    That is a million times harder than the usual and very effect ways to infect the unsuspecting.

    DDP deleted the post. It was a less than obvious free add for a VPN that would keep you free of viruses, I guess. That point was not clear. I am happy to see AD taking such an agressive stand against spammers. I think the word is going out that AD is not fertil ground for spam. If you want an add, pay for it. Maybe a year ago the spamming was too much. Now I don't see many and like the one deleted, the ones that are posted are not so obvious any more.
     
    Last edited: Aug 18, 2011
  10. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,169
    Likes Received:
    137
    Trophy Points:
    143
    spammer spammed
     

Share This Page