Jump to content

help removing trojan + othes - tried everything

shahdad
 Share

Recommended Posts

shahdad

shahdad

Posted
Posted

I've run every possible scan there is, and this thing is still in the system.

Trojan hunter

Norton antivirus

avg

ad-aware

bit defender online scanner

cwshredder

stinger

winsockxpfix

cleanup

s&d

it first started with the computer logging onto the net and playing audio, random audio with nothing open. norton blocked a few things with the messages indicating trojans - couldn't get the names. widows defender also block stuff (stop working now - cant run it)

i tried to log into safemode but im thinking something is blocking this as i only get a black screen after selecting a user. i did however manage to run all the above by ctrl+alt+del then start new task

hijack this looks clean too

the appz only seem to be piking up Trojan.agent.alz in avg / agent.100 in trojanhunter

ive run out of ideas..... help plz

Back to top

View user's profile Send private message


severach

severach

Posted
Posted

Pull the drive and scan with Kaspersky or AOL Active Virus Shield and any other tools you like. If it's NTFS you'll need to reset all the permissions first. To save time you should manually clear out all the temp folders.

Not pulling the drive is a waste of time.

shahdad

shahdad

Posted
  • Author
Posted

So I ran all of the scans again, and all came up clean. I ran:

Ad-Aware

AVG Anti-Spyware

Spybot - Search & Destroy

TrojanHunter Scanner

Windows Defender

I thought everything was fixed, and too check, I powered down fully and power up few hours later. as soon as i logged in, pop up in ie - (didnt go anywhere bc my wireless was off). I also noticed everything that suppose to be in my taskbar is missing.

ive ran several hijack this, but all logs looked clean. so i renamed it to shahdad.exe, now ive got some hits.

can i post logs here?

also, i ran the root searches but they didnt find anything

DonDamm

DonDamm

Posted
Posted

Is there some reason you can't do a reinstall? Seriously, if you add up the time you've already spent, I'm certain it will add up to more than a few hours.

My best advice is situations like these is to backup all your data, email, favorites, etc. on another partition or CD/DVD, wipe the partition and reinstall, defrag, install all your basic apps and configure your net connections, etc. defrag again, move the pagefile to another partition, Clean out System Restore and then set a new restore point, turn off hibernation temporarily, shut down and make an image of your system/programs partition. Store it on another partition and copy it to a DVD.

Now should this ever happen again, you'll have a known good and working setup which you can slap onto the active partition in ten minutes and you'll be up and running. You'll save yourself hours of painful work and agro. In fact, it will put a smile on your face. I've seen it many times since I started doing this for clients many years ago.

Even it you manage to get your system seemingly working properly, there will always be the nagging doubt. With an image you'll never have that doubt, and that is worth the effort! :^)

If for some reason you can't reinstall, I can only sympathize. It seems like you've taken all the right steps so far and as ilko_t mentioned you very well may have a rootkit. If you do, even the rootkit revealers out there are limited in what they can do and you may not be able to fully implement them. All the more reason to do a fresh format and install.

shahdad

shahdad

Posted
  • Author
Posted

update:

i found an app called ComboFix. ran it, fixed everything....

insane, 1 program fixed everything it seems.

ive run 20 different things up till now, i find that one... and zap all probs seem to be fixed

got my taskbar items back, no pop ups after log in

final check to go still but all looks good i think

ilko_t

ilko_t

Posted
Posted

Well, it's nice you fixed it :)

If combofix did the trick and you are sure nothing was in HJT logs then you definitely had a rootkit variant, and I wonder why you didn't scan for. Whatever, hopefully nothing will come back, don't forget to flush system restore.

shahdad

shahdad

Posted
  • Author
Posted

lol, yup should have just done a format. I would have done it but i never set up a partition because the notebook came nice and set up by dell.

haha, and i still still got crap - downloaded superantispyware, first run picks up trojan.winfixer - 6 items

i ran a RootkitRevealer but it didnt come up with anything

... back to the drawing boards

option 1. save my self a lot of time = format

option 2. waste a lot of time bc im going to get this **** thing now - its war! haha

shahdad

shahdad

Posted
  • Author
Posted
Is there some reason you can't do a reinstall? Seriously, if you add up the time you've already spent, I'm certain it will add up to more than a few hours.

My best advice is situations like these is to backup all your data, email, favorites, etc. on another partition or CD/DVD, wipe the partition and reinstall, defrag, install all your basic apps and configure your net connections, etc. defrag again, move the pagefile to another partition, Clean out System Restore and then set a new restore point, turn off hibernation temporarily, shut down and make an image of your system/programs partition. Store it on another partition and copy it to a DVD.

Now should this ever happen again, you'll have a known good and working setup which you can slap onto the active partition in ten minutes and you'll be up and running. You'll save yourself hours of painful work and agro. In fact, it will put a smile on your face. I've seen it many times since I started doing this for clients many years ago.

Even it you manage to get your system seemingly working properly, there will always be the nagging doubt. With an image you'll never have that doubt, and that is worth the effort! :^)

If for some reason you can't reinstall, I can only sympathize. It seems like you've taken all the right steps so far and as ilko_t mentioned you very well may have a rootkit. If you do, even the rootkit revealers out there are limited in what they can do and you may not be able to fully implement them. All the more reason to do a fresh format and install.

okay i give up.... haha

DonDamm, im going to do exactly what you said, little bit of work now will save me a lots in the future

is there a more in depth guide, just like all your steps, that will cover things that I might miss since im doing this for the first time?

you only realize afterwards that you missed something, if theres a guide, many others have made the mistakes already so we can learn from them

thanks all for your help

shahdad

shahdad

Posted
  • Author
Posted

i just thought of the other things i will need do after ive installed xp

so... revision of thought

1. format

2. partition

3. install xp

4. defrag after install

5. install appz off cd's (no internet connection yet) office, norton wow thats it, haha, everything else is downloaded of the net

6. degrag again

7. set clean system restore point here.

now connect to the net

8. update norton

9. windows update

10. dl & install windows defender

11. dl & install firefox - also about:config at this pioint for tweaks:

---> use detailed guide at www.tweakfactor.com/articles/tweaks/firefoxtweak/4.html

12. dl & install fiirefox preloader

13. dl & install adobe reader

14. dl & install anything else that comes to mind at this point that i may have missed now

15. degrag

16. set another system restore point

17. now im on my marry way to screw up the computer again :)

wow i think i just made a guide, haha

so any tips or input on the above? i miss or skip anything crucial or even minor?

Tarun

Tarun

Posted
Posted

You should definitely avoid Norton; that is most likely why you have a trojan.

Read the sticky in this forum for tips on how to clean your computer and get it back to better order. Formatting is always the last resort.

dubsdj

dubsdj

Posted
Posted

These tools I use very often when fixing the peoples laptops which come in very often caked with spyware..

Ad-Aware

Hijackthis

Rougue Remover

Spybot SD

DonDamm

DonDamm

Posted
Posted

Well, when I get time I might just write a guide. Part of the problem is that you can't predict what folks will have on their machine. For example, I use an address database program that stores the db under its program folder in Program Files. Somewhat like Outlook stores the .pst file under your profile on C:\. These things can be worked around, so maybe I'll write up a basic guide first and then a a level 2 guide. I'll think about it! :^)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...