Subscribe to AfterDawn's weekly newsletter.
Desktop infected with Trojans
#1
06 Apr 2011 @ 6:01
EzyDuzIt
Visit user's personal pageSend private message to this user
Member
Hi guys,
Just been at my friend's house and his desktop is infected with three different Trojans.
He was complaining about his pc being slower than usual; so I immediately installed Anti-Malwarebytes Anti-Malware, and then also VIPRE AV & AS.
After updating both programs, I disconnected his pc from the internet.
So scanning with AMAM(full scan), it found 30-40 pieces of malware, and I followed AMAM guidance and removed all of them.
Then I performed a "deep scan" with VIPRE AV & AS. Which is where it gets interesting...
Up comes the following:
Trojan.JS.Generic(v)
Trojan.Win32.Generic!BT
PSWTool.Win32.Pdfcracker.GeN (Password Cracker/Stealer)
All of them rated Risk level "high".
So VIPRE suggests quarantine, and I change it to clean, and confirm. Then I reboot, rescan and they pop up again.
Except this time, when the scan completes, the results disappear and consequently I can't remove/quarantine or do anything. It appears as if the scan picked up nothing (the table is blank), but the values in the table at the top (No of threats detected etc) all say "x100000".
If anyone could tell me how to remove these Trojans and password stealer, I would really appreciate it.
Thanks
Ezy
Just been at my friend's house and his desktop is infected with three different Trojans.
He was complaining about his pc being slower than usual; so I immediately installed Anti-Malwarebytes Anti-Malware, and then also VIPRE AV & AS.
After updating both programs, I disconnected his pc from the internet.
So scanning with AMAM(full scan), it found 30-40 pieces of malware, and I followed AMAM guidance and removed all of them.
Then I performed a "deep scan" with VIPRE AV & AS. Which is where it gets interesting...
Up comes the following:
Trojan.JS.Generic(v)
Trojan.Win32.Generic!BT
PSWTool.Win32.Pdfcracker.GeN (Password Cracker/Stealer)
All of them rated Risk level "high".
So VIPRE suggests quarantine, and I change it to clean, and confirm. Then I reboot, rescan and they pop up again.
Except this time, when the scan completes, the results disappear and consequently I can't remove/quarantine or do anything. It appears as if the scan picked up nothing (the table is blank), but the values in the table at the top (No of threats detected etc) all say "x100000".
If anyone could tell me how to remove these Trojans and password stealer, I would really appreciate it.
Thanks
Ezy
AfterDawn
Advertisement
#2
11 May 2011 @ 22:50
im not sure but if i were u i would try to remember the program's name tht has the trogan on it and see if it's running from task manager and try to end it and track it's source and manually delete it and if it's with a certain program remove it and re-install it if you need it but if not....since removing it is not working i would back up the really important files that u cant get again like docs,pics, music...etc. and do a clean install of the windows or watever OS and start from scratch and watch ur steps from a clean begining and try scans after installing ur programs again and after restoring ur back-up and re-scan the enitre hard drive and make sure to use several anit-virus programs to make sure and i hope i helped and plz reply back with the results :))
#4
22 Jul 2011 @ 15:08
Mez
AfterDawn Addict
I never save or type passwords for any site that involves money ect. Most stealers are either key loggers or steal saved passwords. The loggers are smart enough to work only while you are in a browser. Type the passwords in note pad and cut and paste them into the browser as a habbit. I also use a keyscrambler.
#5
03 Aug 2011 @ 3:20
Originally posted by EzyDuzIt:First backup your data to flash drive.Then reinstall windows by formatting, or do factory restore.
Hi guys,
Just been at my friend's house and his desktop is infected with three different Trojans.
He was complaining about his pc being slower than usual; so I immediately installed Anti-Malwarebytes Anti-Malware, and then also VIPRE AV & AS.
After updating both programs, I disconnected his pc from the internet.
So scanning with AMAM(full scan), it found 30-40 pieces of malware, and I followed AMAM guidance and removed all of them.
Then I performed a "deep scan" with VIPRE AV & AS. Which is where it gets interesting...
Up comes the following:
Trojan.JS.Generic(v)
Trojan.Win32.Generic!BT
PSWTool.Win32.Pdfcracker.GeN (Password Cracker/Stealer)
All of them rated Risk level "high".
So VIPRE suggests quarantine, and I change it to clean, and confirm. Then I reboot, rescan and they pop up again.
Except this time, when the scan completes, the results disappear and consequently I can't remove/quarantine or do anything. It appears as if the scan picked up nothing (the table is blank), but the values in the table at the top (No of threats detected etc) all say "x100000".
Thanks
Ezy
Then install the anti-virus from avast.com. Then do all the windows update manually forcing it.
Then scan the flash drive,then copy the data back to the computer.Your computer will be faster and safe.
This message has been edited since its posting. Latest edit was made on 05 Apr 2012 @ 6:17
#6
03 Aug 2011 @ 8:22
Mez
AfterDawn Addict
Hopefully all the data can fit on a flash drive. My C: is 1.5 T. However you can copy your info to a different disk and do the exact same thing. I had to do something like that last weekend. You might even wish to clone C: viruses and all. I get the clean drive up and running with AV then plug in the old C: as a USB drive. Your new C: will be safe because the AV is up and running before you connect. Then you can scan the disk. I would use several different scanners before I deemed the old C: save to copy over all your files. Then keep the old C: as a back up C:. They come in handy. If you have problems like this ever again just swap drives.
#7
03 Aug 2011 @ 11:55
ps355528
Senior Member
hehehe.. copy data to stick.. clean reinstall (it's crapdoze remember) .. bring data back from stick.. back come baddies..
nobody understands my "hidden partition" setups these days.. clean install of everything "stock".. copy to little stashed away "*" partition (fat32) ..puppy is fantastic.. when sleepdoze screws up just copy everything back either with puppy or with dd.. for data just "move" instead of "copy".. doesn't move anything, just shifts the file listing down a level.. it's almost instant. lmfao!!
nobody understands my "hidden partition" setups these days.. clean install of everything "stock".. copy to little stashed away "*" partition (fat32) ..puppy is fantastic.. when sleepdoze screws up just copy everything back either with puppy or with dd.. for data just "move" instead of "copy".. doesn't move anything, just shifts the file listing down a level.. it's almost instant. lmfao!!
ARR! Them pesky Navy! Get out of my sea!
irc://irc.villageirc.net/afterdawn http://www.pirateparty.org.uk/
#8
03 Aug 2011 @ 14:30
Mez
AfterDawn Addict
I beg to differ, with a healthy virus scanner up and running with orders to scan anything on a USB connection the bad guys don't have a chance if the scanner knows the malware's signature.
I have seen malware hide in places far outside where the core functionality resides. Still, if there was a crapdoz version of Puppy I would check it out.
Since I have a few 500g disks not really doing much I can afford to keep a clean one and a 'dirty' one. The clean disk has minimumal software, a browser and some malware scanners. I only use the browser to get more virus scanners ect.
The dirty has my darker utilities that I only use occasionally that I don’t want Big Brother to find on my computer. I figure all firewalls have back doors so they are useless against big brother. With persons stealing into wireless networks so often big brother can’t be sure what is going on if it finds something on your IP every few months.
I have seen malware hide in places far outside where the core functionality resides. Still, if there was a crapdoz version of Puppy I would check it out.
Since I have a few 500g disks not really doing much I can afford to keep a clean one and a 'dirty' one. The clean disk has minimumal software, a browser and some malware scanners. I only use the browser to get more virus scanners ect.
The dirty has my darker utilities that I only use occasionally that I don’t want Big Brother to find on my computer. I figure all firewalls have back doors so they are useless against big brother. With persons stealing into wireless networks so often big brother can’t be sure what is going on if it finds something on your IP every few months.
#9
17 Aug 2011 @ 10:37
Mez
AfterDawn Addict
fannyy what does your post have to do with this? Do you believe that a data or flow is being intercepted and viruses are added?
That is a million times harder than the usual and very effect ways to infect the unsuspecting.
DDP deleted the post. It was a less than obvious free add for a VPN that would keep you free of viruses, I guess. That point was not clear. I am happy to see AD taking such an agressive stand against spammers. I think the word is going out that AD is not fertil ground for spam. If you want an add, pay for it. Maybe a year ago the spamming was too much. Now I don't see many and like the one deleted, the ones that are posted are not so obvious any more.
That is a million times harder than the usual and very effect ways to infect the unsuspecting.
DDP deleted the post. It was a less than obvious free add for a VPN that would keep you free of viruses, I guess. That point was not clear. I am happy to see AD taking such an agressive stand against spammers. I think the word is going out that AD is not fertil ground for spam. If you want an add, pay for it. Maybe a year ago the spamming was too much. Now I don't see many and like the one deleted, the ones that are posted are not so obvious any more.
This message has been edited since its posting. Latest edit was made on 18 Aug 2011 @ 11:22
This discussion thread has been automatically closed, as it hasn't received any new posts during the last 180 days. This means that you can't post replies or new questions to this discussion thread.
If you have something to add to this topic, use this page to post your question or comments to a new discussion thread.
If you have something to add to this topic, use this page to post your question or comments to a new discussion thread.
