AfterDawn Forums

iTunes trojan or virus

This discussion thread has 12 messages.

#1



I got this in my iTunes.
Neither of these are mine.
I know no one by either of these names.
My iTunes does not have any kind of sharing enabled.

I ran Spybot S&D in safemode on Friday and took off a Trojan, ran AVG after and got zilch.
The extra library went away

It showed up again with a 'friend'(the 2nd library) on Sunday, I ran Spybot again and got NOTHING (not even a cookie), ran AVG and also got NOTHING.

I run Windows 7 Home on a 2 year old Gateway.
I recently installed Open Office from CNet.com

I think I got it off AddictingGames.com Not going there again...

Does anyone know what this virus/trojan is, and how do I get rid of it without paying someone? I'm in University, I really need to be able to use my computer safely.
▼▼ This topic has 11 answers - they are below this advertisement ▼▼
AfterDawn Advertisement
#2
download,update and run superantispyware and delete anything it comes up with.download,update and run malwarebytes and do the same.post logs from both.now download,update and run hijack this.dont fix anything just yet.just do a scan and post a log.
#3
Ok. Im not connecting to the Internet right now (accessing from mobile), but I'll save those to a drive in the morning.

I opened iTunes to get some info out of it, and today the libraries are both gone, the rest of my stuff seems untouched.

I plan on doing it in the morning anyway because safe than sorry, but update anyway.
#4
no problem.
#5


Ran first. Holy hell I didn't know I could possibly have that many cookies. Yes they were all cookies.


Figures. I don't use Malware Bytes usually because it tends to miss things in my experience.


(I hope you can read that one it was a really long log, but I can easily tell some of these are system files from the computer.)

As another update, my library has gone from having both Nicholas' and Gigi's to just Nicholas'

My Windows Updates published two firewall related things yesterday, I'm going to install those now...
#6
dont know how you posted that log but i cant highlight anything on it.dont count malwarebytes out,if its a problem it will pick it up.not sure how to advise you on how to post this log so it can be dealt with.maybe someone else can chime in here.in the mean time i would download update and run ccleaner.do the disk clean and get rid of everything it comes up with.then do a registry clean.it will ask you if you want to back up changes to the registry.do so.then check fix all problems.the reason i mention this is because of the superantispyware results.not trying to offend but it doesnt appear you do a lot of maintenance on your computer.while this is not likely to fix the problem you are now experiencing it wont hurt.see if you can post that hijack this log and we will deal with it.i believe you first have to save the logfile.Al.
This message has been edited since its posting. Latest edit was made on 13 Sep 2012 @ 1:26
#7
How I posted it, I uploaded the image to tumblr(yes, tumblr. private post) and posted the link that way, rather than uploading it... you wanted the text didn't you?
sorry.
I'll run it again tonight and try to post the text somehow.

In the meantime after running CCleaner for both sets of scans, i removed a lot of cookies (Why does my IE have cookies? I run Google Chrome primarily and Firefox for school) and other broken/temporary files, including ones for programs I uninstalled with revo

But doing that appears to have removed it again, maybe it was masquerading as a registry file? Still plan on re-running HijackThis.
#8
by all means,im still here.cookies are for the most part harmless so i wouldnt worry too much about them.its just when you have a butload of them they can slow things down.i did see some things in the hjt scan that i would remove.while you are at it download and run tdskiller.i will wait for your hjt log.
#9
Quote:
I got this in my iTunes.
Neither of these are mine.
I know no one by either of these names.
My iTunes does not have any kind of sharing enabled.
This is irrelevant, if you are on a public network

Quote:
I'm in University
and they have opted to share their Libraries then you will see them listed under Shared. Yours will not be accessible on said network if sharing yours is disabled.

Your scans show up what are called 'tracking cookies' - as aldan said, they're harmless but you can clean them out easily.

Running a bog standard firewall will be ample protection, paired with your University's network security.

Edit:

A few noteable programs you should remove regardless because they are junk:

Yahoo toolbar
AVG toolbar
Bing Bar

and their related updaters etc
This message has been edited since its posting. Latest edit was made on 14 Sep 2012 @ 7:57


#10
Originally posted by aldan:
by all means,im still here.cookies are for the most part harmless so i wouldnt worry too much about them.its just when you have a butload of them they can slow things down.i did see some things in the hjt scan that i would remove.while you are at it download and run tdskiller.i will wait for your hjt log.

..how do I get it? my thing is saying that it's prevented from getting into a Host file(??), then when it finishes opens up an EMPTY notepad file with no way to copy/paste.

Originally posted by Ripper:
Quote:
I got this in my iTunes.
Neither of these are mine.
I know no one by either of these names.
My iTunes does not have any kind of sharing enabled.
This is irrelevant, if you are on a public network

Quote:
I'm in University
and they have opted to share their Libraries then you will see them listed under Shared. Yours will not be accessible on said network if sharing yours is disabled.

Except i've been here a few weeks and it only came up after picking up a trojan that got removed. If it was what you're suggesting it should've shown up the same day I connected my laptop to their wifi.
Also I've asked around, no one else has these libraries.
It is NOT the public network.
(which isn't really public, I have to log in with my ID. Public networks is like the one at Barnes&Noble or Starbucks)

Originally posted by Ripper:
A few noteable programs you should remove regardless because they are junk:

Yahoo toolbar
AVG toolbar
Bing Bar

and their related updaters etc

Yahoo toolbar is gone.
AVG toolbar can't be removed, it's a part of a virus protection rather than a separate add-on and i believe is actually the AVG Do Not Track.
Bing Bar was only attached to IE by default (I did NOT put it there, no one uses IE) but it's gone.


Now. Seriously.
Can a removed trojan still leave issues on a computer by leaving registry key files after it's deletion?
I had one. It made that change to my iTunes that were only visible when connected to the internet.
I removed it with SpyBot S&D.
The changes still stayed there after running several other programs, finding nothing except cookies.
I run CCleaner on registry.
It goes away and so far stays away.
Was it hiding in the registry junk files?
#11
Was it hiding in the registry junk files?

possible i guess.when hjt informs you it cant access host files just continue with the scan.dont worry about them at present.as ripper said,getting rid of those toolbars is a good idea.how did it go with tdskiller?
#12
Quote:
Except i've been here a few weeks and it only came up after picking up a trojan that got removed.
Yep, fair enough - I only skimmed the thread, didn't notice that you'd been infected previously.

Quote:
(which isn't really public, I have to log in with my ID. Public networks is like the one at Barnes&Noble or Starbucks)
I'm aware of what a public network is but some universities provide both public and secured-access networks (e.g. mine).

RE it being hidden in the registry, it's possible but depending on how persistent it is/what it is, it may not be entirely gone. So run tdsskiller like aldan suggested and see how you get on.


This discussion thread has been automatically closed, as it hasn't received any new posts during the last 180 days. This means that you can't post replies or new questions to this discussion thread.

If you have something to add to this topic, use this page to post your question or comments to a new discussion thread.