1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iTunes trojan or virus

Discussion in 'Windows - Virus and spyware problems' started by HelpWithiTunes, Sep 10, 2012.

  1. HelpWithiTunes

    HelpWithiTunes Member

    Joined:
    Sep 10, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    [​IMG]

    I got this in my iTunes.
    Neither of these are mine.
    I know no one by either of these names.
    My iTunes does not have any kind of sharing enabled.

    I ran Spybot S&D in safemode on Friday and took off a Trojan, ran AVG after and got zilch.
    The extra library went away

    It showed up again with a 'friend'(the 2nd library) on Sunday, I ran Spybot again and got NOTHING (not even a cookie), ran AVG and also got NOTHING.

    I run Windows 7 Home on a 2 year old Gateway.
    I recently installed Open Office from CNet.com

    I think I got it off AddictingGames.com Not going there again...

    Does anyone know what this virus/trojan is, and how do I get rid of it without paying someone? I'm in University, I really need to be able to use my computer safely.
     
  2. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,724
    Likes Received:
    42
    Trophy Points:
    78
    download,update and run superantispyware and delete anything it comes up with.download,update and run malwarebytes and do the same.post logs from both.now download,update and run hijack this.dont fix anything just yet.just do a scan and post a log.
     
  3. HelpWithiTunes

    HelpWithiTunes Member

    Joined:
    Sep 10, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    Ok. Im not connecting to the Internet right now (accessing from mobile), but I'll save those to a drive in the morning.

    I opened iTunes to get some info out of it, and today the libraries are both gone, the rest of my stuff seems untouched.

    I plan on doing it in the morning anyway because safe than sorry, but update anyway.
     
  4. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,724
    Likes Received:
    42
    Trophy Points:
    78
    no problem.
     
  5. HelpWithiTunes

    HelpWithiTunes Member

    Joined:
    Sep 10, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    [​IMG]
    Ran first. Holy hell I didn't know I could possibly have that many cookies. Yes they were all cookies.
    [​IMG]
    Figures. I don't use Malware Bytes usually because it tends to miss things in my experience.
    [​IMG]
    (I hope you can read that one it was a really long log, but I can easily tell some of these are system files from the computer.)

    As another update, my library has gone from having both Nicholas' and Gigi's to just Nicholas'

    My Windows Updates published two firewall related things yesterday, I'm going to install those now...
     
  6. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,724
    Likes Received:
    42
    Trophy Points:
    78
    dont know how you posted that log but i cant highlight anything on it.dont count malwarebytes out,if its a problem it will pick it up.not sure how to advise you on how to post this log so it can be dealt with.maybe someone else can chime in here.in the mean time i would download update and run ccleaner.do the disk clean and get rid of everything it comes up with.then do a registry clean.it will ask you if you want to back up changes to the registry.do so.then check fix all problems.the reason i mention this is because of the superantispyware results.not trying to offend but it doesnt appear you do a lot of maintenance on your computer.while this is not likely to fix the problem you are now experiencing it wont hurt.see if you can post that hijack this log and we will deal with it.i believe you first have to save the logfile.Al.
     
    Last edited: Sep 13, 2012
  7. HelpWithiTunes

    HelpWithiTunes Member

    Joined:
    Sep 10, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    How I posted it, I uploaded the image to tumblr(yes, tumblr. private post) and posted the link that way, rather than uploading it... you wanted the text didn't you?
    sorry.
    I'll run it again tonight and try to post the text somehow.

    In the meantime after running CCleaner for both sets of scans, i removed a lot of cookies (Why does my IE have cookies? I run Google Chrome primarily and Firefox for school) and other broken/temporary files, including ones for programs I uninstalled with revo

    But doing that appears to have removed it again, maybe it was masquerading as a registry file? Still plan on re-running HijackThis.
     
  8. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,724
    Likes Received:
    42
    Trophy Points:
    78
    by all means,im still here.cookies are for the most part harmless so i wouldnt worry too much about them.its just when you have a butload of them they can slow things down.i did see some things in the hjt scan that i would remove.while you are at it download and run tdskiller.i will wait for your hjt log.
     
  9. Ripper

    Ripper Active member

    Joined:
    Feb 20, 2006
    Messages:
    4,697
    Likes Received:
    13
    Trophy Points:
    68
    This is irrelevant, if you are on a public network

    and they have opted to share their Libraries then you will see them listed under Shared. Yours will not be accessible on said network if sharing yours is disabled.

    Your scans show up what are called 'tracking cookies' - as aldan said, they're harmless but you can clean them out easily.

    Running a bog standard firewall will be ample protection, paired with your University's network security.

    Edit:

    A few noteable programs you should remove regardless because they are junk:

    Yahoo toolbar
    AVG toolbar
    Bing Bar

    and their related updaters etc
     
    Last edited: Sep 14, 2012
  10. HelpWithiTunes

    HelpWithiTunes Member

    Joined:
    Sep 10, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    ..how do I get it? my thing is saying that it's prevented from getting into a Host file(??), then when it finishes opens up an EMPTY notepad file with no way to copy/paste.

    Except i've been here a few weeks and it only came up after picking up a trojan that got removed. If it was what you're suggesting it should've shown up the same day I connected my laptop to their wifi.
    Also I've asked around, no one else has these libraries.
    It is NOT the public network.
    (which isn't really public, I have to log in with my ID. Public networks is like the one at Barnes&Noble or Starbucks)

    Yahoo toolbar is gone.
    AVG toolbar can't be removed, it's a part of a virus protection rather than a separate add-on and i believe is actually the AVG Do Not Track.
    Bing Bar was only attached to IE by default (I did NOT put it there, no one uses IE) but it's gone.


    Now. Seriously.
    Can a removed trojan still leave issues on a computer by leaving registry key files after it's deletion?
    I had one. It made that change to my iTunes that were only visible when connected to the internet.
    I removed it with SpyBot S&D.
    The changes still stayed there after running several other programs, finding nothing except cookies.
    I run CCleaner on registry.
    It goes away and so far stays away.
    Was it hiding in the registry junk files?
     
  11. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,724
    Likes Received:
    42
    Trophy Points:
    78
    Was it hiding in the registry junk files?

    possible i guess.when hjt informs you it cant access host files just continue with the scan.dont worry about them at present.as ripper said,getting rid of those toolbars is a good idea.how did it go with tdskiller?
     
  12. Ripper

    Ripper Active member

    Joined:
    Feb 20, 2006
    Messages:
    4,697
    Likes Received:
    13
    Trophy Points:
    68
    Yep, fair enough - I only skimmed the thread, didn't notice that you'd been infected previously.

    I'm aware of what a public network is but some universities provide both public and secured-access networks (e.g. mine).

    RE it being hidden in the registry, it's possible but depending on how persistent it is/what it is, it may not be entirely gone. So run tdsskiller like aldan suggested and see how you get on.
     

Share This Page