Ask a question Report

How to get rid of trojan virus [Solved/Closed]

ziggy7 120Posts Wednesday February 20, 2008Registration date February 7, 2009 Last seen - Latest answer on May 28, 2010 07:58PM
Hello,
i have a mischievous virus it is trojan n i cant get rid of it can someone tell me step mby step how its done please;-)
Read more 
Answer
+6
moins plus
Hello,

I had this same problem today. My anti-virus software would not work and each attempt to type in a brand of anti-virus or malware software would immediately close the browser. This was true for Firefox, IE and Chrome.

This is a nasty little virus and took me hours to finally undermine. NONE of the anti-spyware software I had could detect it (Super anti-spyware, Spybot etc)

This is what you should try to fix it:

1). Download "Trojan remover" from: http://www.simplysup.com/tremover/download.html . This is a free product (for 30 days) and scans ALL the files loaded at boot time for Adware, Spyware, Remote Access Trojans, Internet Worms and other malware. You should not have a problem downloading this, as the trojan does not appear to pick up the keyword.

2) Run program. The trojan will lock a file in the registry which the software will detect. Remove or disable this file and you are on your way.

3) Once this locked file (or files) are removed then this appears to disable the trojan. From there you can reinstall your anti-virus software (remove the old copy and reinstall a fresh copy) and do a deep system scan.

My scan is still in the process of completing, but I can surf the web and have no further problems with browsers closing or in installing any kind of software. Good luck. Incidentally I do not know how I acquired this virus, but it may have been through P2P.

tushr- Feb 15, 2010 06:30AM
to get rid of it use Avira premium or security suite and get rid of any virus.........................
Answer
+5
moins plus
I am writing to express gratitude for Morphine on this forum for solving my problem. This invasive "virus/malware/painintheass" seems to be diffrent on every machine and it may take several tries to find the solution as I discovered. I also would like to try and figure out where the "bug" came from. I have related below two possible causes. Please others post their stories and let's see if we can come up with the vector.

I acquired this "virus/malware/headache" on 1/27/2009. My last download from Microsoft was a routine updating of Office 2007. I know this because when I tried to use system restore my last save point was the day before I updated Office. I do not believe that Office is the culprit but I would like to know what the last thing others downloaded before they acguired "the bug." A more likely cause would be my habit of occassionally watching videos on Pornhub. This may be TMI, but hey, if we are to figure out where this thing came from I will be the first to admit to frequenting Pornhub as a possibility. If others suspect the same please post your thoughts.

Now about this bug....

This thing is incredible!

It hijacks every browser on your computer- Explorer, Firefox, Chrome and Safari. When you attempt to Update Windows it sends you to a very good "fake Google page." Every click or search in the fake google page seems to add more malware and directs one to porn sites. i.e. Gay Porn (not that there is anything wrong with that) Just happens that I am straight. I also believe that this is the reason it is worse on some machines than others. I recognized the Google page as fake because I use iGoogle as my home page and there was no button for iGoogle. When I attempted to search is when it became very apparent. It sent you straight to the page it wanted to. It seems that the more you use this fake page the worst the infection becomes.

It doesn't stop at hijacking the browser, it also prevents your Antivirus from updating. I had Trend Micro orginally and went out and bought Kaspersky after being told that it was the best by the IT guys at work This thing shut down Kaspersky's like it owned it. (I had a Disk version of Kaspersky manufactured in Oct 2008. I do believe that had I had Kaspersky before and it was updated, instead of Trend Micro, I would have never caught the bug.) I found this forum yesterday morning Googling "virus hijacks browser and disables updates."

As Morphine sugested: I downloaded the free Trojan Remover 6.7.5. (It is free for 1st 30 days) Find it here:

http://www.simplysup.com/tremover/download.html

Then I ran it. It found the offending file and it stated that it needed to be deleted- which I did by clickin OK or something. I thought I had solved the problem and did nothing else other than attempt to update Kaspersky and Windows. Both failed before completing.

Whoever wrote this "bug" is a genuis, and a sadistic bastard! It is like the last boss fight in good Videogame, you can't kill it with just one weapon. It apprently hides in your RAM and attaches itself back into the registry. That is why you have to have SmitFraudFixTool. Find it here:

http://smitfraudfixtool.com/

This program will cost you unfortnately. I already had RegCure but it did not work- its not made to chase bugs. I paid $39.00 for it and can run it on three computers. Anyway, after running the Trojan Remover again and immediately afterwards running SmitFraudFixTool and cleaning out 3156 so called "bad files." I then updated Kaspersky and ran a system scan which finally put the noose on the damn thing for good. This forum was a godsend!

My computer is now running like a dream! Thank you Morphine for the solution. Please others post their battles with this Monster.

linkfutrue 6Posts Sunday March 22, 2009Registration date May 11, 2009 Last seen - May 11, 2009 09:58AM
the most easy way here.
try registr Easy.
this tool help you clean annoying trojan.
http://www.google.com/search?hl=en&newwindow=1&q=make1-pc-faster.com&btnG=Search
nameless- Apr 12, 2010 04:32PM
Thanks man that trojan remover worked a treat!!!!!!!!!!!
Answer
+1
moins plus
HI,

try using malwarebytes

matolis 6Posts Sunday July 19, 2009Registration date February 1, 2010 Last seen - Feb 1, 2010 01:40AM
If are confuse how to remove this trojan virus, why not do a free scan here.
http://social.msdn.microsoft.com/...
Hope it helps.
Gary- Feb 15, 2010 01:39PM
If you suspect you may have Conficker, I would recommend trying a removal tool from the Sophos antivirus page. Definitely worth a look and I can verify that it works perfectly.Thomas
Answer
+0
moins plus
hi ziggy ;-)
have u beeen able to fix ur problem dear?????

Answer
+0
moins plus
This thing is called the "Kido Worm" , "Downadup" and "Conficker." It began in Oct. 2008 but in December it evolved into a Superworm. Its ability to thwart any attempt to delete it and to spread via USB devices is confounding.

There is a lot of info out there if you Google these names. It is an interesting Worm as it seems to disable every defense before the victim can even launch a counter attack. It disables system restore, shuts off Microsoft updates, blocks Antivirus updates, hijacks the browser (Safari, Explorer, Chrome and Firefox) and finally it downloads more malicious software as it goes. It is impossible to give one set of instructions to remove the Virus as it is different on every machine.

The latest variant of the worm now lets it spread via thumb drives. It operates by copying itself in a random folder created inside the Recycler directory, which is used by the Recycle Bin to store deleted files, and creating an autorun.inf file in the root folder. The worm executes automatically if the Autorun feature is enabled.

Certain TCP functions are also patched to block access to security-related Web sites by filtering every address that contains certain strings. This makes it harder to remove because information about it is difficult to gather from an infected computer. Additionally, the sneaky little worm removes all access rights of the user, except execute and directory usage, to protect its file. Microsoft has created a removal tool for this worm, but if you are infected you must find an uninfected computer to download Microsoft's Malicious Software Removal Tool.

See the following link: http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

If you have the Kido/Conficker worm you will no be able to link to the above link.

Microsoft states,
"If your computer is infected with the Conficker worm, you might be unable to download certain security products, such as the Microsoft Malicious Software Removal Tool or to access certain Web sites, such as Microsoft Update. If you can't access those tools, try using the Windows Live OneCare Safety Scanner. If that doesn't work, read the following Microsoft Help and Support articles on an uninfected computer. "

My advise is to get the removal tool on a brand new/clean USB device from another computer and then load it onto your computer. The surprising thing is that this thing started in Oct. and already has infected 12.9 million computers. Microsoft has offered a 250K reward to help catch the culprits that created this worm.

Hope this helps,

Keifer

Hammerfall- Jan 28, 2010 06:18PM
I say, let's get every one of those 12.9 million users together, chip in $10 each, hire someone to track the creator down and put a bullet in his head-enough of there fucks die, then voila!-no more viruses
Answer
+0
moins plus
trojan virus are very dangerous viruses and attacks different files on your computer and they are besically gotten from the internet.
A Trojan horse appears to be nothing more than an interesting computer program or file, The Trojan virus once on your computer, does not reproduce, but instead makes your computer vulnerable to malicious attacks by allowing them to access and read your files. This makes the virus extremely dangerous to your computer. This virus can be minimized when you avoid downloading unnecessary files and software's, and only download software's and files that you are sure of. This virus is an application that is installed in your computer and it adds itself to all user favorite folder and the current user favourite folder. Also it is in you program files.

If you want to remove this virus, you have to be very careful and use your common sense, for you to find it. So you have to try and identify one name that the virus uses, then use that name to get every other name that it may also be using to run.

Open my computer, double click drive C: double click document and settings, double click all users, and open my favourite folder look for the name of the virus. It might be virus scan.com. Select all the files related to virus scan.com and delete them. Do the same for all the user accounts in that computer. Also, look for the virus in your user account application data. Open document and settings and double click on all users , open application data also look for the virus there if you find it delete it and do same for all the other user account

Secondly click start, click run and type Regedit. Registry editor will open. Click the minus button beside my computer to close the tree view such that the registry editor looks like the one below. Click edit menu and click find in the menu. On the find box, type the name of the virus in the search box and press find next. You will see the registry file by the right pane. Make sure that it is the right file else do not delete because if you delete what you are not sure of you may delete an important registry entry that may cause crash of data lose. So make sure the file you are about to delete is name that the virus uses to run.

Make the search again until you have removed all the registry entries related to the virus. Download no adware from http://www.noadware.net and install it. Update the application and Use it to scan your computer, you will see all the viruses, their location, where they are installed on your computer. Because you are using a trial version, you will not be able to remove the viruses. Look at the items, their location, type, danger rate. For all the items that show severe, open the location shown in the location field and delete the files, e.g. C:\Documents and Settings\netways ltd\Application Data\antivirus scan.com. Do so for all other files that are flagged dangerous. Then rescan your computer again with NoAdware you will notice that items that you have remove manually will not be displayed again.

Furthermore click start, control panel double click add and remove program in the control panel. When the add and remove program window opens look for installed application relating to that virus, if you see any one uninstall it.
to read the full details with screen shorts visit http://online-computer-repairs.blogspot.com/2008/12/how-to-remove-desktop-virus.html

Emm- Dec 22, 2009 03:57PM
i tryed what you sed but when i opened my the favorites folder nothing was in it. my computer is having a spaz. my secruity center keeps saying i have a trodgen and a billion other things and every time i d somthing about it it seems to download the virus it sed i already had and then avast ses i have a virus. it is very annoying and i dont know how to fix it. also it keeps putting porn shortcuts on my desktop and this is not kwl coz im a chik.
Sten- Mar 24, 2010 12:31PM
I did, but my favorites folder is empty
sohel- Apr 23, 2010 12:16AM
i don't trust other anti-virush please give a name of the best scener for virush remove.... some anti-virush catch the virush and some time anti-virush can't catch the virush... so please give me a name of best anti-virush scener.............
Answer
+0
moins plus
get a life, sorry get a anti virus software to skan and delete the viruses

carl Johnson- Jul 16, 2009 03:53AM
I think someone really does need to get a life. These questions are asked by people with problems - and answered by people with the answers, so if anyone finds the need to just come here to make pointless remarks - well, what can i say ?? Get a life.

As for me - ive been attacked by the conficker worm, it ruined my PC, iv had to reformat. (it came through the up-2-date-antivirus too, so I for one, am really gratefull for theses answers.

Cheers guys.

Master...get a life.

(what is master short for i wonder)
Answer
+0
moins plus
Some viruses are tricky to remove as they will hijack your computer and not allow you to open virus scanners or use web browsing, before you attempt to download a virus scanner or anything do this

1) open task manager (ctrl + alt + del) and kill the .exe process for the virus, so for Antivirus System Pro, kill antivirussystempro.exe

2) go to run and then msconfig and uncheck anything that looks suspicious in the startup

Now you can go about downloading a good virus scanner to remove the virus or use your own virus scanner,

if none of that works, you cant find any .exe process or anything in msconfig then restart your computer in safemode with networking by tapping f8 on the load screen

you can do a free Virus Scan Download and read more removal guides

good luckk :)

Ambucias 21666Posts Monday February 1, 2010Registration date ModeratorStatus July 7, 2015 Last seen - May 8, 2010 04:35PM
Hi Whatevaa,

Trojan Horse are so various, it is very difficult to prescribe the proper medicinal compound without identifying it. I don't even what OS you are using! You are making it very difficult! So lets try this solution.

Boot in safe mode with networking.

Please follow the following procedure carefully and to the letter.

You have a rogue virus Trojan Horse which is self protective, thus it will prevent any antivirus from fonctionning.

You must kill the processes which the virus is presently running. If you don't it will keep reproducing the files for ever.

To kill the processes:

1. Download to your desktop and run Rogue Kill:

http://download.bleepingcomputer.com/grinler/rkill.com

2. You should now see a window that shows all of your desktop icons, including the rkill.com program.

3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.

As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))

Please, DO NOT REBOOT your computer or the processes will come back to haunt you!

Download to your desktop Malwarebyte.

http://en.kioskea.net/telecharger/telecharger-105-malwarebytes-anti-malware

Once on your desktop, we must still outwit the virus.

Right click on the MBAM icon and click on rename. Rename it kioskea.exe.

Install Malwarebyte and launch it. From the second tab, update it.

Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.

Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

(Malwarebyte may reboot your computer, don't be alarmed. Should it happened, relaunch Malwarebyte to complete the FULL scan)

Once all this is completed, I always suggest to delete Malwarebyte as some people have reported that it may interfere with other antivirus applications.

.
Hannah<3- May 16, 2010 01:35AM
Dear Ambucias.
I love you. You saved my computer. You are a wonderful human being.
Thank you. <3
Ambucias 21666Posts Monday February 1, 2010Registration date ModeratorStatus July 7, 2015 Last seen - May 16, 2010 04:17AM
Hello Hannah,
You are totally welcome! For a better world give to the next
Regards
brokenbullet 1Posts Saturday May 22, 2010Registration date May 22, 2010 Last seen - May 22, 2010 07:27AM
will that work if the virus is only opening links to stupid internet pages
Ambucias 21666Posts Monday February 1, 2010Registration date ModeratorStatus July 7, 2015 Last seen - May 22, 2010 07:40AM
Hello Broken Bullet,

It all depends on the type of Trojan Horse you have, there are different medicinal compound for different horses. You may just have a redirecting virus against which Malwarebyte is very effective.
Answer
+0
moins plus
Install windows vista or windows xp again then it will be ok.

Lynn04- Dec 28, 2009 02:04PM
I reloaded windows and it didn't work, what should I do next?
oscareightyone- Apr 21, 2010 03:03PM
You have to format the hard drive. Delete the partion that you installed windows on and then re-create it. Install windows to the new formated partion. THIS WILL DELETE EVERYTHING not just the worm.
Ambucias 21666Posts Monday February 1, 2010Registration date ModeratorStatus July 7, 2015 Last seen - Apr 21, 2010 03:45PM
Hello oscareightyone,

That is a pretty drastic measure you advocate! Do you recommend it for every type of Trojans?
Answer
+0
moins plus
A Trojan Horse Virus is a common yet difficult to remove computer threat. A Trojan Horse Virus is also usually capable of stealing important information from the user's computer.

Trojan horse virus removal functions should be carried out with extreme caution and care. Improper Trojan horse virus removal steps can actually prevent a system from booting up permanently. Many Trojan horse virus removal tools remove registry entries without alerting the users and at times figuring out the registry entry is impossible for a layman. 24/7 Techies are specialists in Virus, Spyware and Adware removal and we guarantee an outstanding experience.

24/7 Techies helps you save time and money by carrying out Trojan horse virus removal functions online. As a Microsoft Gold Partner, our support levels adhere to Microsoftís most stringent standards. Whether itís a Trojan Virus, Spyware, or Adware thatís causing you problems, our specialists will remove it and secure your system quickly.

For more information, Please visit http://www.247techies.com/ for immediate online tech support.

Answer
+0
moins plus
hi i got a virus that opens porn sites, its infected my avg, and almost everything on my laptop, but if i change users on my laptop the problem is gone, the maker of this is brilliant, i need to find the code for the virus, it might help me make another virus that will counter this one i have, and if thats impossible wtf do i do to get it off my laptop!? ps. is i a file virus? check your C drive for a new file you did know u had.

Answer
+0
moins plus
Hi, im new to the forum and im looking for some help on getting rid of what i think is a trojan does anyone have any free downloadable scanning programs or trojans removers which they would recomend as im in need of help :(

Answer
+0
moins plus
Well if u cant get rid of your virus you should just turn ur computer off and start it back in SAFE MODE then go in to ur control pannel make a new account turn computer off start it back up in normal mode dele old account but if u want to keep files it will say (Keep Files) / (Dele Files)
if u want u keep :D then it will have no virus again any questens just ask for more details
Hope this helped
reguards
Rick

jade_10 2Posts Saturday January 2, 2010Registration date January 4, 2010 Last seen - Jan 4, 2010 12:15PM
thanks for the advice il try it thanks im thinking i might just wipe the system because since i posted that ive found out that the pc has got worms virus and trojans and in total theres 26 :( but thanks for the advice il try it and if it doesnt work il just wipe the whole thing
a.j- Feb 15, 2010 10:54PM
If i were to shut my computer down and open in safe mode and then make a new account and then turn it off and delete my old one and keep my files, will the files that i kept be put on my new account? By the way i have got vindows vista home premium, will it still work the exact same way or is there different steps i have to follow?
Thankyou,
bao- Feb 27, 2010 11:01AM
so how exactly do you start your computer in safe mode? my computer is affected by the trojan virus...so essentially, i just create a new account and delete the old account? is it effective is removing the trojan virus from my computer? please answer soon. thanks
Answer
+0
moins plus
hi, i had Trojan virus in my PC . i just downloaded Norton 2009, 2010, and quick heal 2009 anti virus. when i installed each of this product and run scanning in my PC Trojan viruses got removed ....
i hope my this answer can help you in removing Trojan viruses.......

teehee24242- Jan 5, 2010 01:06PM
i always got this nasty freaking trogan.. and i believe it was from pornhub.. i accidentally clicked on one of those side links and then all this started happening
nicknamer- Mar 31, 2010 06:06PM
me too, trojans are really nasty. there like an explosion of little viruses... i remember i got landed with banker viruses, type trakers and 1000nds of spybots, they attached themselves to my hard drive and made an immedietly impossible to access any programs for updates on my comp. so it really depends on what severity of trojan you have. usally you shouldent try and handle it urself because trojans have the ability to disguise themselves as the usuall web pages u use. and what think is fixing it could actually be the portale between the hacker and you. so the best advice i have is either keep your anti virus software updated and read kiefermail at the top of the page for different comp scans all of which i use aswell, and if this does happen unplug ur internet and take it to a pro
Answer
+0
moins plus
The worst thing you can do is turn off and restart your computer. I had this thing twice. I don't know how since I was not at any known bad sites. It may have been misspelling errors and landed at mall sites though. Get rid of it before you restart. Double and triple and quadruple check before your turn it off. After it is restarted, it is pretty much gone. The second time, I had to reinstall XP. However, it would not recognize the disk since the BIOS was changed and I could not change it to read theCD first. I kept getting a blue screen when I pressed enter for saf e mode. I would even download a removal tool beforehand since some sites are disabled when browsing before the restart. This is nasty.

Answer
+0
moins plus
I got the antivirus live invection/trojon is was hell i coule not do anything i think the best way of getting rid of it without the interest as is buggers that up too would be a full system restore, i was lucky as my last restore point was on the 21st, i hope this helps.

Answer
+0
moins plus
(I fixed the DCom rebooter mesage that kept getting my XP to restart.
But IM GETTING That same shiz too its cause of that Porn Hub........
BLUE SCREEN BSOD when trying to goto SAFE MODE on XP..... Fn site cause nasty trojan How do I fix it plees.

Answer
+0
moins plus
I have a REALLY bad virus i am able to use firefox, but not Internet Explorer, everytime i try to download a antivirus software is blocks it, i try to do a system restore and it blocks that too, i have no clue how it got on here, and out of no where internet explorer will pop up with a webpage of porn, and it will not let me get it off, i need HELP PLEASE!!!!!!!!!!!!

eliz- Feb 1, 2010 10:46PM
i am having the same thing except i keep getting an antivirus software alert and then it won't let me do anything. When it am using firefox, internet explorer opens up a page for porn or something else. The antivirus alert says it could be a password-stealing attack, a trojan- dropper or similar
trojan.virus.killer- Feb 3, 2010 08:14PM
hey you can't stop trojan the person who made it was smart,i got the virus by downloading some files on plunder.com and i didn't read the content that it said it had and my malwarebytes kept saying some of my files kept getting deleted and so i went to youtube to search some videos on how to block it and they had some links on the subscription box to stop it with and i tryed to click it,but in stead this screen shows up with a bunch of numbers and crap and the reason why the maker of that virus is smart is because all the anti-virus that there are to stopthe virus was undownloadable closed and i (NOTICED:THAT LATER THE MALWAREBYTES STOPED MESSAGEING ME THAT MY FILES WERE BEING DELTED)(AND A NOTHER THING ALL OF YOUR IMPORTANT INFORMATION ON YOUR COMPUTER WILL TURN IN TO PICTURES I DON'T KNOW HOW BUT I GUSSE THE DID THAT SO YOU COULDN'T GO ON ANY OF YOUR THINGS ON FILES)
so i just hoped the best of it and then all a sudden the trojan.virus stoped so i was lucky and thats how i survived the trojan virus attack. AND THATS MY STORY OF BEING ATTACK BY TROJRN VIRUS AND SERVIVING WITH OUT ANTI-VIRUS PROTECTION.^.:.^
Answer
+0
moins plus
I also use to get these kind of trojan which tries to steal passwords and other things froom your computer.Kaspersky cannot remove it after restarting/updating.

The best way to remove those things is to download/buy and install ADVANCE ANTI MALWARE .Do full scan after this.It will detect all malware and adware and it willl kill everything.

1 2 Next
This document entitled « how to get rid of trojan virus » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.

Not a member yet?

sign-up, it takes less than a minute and it's free!

Members get more answers than anonymous users.

Being a member gives you detailed monitoring of your requests.

Being a member gives you additional options.