Virus Protection - Trojan
Closed
Phe
-
Mar 8, 2010 at 03:58 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Apr 13, 2010 at 04:50 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Apr 13, 2010 at 04:50 AM
Related:
- Virus Protection - Trojan
- Goose virus - Download - Other
- Ntuser.dat virus - Guide
- Can jpg have virus - Guide
- K9 web protection - Download - Networks
- Trojan remover - Download - Antivirus
5 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 26, 2010 at 04:59 AM
Mar 26, 2010 at 04:59 AM
Hello,
Before we can go any further, a few questions:
1. What is your operating system?
2. You say you can't do anything please explain further
3. Can you boot in safe mode with networking?
4. Do you have access to your task manager?
5. Does your start and run work?
Best regards
Before we can go any further, a few questions:
1. What is your operating system?
2. You say you can't do anything please explain further
3. Can you boot in safe mode with networking?
4. Do you have access to your task manager?
5. Does your start and run work?
Best regards
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 28, 2010 at 12:35 PM
Mar 28, 2010 at 12:35 PM
Hello Ginger,
If only in safe mode, not networking.. you could open the notepad
reboot your computer in the Safe mode with command prompt.
Once Windows loaded, command prompt (black window) opens. Type notepad and press Enter.
A notepad window opens. Type the following text into notepad:
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
AddReg=regsec
[regsec]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
HKLM, Software\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell,0x00000020,"Explorer.exe"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad). Close Notepad.
In the command prompt type Explorer.exe and Press Enter. Windows Explorer opens. Locate the fix.inf, click right button and select Install. Close Windows Explorer.
In the command prompt type shutdown -r and press Enter. Your computer will be rebooted.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to "Update Malwarebytes' Anti-Malware" and Launch "Malwarebytes' Anti-Malware". Then click Finish.
Insure to update Malwarebyte
Please return to me for further instructions.
Good luck
If only in safe mode, not networking.. you could open the notepad
reboot your computer in the Safe mode with command prompt.
Once Windows loaded, command prompt (black window) opens. Type notepad and press Enter.
A notepad window opens. Type the following text into notepad:
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
AddReg=regsec
[regsec]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
HKLM, Software\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell,0x00000020,"Explorer.exe"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad). Close Notepad.
In the command prompt type Explorer.exe and Press Enter. Windows Explorer opens. Locate the fix.inf, click right button and select Install. Close Windows Explorer.
In the command prompt type shutdown -r and press Enter. Your computer will be rebooted.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to "Update Malwarebytes' Anti-Malware" and Launch "Malwarebytes' Anti-Malware". Then click Finish.
Insure to update Malwarebyte
Please return to me for further instructions.
Good luck
I'm having the same problem with vista. All the fixes talk about going into "safe mode" but even in safe mode the new age of antivirus screen pops up. I'm at my wits end here.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Apr 13, 2010 at 04:50 AM
Apr 13, 2010 at 04:50 AM
Hello Ginger
1. Download Combofix to your desktop.
http://www.combofix.org/download.php
2.Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
3. Double click on the ComboFix icon.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
4. Accept the disclaimer and the recovery
5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.
ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.
If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
Do not do anything on the system while the process is running.
Once you are done, paste the log here and report to me on how your system is behaving.
Regards
1. Download Combofix to your desktop.
http://www.combofix.org/download.php
2.Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
3. Double click on the ComboFix icon.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
4. Accept the disclaimer and the recovery
5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.
ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.
If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
Do not do anything on the system while the process is running.
Once you are done, paste the log here and report to me on how your system is behaving.
Regards
Didn't find the answer you are looking for?
Ask a question
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 8, 2010 at 07:35 AM
Mar 8, 2010 at 07:35 AM
Hello,
Idea? Yes of course the idea!
You are the victim of a rogue virus which is self protective, hence we must outwit it otherwise it will prevent any antimalware application from running. You must also stop the Trojan's processes from running. To remove it, please follow the procedure described hereunder:
Download Process Explorer to your desktop
http://live.sysinternals.com/procexp.exe
Please rename it to Explorer.exe
Run the tool and spot any unusual processes especially those that are numeric
Do not reboot your machine as the processes will be reanimated.
Next download Malwarebyte to your desktop:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/es-anti-malware
Rename it Explorer and install it.
Connect your USB keys, external disks, Mp3, Mp4, etc
Launch the application and from the second tab update it. Once the update complete, click on parameters and click stop Internet Explorer during deletion.
Request a FULL system scan
At the end of the scan, show results and check delete selection (bold items)
Once your computer is clean and working normally just to be on the safe side
•Turn off system restore and wait 30 seconds,
•Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Please do let me know how this worked for you, we like to read about happy ending stories and victories over viruses.
Best regards
P.S. You say that the link was given to you by a friend? Hum...
Idea? Yes of course the idea!
You are the victim of a rogue virus which is self protective, hence we must outwit it otherwise it will prevent any antimalware application from running. You must also stop the Trojan's processes from running. To remove it, please follow the procedure described hereunder:
Download Process Explorer to your desktop
http://live.sysinternals.com/procexp.exe
Please rename it to Explorer.exe
Run the tool and spot any unusual processes especially those that are numeric
Do not reboot your machine as the processes will be reanimated.
Next download Malwarebyte to your desktop:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/es-anti-malware
Rename it Explorer and install it.
Connect your USB keys, external disks, Mp3, Mp4, etc
Launch the application and from the second tab update it. Once the update complete, click on parameters and click stop Internet Explorer during deletion.
Request a FULL system scan
At the end of the scan, show results and check delete selection (bold items)
Once your computer is clean and working normally just to be on the safe side
•Turn off system restore and wait 30 seconds,
•Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Please do let me know how this worked for you, we like to read about happy ending stories and victories over viruses.
Best regards
P.S. You say that the link was given to you by a friend? Hum...
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 27, 2010 at 05:06 AM
Mar 27, 2010 at 05:06 AM
It's not the same person, one can the other cannot.
I am having the same problem.
OS - Windows XP Professional
2001 Compaq PC - I know it's old, but still runs great...well used to anyway.
Can't get anywhere or do anything...in ANY mode, always to same outcome.
Yes, have tried every safe mode, with same outcome. After selecting user (and does same thing with each user name), it takes over the screen and runs it's scanning process.
Task Manager isn't accessible.
Tried to restore to a prior safe-running date, but same outcome.
Pressed shift key 5x's as others have stated in other forums and no luck.
Start and Run aren't accessible. - NOTHING is accessible, except this virus program.
I am on my notebook now, and downloaded ComboFix to a CD that I was going to try to run on the infected computer, but it won't let me do anything.
Ambucias, thank you so much for helping all of us and I hope we can get my computer back in working order.
OS - Windows XP Professional
2001 Compaq PC - I know it's old, but still runs great...well used to anyway.
Can't get anywhere or do anything...in ANY mode, always to same outcome.
Yes, have tried every safe mode, with same outcome. After selecting user (and does same thing with each user name), it takes over the screen and runs it's scanning process.
Task Manager isn't accessible.
Tried to restore to a prior safe-running date, but same outcome.
Pressed shift key 5x's as others have stated in other forums and no luck.
Start and Run aren't accessible. - NOTHING is accessible, except this virus program.
I am on my notebook now, and downloaded ComboFix to a CD that I was going to try to run on the infected computer, but it won't let me do anything.
Ambucias, thank you so much for helping all of us and I hope we can get my computer back in working order.