Advertisement

03.11.2008 at 05:18AM PDT, ID: 23231416
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.4

Getting Rid of Trojans/Spyware from my PC

Zone: Spyware / Ad Blockers
Tags: Windows Security Alert.  Windows has detected an Internet attack attempt...
My computer has been infected with a Trojan that i can not remove.  It causes fake pop-ups that say "Windows Securiy Alert - Windows has detected an Internet attack attempt..." and "Spyware Alert - Worm.Win32.Netsky detected on your machine...".  It also installs Programs on my desktop "Error Cleaner", "Privacy Protector" & "Spyware and Malware Protection".  It also runs bogus processes that i can see in the Task Manager like "iexplore.exe".

I have read similar topics on expert exchange and have tried programs like SmitfraudFix in Safe Mode to remove the Trojan, however it always eventually comes back.

So, any ideas before i re-format my harddrive?

Start your free trial to view this solution
Question Stats
Zone: Software
Question Asked By: michaelridley
Solution Provided By: IndiGenus
Participating Experts: 4
Solution Grade: A
Views: 43
Translate:
Loading Advertisement...
03.11.2008 at 07:09AM PDT, ID: 21095827
tplaya07:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.11.2008 at 07:26AM PDT, ID: 21095990

Rank: Master

IndiGenus:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.11.2008 at 01:20PM PDT, ID: 21099775
clearacid:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.13.2008 at 02:56AM PDT, ID: 21114527
michaelridley:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.13.2008 at 06:21AM PDT, ID: 21115871

Rank: Master

rpggamergirl:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
Microsoft
  • Internet Protocols
  • Applications
  • Development
  • OS
  • Hardware
  • Windows Security
Apple
  • Operating Systems
  • Hardware
  • Programming
  • Networking
  • Software
Internet
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Spy / Ad Blockers
  • Web Browsers
  • New Net Users
  • Web Development
  • Chat / IM
  • Anti Spam
  • Web Servers
  • Anti-Virus
  • Email Clients
Gamers
  • Tips
  • Online / MMORPG
  • Puzzle
  • Emulators
  • Action / Adventure
  • Role Playing
  • Consoles
  • Game Programming
  • Strategy
  • Sports
  • Misc
  • Computer Games
Digital Living
  • Hardware
  • Automotive
  • New Net Users
  • New Users
  • Software
  • Digital Music
  • Gaming World
  • Home Security
  • Apple
  • Networking Hardware
Virus & Spyware
  • Vulnerabilities
  • IDS
  • Encryption
  • Anti-Virus
  • Operating Systems Security
  • Software Firewalls
  • WebApplications
  • Cell Phones
  • Operating Systems
  • Internet
  • Hardware Firewalls
Hardware
  • Displays / Monitors
  • Handhelds / PDAs
  • Components
  • Peripherals
  • Laptops/Notebooks
  • Servers
  • Misc
  • Apple
  • Embedded Hardware
  • Networking Hardware
  • Storage
  • Desktops
  • New Users
Software
  • System Utilities
  • Industry Specific
  • Network Management
  • Photos / Graphics
  • Page Layout
  • VMware
  • Misc
  • Web Development
  • OS
  • CYGWIN
  • Voice Recognition
  • Virtualization
  • Message Queue
  • Quality Assurance
  • Security
  • Firewalls
  • MultiMedia Applications
  • Development
  • Database
  • Office / Productivity
  • Business Management
  • OS/2 Apps
  • Server Software
  • Internet / Email
ITPro
  • OS
  • Storage
  • Encryption
  • Operating Systems Security
  • Apple Hardware
  • Laptops & Notebooks
  • Servers
  • Networking Hardware
  • Peripherals
  • Devices
  • Displays / Monitors
  • WebTrends / Stats
  • Search Engines
  • Firewalls
  • Web Computing
  • WebApplications
  • IDS
  • Vulnerabilities
  • Email Clients
  • File Sharing
  • Spy / Ad Blockers
  • Web Browsers
  • Web Servers
  • Networking
  • Anti-Virus
  • Consulting
  • Chat / IM
  • Anti Spam
Developer
  • Web Servers
  • Web Browsers
  • Game Programming
  • Dev Tools
  • Industry Specific
  • Office / Productivity
  • Database
  • CYGWIN
  • Web Development
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Programming
  • Content Management
  • Application Servers
  • Protocols
Storage
  • Removable Backup Media
  • Storage Technology
  • Servers
  • Grid
  • Remote Access
  • Backup / Restore
  • Misc
  • Hard Drives
OS
  • Miscellaneous
  • Security
  • Development
  • Linux
  • VMware
  • MainFrame OS
  • Unix
  • Apple
  • OS / 2
  • AS / 400
  • BeOS
  • Microsoft
  • VMS / OpenVMS
Database
  • Oracle
  • Miscellaneous
  • MySQL
  • Software
  • Sybase
  • Contact Management
  • PostgreSQL
  • Data Manipulation
  • Clarion
  • InterSystems Cache
  • Siebel
  • MUMPS
  • OLAP
  • SQLBase
  • SAS
  • GIS & GPS
  • 4GL
  • Berkeley DB
  • DB2
  • Informix
  • Interbase / Firebird
  • FoxPro
  • Reporting
  • LDAP
  • Filemaker Pro
  • MS SQL Server
  • dBase
  • MS Access
Security
  • Misc
  • Web Browsers
  • Software Firewalls
  • Operating Systems Security
  • File Sharing
  • Spy / Ad Blockers
  • Vulnerabilities
  • WebApplications
  • IDS
  • Anti-Virus
  • Encryption
  • Anti Spam
  • Email Clients
  • VPN
  • Chat / IM
Programming
  • Editors IDEs
  • Installation
  • Handhelds / PDAs
  • Multimedia Programming
  • System / Kernel
  • Automation
  • Algorithms
  • Game
  • Signal Processing
  • Project Management
  • Open Source
  • Database
  • Misc
  • Languages
  • Processor Platforms
  • Theory
Web Development
  • Scripting
  • Blogs
  • Web Servers
  • Software
  • Search Engines
  • Web Graphics
  • Web Services
  • Images
  • Internet Marketing
  • Images and Photos
  • Components
  • Document Imaging
  • Web Languages/Standards
  • Illustration
  • WebApplications
  • Fonts
  • WebTrends / Stats
  • Authoring
  • Digital Camera Software
  • Miscellaneous
Networking
  • Protocols
  • Apple Networking
  • Network Management
  • Message Queue
  • Application Servers
  • Content Management
  • File Servers
  • Email Servers
  • Misc
  • Java Editors & IDEs
  • Wireless
  • Networking Hardware
  • Backup / Restore
  • System Utilities
  • ISPs & Hosting
  • Web Servers
  • Storage Technology
  • Removable Backup Media
  • Servers
  • Web Computing
  • Broadband
  • Grid
  • OS / 2
  • Novell Netware
  • Unix Networking
  • Windows Networking
  • Security
  • Telecommunications
  • Operating Systems
  • Linux Networking
Other
  • Lounge
  • Business Travel
  • Community Support
  • New Net Users
  • Philosophy / Religion
  • Math / Science
  • Miscellaneous
  • URLs
  • Expert Lounge
  • Politics
  • Puzzles / Riddles
  • Automotive
Community Support
  • Suggestions
  • New to EE
  • New Topics
  • CleanUp
  • Announcements
  • General
  • Feedback
  • Input
  • EE Bugs
 
03.11.2008 at 07:09AM PDT, ID: 21095827
tplaya07:
You should not need to reformat. First, turn off System Restore.

Then, lets start with these... Download, install and run the following (they are all free):

AVG Antivirus (disable any other AV first)
http://free.grisoft.com/doc/5390/us/frt/0

AdAware 2007 (install can be tricky, as it makes it seem like it's a trial version or something)
http://www.lavasoftusa.com/products/ad_aware_free.php

Spybot S&D
http://www.safer-networking.org/en/mirrors/index.html
 
03.11.2008 at 07:26AM PDT, ID: 21095990

Rank: Master

IndiGenus:
If Smitfraudfix didn't get it combofix will probably take care of it.

Download and Run ComboFix (by sUBs) You must run it directly from your Desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disable your Anti-virus and any real-time Anti-spyware monitors that are running.
Then double click Combofix.exe & follow the prompts.
When finished, it will produce a log for you. Upload that log in your next reply.

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note 2: Remember to re-enable your Anti-virus and Anti-spyware.

NOTE: If you have issues connecting to your network or internet after running combofix you can either simply reboot, or do the following:
* Going to Control Panel > Network Connections.
* Right click on their Network icons & select "Repair"
or
Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.

PLEASE ALSO NOTE: Combofix will typically fix most and sometimes all Malware entries but many times a script is also needed to finish cleaning up. So please keep CF until advised whether you need the script or not.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Please also post a HijackThis log so we can see if there is anything else going on.

http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Click on "Do a system scan and save a log file" button. Upload the text from the log.
Accepted Solution
 
03.11.2008 at 01:20PM PDT, ID: 21099775
clearacid:
After you take all the reactive steps that the fellow experts has suggested - if you are still concerned with trojans on your PC even after you removed a lot of them using these software run rootkit revealer and manually remove them from registry keys and folders.

http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
 
03.13.2008 at 02:56AM PDT, ID: 21114527
michaelridley:
I downloaded ComboFix and gave it a run.  My ComboFix and HijackThis logfiles are attached.  Do i need to use a script for cleanup?

Since i have rebooted, i have had not seen any signs of it back, however i will leave it running overnight and see how it is tomorrow morning.
 
combofixlog.txt (10 KB) (File Type Details) 
ComboFix Log
 
 
hijackthislog.txt (12 KB) (File Type Details) 
HijackThis Log
 
 
03.13.2008 at 06:21AM PDT, ID: 21115871

Rank: Master

rpggamergirl:
You can also run CFScript to clean up some of the bad registry leftovers.

The CF log reg entry is showing SpywareStop which is not a recommended program, I would suggest uninstalling it IF it's still present.


Open notepad and copy/paste the text inside the lines below into it.
--------------------------------------------------------------
File::
C:\winstall.exe
C:\WINDOWS\Installer\{4c6511a9-0210-4b9f-aed1-ad6719aed4b8}\WinRunOnce.dll
C:\WINDOWS\Tasks\SpywareStop Scheduled Scan.job

Folder::
C:\Program Files\SpywareStop

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QABclyU"=-
"NI.UWFX5_0001_N57M2112"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c6511a9-0210-4b9f-aed1-ad6719aed4b8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WinRunOnce"=-

--------------------------------------------------------------
Save this as CFScript in the same location as ComboFix.exe
and then drag CFScript.txt into ComboFix.exe

This will start ComboFix again. Follow the prompts, attach the contents of Combofix.txt in your next reply.


I see, your version of java is very vulnerable to vundo infections, I suggest updating to a later or the latest version.
Updating Java:
Go to Start > Control Panel > Add/Remove programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
Select and click Remove.

Then Download and install the newest version from here:
http://www.java.com/en/download/manual.jsp
Assisted Solution
 
 
michaelridley
03.19.2008 at 01:19AM PDT, ID: 21159319
Thank you all for your comments.  The problems i was having are gone and my computer is back to normal.  I have accepted a solution offered.

Regards,
Michael
 
 
 
20080716-EE-VQP-33 / EE_QW_2_20070628