AxesWannabee
asked on
Trojan Detection on Any Explorer folder or program - HELP!!
I have been dealing with this issue for the last 2 months....
I found that while online, I continuously began receiving a McAfee warning that a trojan has been detected and removed. I would choose to continue what I was doing. I then would run a virus scan and it found Backdoor-BDD on my computer. The problem began to occur like every 10 seconds.
I then installed the necessary windows updates, as well as office updates and the GDI tool...I ran another virus scan and this time it had found over 200 instances of the trojan and when I tried to delete them about 25 of them were no longer found. I have and have run Spybot Search and Destroy, Stinger (latest update two weeks ago), and my McAfee virus scan and each time I delete the files. This seemed to fix the problem - for about a couple of days and then I started thinking - it was in Windows - so I turned off System Restore. That worked for like a month....but I've still noticed only sporadic occurances of the trojan found and removed....but then I started thinking again... I noticed that I only get the messages when I open any Explorer folder or file - such as in My Computer, any navigational folders, any of my Office programs and while in Internet Explorer. Which lately I haven't used - hence the thought that it was fixed. I need help in trying to remove the script or startup command that's running on open of Explorer items. Doe anyone have any suggestions???
I found that while online, I continuously began receiving a McAfee warning that a trojan has been detected and removed. I would choose to continue what I was doing. I then would run a virus scan and it found Backdoor-BDD on my computer. The problem began to occur like every 10 seconds.
I then installed the necessary windows updates, as well as office updates and the GDI tool...I ran another virus scan and this time it had found over 200 instances of the trojan and when I tried to delete them about 25 of them were no longer found. I have and have run Spybot Search and Destroy, Stinger (latest update two weeks ago), and my McAfee virus scan and each time I delete the files. This seemed to fix the problem - for about a couple of days and then I started thinking - it was in Windows - so I turned off System Restore. That worked for like a month....but I've still noticed only sporadic occurances of the trojan found and removed....but then I started thinking again... I noticed that I only get the messages when I open any Explorer folder or file - such as in My Computer, any navigational folders, any of my Office programs and while in Internet Explorer. Which lately I haven't used - hence the thought that it was fixed. I need help in trying to remove the script or startup command that's running on open of Explorer items. Doe anyone have any suggestions???
Clear Browser's cache (temp internet files and offline content as well as history) ..... Clear Autocomplete items and ALL cookies you are sure you don't trust/need.
Try AdAware, most current update and configure it to do deep scanning and include the HOSTS file.
For Spybot S&D, most current version, be sure to include the Immunize function (last look blocks 2,344 or so malware/spyware/malicious BHO intrusions).
Get updated HijackThis and scan your system.... then post results to the free analyzer, here:
http://www.hijackthis.de/index.php?langselect=english
https://www.experts-exchange.com/questions/21149514/Instructions-regarding-the-handling-of-HIJACK-THIS-logs.html
Logged in as Admin? Tried Safe Mode?
Other possibilities, but feedback for this will help. There are many variants; so the problem is significant.
Try AdAware, most current update and configure it to do deep scanning and include the HOSTS file.
For Spybot S&D, most current version, be sure to include the Immunize function (last look blocks 2,344 or so malware/spyware/malicious BHO intrusions).
Get updated HijackThis and scan your system.... then post results to the free analyzer, here:
http://www.hijackthis.de/index.php?langselect=english
https://www.experts-exchange.com/questions/21149514/Instructions-regarding-the-handling-of-HIJACK-THIS-logs.html
Logged in as Admin? Tried Safe Mode?
Other possibilities, but feedback for this will help. There are many variants; so the problem is significant.
Also, please see this for many of the variants....
http://hq.mcafeeasap.com/dispTrojan.asp?virus_k=126448
http://hq.mcafeeasap.com/dispTrojan.asp?virus_k=126448
ASKER
Okay, let's see if I can answer all questions:
My McAfee is virus scan online and it installs all updates as soon as I turn on the computer. I have installed all windows updates and office updates. The only program I haven't run is Adaware, which we use at work - I'm in I.T. So I can try that to include deep scanning and the HOSTS file.
That was an excellent idea for clearing Internet cache, etc...but here's the deal I am using MSN's browser, not IE. I am fine in the MSN browser - no trojan's detected, etc...it's when I accidently use IE (this is what we use at work) that I get the trojan detection popups. McAfee's doing it's job, it's just embedded somewhere in my system and I can't find it. I normally run virus scans and spyware scans once each week. This week's scan came up completely clean. I did not run any of the programs in safe mode though...could do that. I am logged in as Admin - and oh, I forgot I found a few weeks ago when I was trying to download windows update I would get an access is denied....I found that my Admin rights had been altered and I ran subinacl and that fixed that problem (just offering more information to assist in a solution). I have the Immunize set already on SS&D. I'm running out of money here....does this Hijack this cost anything? Hope I didn't leave anything out.
My McAfee is virus scan online and it installs all updates as soon as I turn on the computer. I have installed all windows updates and office updates. The only program I haven't run is Adaware, which we use at work - I'm in I.T. So I can try that to include deep scanning and the HOSTS file.
That was an excellent idea for clearing Internet cache, etc...but here's the deal I am using MSN's browser, not IE. I am fine in the MSN browser - no trojan's detected, etc...it's when I accidently use IE (this is what we use at work) that I get the trojan detection popups. McAfee's doing it's job, it's just embedded somewhere in my system and I can't find it. I normally run virus scans and spyware scans once each week. This week's scan came up completely clean. I did not run any of the programs in safe mode though...could do that. I am logged in as Admin - and oh, I forgot I found a few weeks ago when I was trying to download windows update I would get an access is denied....I found that my Admin rights had been altered and I ran subinacl and that fixed that problem (just offering more information to assist in a solution). I have the Immunize set already on SS&D. I'm running out of money here....does this Hijack this cost anything? Hope I didn't leave anything out.
No, it's free (donations if you wish)...
Did you check the link above and the potential registry keys on variants?
Did you check the link above and the potential registry keys on variants?
http://www.majorgeeks.com/download3155.html HijackThis download, then past log results in the above free analyzer
If you're running XP SP2.... many added protections... This is a video well worth seeing. Also free.
***** This is an excellent link, very informative, and thanks to
Fatal_Exception for showing me this! It includes a step-by-step video about XP SP2 and the new features and configuration option overview. Top Notch!
http://65.24.134.81/KipSolutions/SP2/SP2Overview.htm *****
Free XP SP2 Help and Support
http://support.microsoft.com/oas/default.aspx?gprid=6794
***** This is an excellent link, very informative, and thanks to
Fatal_Exception for showing me this! It includes a step-by-step video about XP SP2 and the new features and configuration option overview. Top Notch!
http://65.24.134.81/KipSolutions/SP2/SP2Overview.htm *****
Free XP SP2 Help and Support
http://support.microsoft.com/oas/default.aspx?gprid=6794
Re. Spybot S&D --- be sure it's fully updated and get all definition files (updated often) and re-immunize. For AdAware SE Pro (my choice); also am sure that it's updated and not only do deep scanning and include the HOSTS file, but being overly cautious also look at the 'negligible' items and clean them.
ASKER
Okay, I'm going to try to install the Hijack this and attach the log file. I do have XP SP2 and man, that was an issue in itself...but I finally got it installed. The SS&D is updated, but I haven't re-immunized. I'll try that too. Let's see how it goes....I'll let you know when all is run.
Please post the log results in the FREE Analyzer service first, and only post here the items that elude you. They can be HUGE.
Take the time, when you can, to see the Video I noted above about XP SP2... it is time well spent. XP SP2 can be a bear to install and understand; but the video gives you great understanding, in my humble opinion. This can help you avoid many problems down the road.
Back to work; will return when time permits.
Asta
Back to work; will return when time permits.
Asta
ASKER
Okay, I have put the Hijack This log here:
http://www.majorgeeks.com/downloadget.php?id=3155&file=10&evp=3304750663b552982a8baee6434cfc13
Thank you for the help, I'm on to the Adaware and clearing temp files.
http://www.majorgeeks.com/downloadget.php?id=3155&file=10&evp=3304750663b552982a8baee6434cfc13
Thank you for the help, I'm on to the Adaware and clearing temp files.
Instead, paste your log in the link below for immediate results.... choose your language, this is English by default.
http://www.hijackthis.de/index.php?langselect=english
http://www.hijackthis.de/index.php?langselect=english
ASKER
Okay, done...sorry....I was a little confused...
ASKER
Okay, here's the right link...I think...
http://www.hijackthis.de/logfiles/814a7fe590b233ea0777f715421ada48.html
http://www.hijackthis.de/logfiles/814a7fe590b233ea0777f715421ada48.html
Join the club, LOL. Confused is where I remain when I've been "INVADED" with all the awful intrusions out there. Please do cut/paste any line items that aren't clear. Will return when I can. At work, but will check when time permits.
After pasting it there, click Analyze and post any items you're not sure about here.
Tried to view it;;;; not an MSN interface here so a bit confusing to view.
BUT... HijackThis did point to this item
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
Something you want and need?
BUT... HijackThis did point to this item
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
Something you want and need?
ASKER
I have Verizon DSL...which the MSN browser comes with....
I need it if it is a part of the DSL, however, I don't care to have it if it is for tracking me or for demographics info, etc.
Would you like me to send the logfile (notepad) I have if it's easier to view?
I need it if it is a part of the DSL, however, I don't care to have it if it is for tracking me or for demographics info, etc.
Would you like me to send the logfile (notepad) I have if it's easier to view?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
By the way, on the side of caution; I do not install FREEWARE, or 3rd party software and players of tools... again from past experience and try to work with what is delivered in my OS and interfaces and keep the updated with patches and fixes as a matter of course. I've found that many "freeware" and alternate players out there cause me more grief than benefit, so something else to consider.
Thanks, about to go to a meeting, saw this response. If more is needed in this regard, comment and I'll return tomorrow or when time permits. If I were a Verizon user and had problems and paying for a service, I'd sure go to them to "SAY FIX or ADVISE".
":0) Asta
":0) Asta
ASKER
Thank you so much astaec...you've fixed a two month problem in a few minutes!!!
YAY YAY YAY! I am so pleased, AxesWannabee! ":0) Thank you for the good news.
Best wishes to you. Don't know if you are aware of the new Feedback option next to Expert comments, but they let us know how you feel outside of the question thread if we do "well" or "not".
":0) Asta
Best wishes to you. Don't know if you are aware of the new Feedback option next to Expert comments, but they let us know how you feel outside of the question thread if we do "well" or "not".
":0) Asta
ASKER
No...I didn't know that....I'll look for that....
More shortly.