[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4201
  • Last Modified:

Trojan NIGHTMARE!

OK It seems like my computer system is being over run by trojans. There is a number of weird things my computer is doing. I guess I must be getting these Trojans cause no matter what I do whenever I enable my firewall I will go back 5 minutes later and it will have disabled itself without me touching a thing.
I have never experienced this problem ever before. I got McAfee and it keeps informing me that i have been infected with different trojans.

File C:\rsss is infected with W32/Pate.b,Reg/Lowerzones,Downloader-QG
File C:\sss is infected with Proxy-Agent.i
( I found the fix for that one on McAfee but I could not download it without freezing )
File C:/Windows\system32\eraseme.76344.exe is infected with W32\Pate.b

I seriously need some help with this one. I need to know why my firewall keeps on disabling by itself and I really need to know how to get rid of these trojans.

thank you so much for your help!
0
nicinsuz
Asked:
nicinsuz
  • 11
  • 8
  • 4
  • +1
1 Solution
 
blue_zeeCommented:

Have you tried an online virus scanner (run at least 2 of them)?

Panda ActiveScan
http://www.pandasoftware.com/activescan 

Bitdefender
http://www.bitdefender.com/scan/Msie/index.php 

McAfee FreeScan
http://us.mcafee.com/root/mfs/default.asp 

Symantec Security Check
http://security.symantec.com/sscv6/ 

Pc-Cillin (Trend Micro Housecall)
http://housecall.antivirus.com/housecall/start_pcc.asp 

PcPitstop
http://pcpitstop.com/antivirus/default.asp 

RAV
http://www.ravantivirus.com/scan/ 

Zee
0
 
blue_zeeCommented:

Have you tried running your Anti Virus in Safe Mode?
0
 
blue_zeeCommented:

Try also A-squared scanner:

http://www.emsisoft.com/en/

30 days trial and also a FREE versions here:

http://www.emsisoft.com/en/software/download/

Zee
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
nicinsuzAuthor Commented:
No I have not tried to run McAfee in safe mode. That's a good idea.
I will do that right now. When I tried running McAfee in normal setup, it kept saying there were components missing but yet it will still tell me that I am getting all these Trojans but will not run virus scan? Strange!
McAfee gave me a fix for the missing components but it didn't take.

Thank you Zee.

Nic
0
 
blue_zeeCommented:

Also worth a try is Stinger a tool that targets specific malware:

http://download.nai.com/products/mcafee-avert/stinger.exe

Just downloand and run.

Currently targets these:

BackDoor-AQJ
BackDoor-ALI
BackDoor-CEB
BackDoor-JZ
Bat/Mumu.worm
Exploit-DcomRpc
Exploit-LSASS
IPCScan
IRC/Flood.ap
IRC/Flood.bi
IRC/Flood.cd
NTServiceLoader
PWS-Narod
PWS-Sincom.dll
W32/Anig.worm
W32/Bagle@MM
W32/Blaster.worm (Lovsan)
W32/Bropia.worm
W32/Bugbear@MM
W32/Deborm.worm.gen
W32/Doomjuice.worm
W32/Dumaru
W32/Elkern.cav
W32/Fizzer.gen@MM
W32/FunLove
W32/Klez
W32/Korgo.worm
W32/Lirva
W32/Lovgate
W32/Mimail
W32/MoFei.worm
W32/Mumu.b.worm
W32/MyDoom
W32/Nachi.worm
W32/Netsky
W32/Nimda
W32/Pate
W32/Polybot
W32/Sasser.worm
W32/SirCam@MM
W32/Sober
W32/Sobig
W32/SQLSlammer.worm
W32/Swen@MM
W32/Yaha@MM
W32/Zafi
W32/Zindos.worm

Zee
0
 
Rich RumbleSecurity SamuraiCommented:
Don't forget if your running Xp or winME to disable system restore, THEN remove the pest's... once system restore is off- do your scanning, remove, then reboot. System restore can be re-enabled after the reboot, personally I turn it off the first chance I get (other disagree)
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
-rich
0
 
nicinsuzAuthor Commented:
Well Im gonna try that stinger after I disable system restore. The thing is I think am fighting against a losing battle here. The longer I stay on her the more at risk I am to viruses, trojans, whatever.
Just now: I got a new trojan cause i am unprotected
W32/Sdbot.worm.gen.j
A friend of mine suggested MicroTrend. I am running that scan right now.

Dont you think I should just uninstall windows and reinstall it?.. Would that get rid of all this mess. That way I could download my McAfee again and not be open to threats?

Any idea why my firewall keeps getting disabled? I think reinstalling windows would help that too.

I appreciate that advise.

Thank again,

Nic

P.S Running my mcAfee in safe mode didnt work it kept saying it could not initilize cause of missing components
0
 
greyknight17Commented:
Hi Nic, if you want to reinstall Windows, then you should do it now.  Sometimes users don't want to spend any more time on cleaning this stuff and need the computer soon.  So if that's the case, backup whatever data you can (scan them for viruses on another computer to make sure it's virus-free before formatting this computer and reinstalling Windows).  It should get rid of all the virus problems unless they infected the boot sector.  I don't see many of this, so you should be ok here also.

Some of these trojans are really malicious and will disable your firewall and antivirus program.  There are ways to remove it, but it doesn't sound like you want to do any more cleaning here.  So go with the format if that's the case.

Otherwise, you may post back on the status and we will continue helping you.
0
 
blue_zeeCommented:

Basically, I would agree with the reinstall from scratch (i.e. format and reinstall) if the data and software are not really important. Many times is the less troublesome way out of trouble.

Anyway, I would have a go with Stinger as it targets AV disabling malware that also seems to have hit you. Even if after that you still decide to reinstall, it will be a worthy (IMO) learning process.

After the clean reinstall take a look at these FREE tools:

To Home Users: Do you want free security programs that really works?
http://msmvps.com/donna/archive/2004/12/06/22450.aspx

Best of luck,

Zee
0
 
nicinsuzAuthor Commented:
Hi All
I downloaded and ran a few scans
MicroTrend
A Squared
Right now am running that stinger.

MicroTrend found 4 virus files
Troj Narrator.a
Troj Zapchast.n
Troj Qlogic.a
Worm Sdbot.bct

It said the files were uncleanable to "simply" delete them?..so choosing delete from the scan window will complete delete them from my system??...seems to good to be true lol
I deleted them anyway.

A squared found nothing but I have it enabled and protecting right now. I am not sure how well its working yet.

I know MicroTrend found viruses I didn't even know I had but it didnt find any of the ones that I seen Mcafee find.

This really is a lesson learnt but a little too late..lol

What leaves you open to viruses more not having a firewall or not having virus proctection??? I know not having both for a few days has been total hell.

I just really appreciate the help thank you so much.

When/If I decide to re-install windows do I have to uninstall my current windows manually?
0
 
blue_zeeCommented:

Thank you for the feedback.

Curious on the Stinger scan results.

If you want to reinstall Windows you don't need to uninstall anything, just backup or copy what you need (with the risk of copying infected files!).

This is a very thorough step by step for Windows XP:

http://www.michaelstevenstech.com/cleanxpinstall.html

And this is a simple one, easier to follow up:

http://www.blackviper.com/Articles/OS/InstallXPHome/installxphome1.htm

Good luck,

Zee
0
 
nicinsuzAuthor Commented:
Hey,
I ran the stinger, unfortunately it didn't find anything cause it kept getting frozen during scan.
I finally had enough at that point and re-installed my windows.
After uninstalling I discovered that I was missing my CD-ROM that installs my modem etc.
I used my OS cd to install windows and it seems to have done the job as now my mcafee and stuff is working brilliantly.

Thank god for all of your help.

Unfortunately, I am using my slow ass PC right now to get online as I cant get online still with my laptop cause now I cannot re-install my modem cause i dont have the CD.. lol. I thought it would install it automatically but thats not the case. Right now I am trying to remember the exact name of the modem (conexant???)to see if I can download the software from online as my guarantee is up.

This has been a bad computer week.lol

0
 
blue_zeeCommented:

To identify your hardware, try this Everest Home Edition:

http://www.lavalys.com/products/download.php?pid=1&lang=en

Good luck,

Zee
0
 
nicinsuzAuthor Commented:
I have searched high and low for my installation cd and i cannot find it. You mentioned that I should download that hardware identifier for my laptop and then use a cd, install and run iton my laptop??
If i cannot find my cd and Everest HomeEdition is not working what are my  options can I download the software from online|?. Also my DVD will not play on the laptop now ( I assume cause the software for the DVD is on the same one that installs the modem??).
On the back of  my laptop it says:
conexant systems
conexant AMC20493
My Modem.
0
 
blue_zeeCommented:

I believe this will help:

http://www.conexant.com/support/md_driverdownload.jsp

Quote:

There are several ways that you can determine which drivers you
need to download:

1. Download and Use the Listmodem application as described in the List Modem document.

2. Use the current driver information for your modem to determine what type of modem you have.

3. Use the "Check Correct Chipset" documentation to determine what modem you are using.

 When you have determined which modem you are using, please proceed below to review the list of available generic modem drivers for use with Conexant devices only.

Unquote.

Zee
0
 
blue_zeeCommented:

Nic,

A 'C' grade?

If nothing helped, you just ask for it to be deleted.

But then why did you say: "Thank god for all of your help."?
:(

Zee
0
 
Rich RumbleSecurity SamuraiCommented:
I thought the grades were gone... I guess their back...

http://www.experts-exchange.com/help.jsp#hi18
Can I get a grade changed?
If you are the person who asked the question, then yes, you can, by asking the Moderators to change the grade -- although they won't be inclined to lower it.

If you are the Expert receiving the grade, you will absolutely need a reason, and you may be asked to explain your request in the original question. Generally speaking, the Moderators assume that the Asker gave the grade for a reason, and unless it is vindictively a C, they will not be inclined to change it.
-rich
0
 
nicinsuzAuthor Commented:
Cause I only had so many points to allocate and I had more than one question so I gave as much as I could. If I gave more than that I wouldnt be able to accept any other answers?
0
 
blue_zeeCommented:

Nic,

It's the grading not the points.

You graded it a C, the poorest grade possible.

Please see this:

http://www.experts-exchange.com/help.jsp#hi73

Cheers,

Zee
0
 
Rich RumbleSecurity SamuraiCommented:
>  richrumble,
The grades have never gone away.

Really? I coulda swore... my bad.
-rich
0
 
Rich RumbleSecurity SamuraiCommented:
Ahhh now I remember, it was the Feedback portion... sorry about that.
-rich
0
 
nicinsuzAuthor Commented:
Ok Zee, I read your grading link... Im so sorry for the misunderstanding.
No way did you deserve a C - It needs to be changed to an "A"
How do I go about doing this? Ask the Moderator here just by posting it?

Please advise,
Thanks
Sorry bout the confusing...
-Nic
0
 
blue_zeeCommented:

Nic,

Thanks.

I believe the moderator will take care of that.

Cheers,

Zee
0
 
nicinsuzAuthor Commented:
COOL- Will the Moderator also DELETE my question now as I no longer have the problem
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 11
  • 8
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now