nicinsuz
asked on
Trojan NIGHTMARE!
OK It seems like my computer system is being over run by trojans. There is a number of weird things my computer is doing. I guess I must be getting these Trojans cause no matter what I do whenever I enable my firewall I will go back 5 minutes later and it will have disabled itself without me touching a thing.
I have never experienced this problem ever before. I got McAfee and it keeps informing me that i have been infected with different trojans.
File C:\rsss is infected with W32/Pate.b,Reg/Lowerzones,
File C:\sss is infected with Proxy-Agent.i
( I found the fix for that one on McAfee but I could not download it without freezing )
File C:/Windows\system32\erasem
I seriously need some help with this one. I need to know why my firewall keeps on disabling by itself and I really need to know how to get rid of these trojans.
thank you so much for your help!
I have never experienced this problem ever before. I got McAfee and it keeps informing me that i have been infected with different trojans.
File C:\rsss is infected with W32/Pate.b,Reg/Lowerzones,
File C:\sss is infected with Proxy-Agent.i
( I found the fix for that one on McAfee but I could not download it without freezing )
File C:/Windows\system32\erasem
I seriously need some help with this one. I need to know why my firewall keeps on disabling by itself and I really need to know how to get rid of these trojans.
thank you so much for your help!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try also A-squared scanner:
http://www.emsisoft.com/en/
30 days trial and also a FREE versions here:
http://www.emsisoft.com/en/software/download/
Zee
ASKER
No I have not tried to run McAfee in safe mode. That's a good idea.
I will do that right now. When I tried running McAfee in normal setup, it kept saying there were components missing but yet it will still tell me that I am getting all these Trojans but will not run virus scan? Strange!
McAfee gave me a fix for the missing components but it didn't take.
Thank you Zee.
Nic
I will do that right now. When I tried running McAfee in normal setup, it kept saying there were components missing but yet it will still tell me that I am getting all these Trojans but will not run virus scan? Strange!
McAfee gave me a fix for the missing components but it didn't take.
Thank you Zee.
Nic
Also worth a try is Stinger a tool that targets specific malware:
http://download.nai.com/products/mcafee-avert/stinger.exe
Just downloand and run.
Currently targets these:
BackDoor-AQJ
BackDoor-ALI
BackDoor-CEB
BackDoor-JZ
Bat/Mumu.worm
Exploit-DcomRpc
Exploit-LSASS
IPCScan
IRC/Flood.ap
IRC/Flood.bi
IRC/Flood.cd
NTServiceLoader
PWS-Narod
PWS-Sincom.dll
W32/Anig.worm
W32/Bagle@MM
W32/Blaster.worm (Lovsan)
W32/Bropia.worm
W32/Bugbear@MM
W32/Deborm.worm.gen
W32/Doomjuice.worm
W32/Dumaru
W32/Elkern.cav
W32/Fizzer.gen@MM
W32/FunLove
W32/Klez
W32/Korgo.worm
W32/Lirva
W32/Lovgate
W32/Mimail
W32/MoFei.worm
W32/Mumu.b.worm
W32/MyDoom
W32/Nachi.worm
W32/Netsky
W32/Nimda
W32/Pate
W32/Polybot
W32/Sasser.worm
W32/SirCam@MM
W32/Sober
W32/Sobig
W32/SQLSlammer.worm
W32/Swen@MM
W32/Yaha@MM
W32/Zafi
W32/Zindos.worm
Zee
Don't forget if your running Xp or winME to disable system restore, THEN remove the pest's... once system restore is off- do your scanning, remove, then reboot. System restore can be re-enabled after the reboot, personally I turn it off the first chance I get (other disagree)
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
-rich
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
-rich
ASKER
Well Im gonna try that stinger after I disable system restore. The thing is I think am fighting against a losing battle here. The longer I stay on her the more at risk I am to viruses, trojans, whatever.
Just now: I got a new trojan cause i am unprotected
W32/Sdbot.worm.gen.j
A friend of mine suggested MicroTrend. I am running that scan right now.
Dont you think I should just uninstall windows and reinstall it?.. Would that get rid of all this mess. That way I could download my McAfee again and not be open to threats?
Any idea why my firewall keeps getting disabled? I think reinstalling windows would help that too.
I appreciate that advise.
Thank again,
Nic
P.S Running my mcAfee in safe mode didnt work it kept saying it could not initilize cause of missing components
Just now: I got a new trojan cause i am unprotected
W32/Sdbot.worm.gen.j
A friend of mine suggested MicroTrend. I am running that scan right now.
Dont you think I should just uninstall windows and reinstall it?.. Would that get rid of all this mess. That way I could download my McAfee again and not be open to threats?
Any idea why my firewall keeps getting disabled? I think reinstalling windows would help that too.
I appreciate that advise.
Thank again,
Nic
P.S Running my mcAfee in safe mode didnt work it kept saying it could not initilize cause of missing components
Hi Nic, if you want to reinstall Windows, then you should do it now. Sometimes users don't want to spend any more time on cleaning this stuff and need the computer soon. So if that's the case, backup whatever data you can (scan them for viruses on another computer to make sure it's virus-free before formatting this computer and reinstalling Windows). It should get rid of all the virus problems unless they infected the boot sector. I don't see many of this, so you should be ok here also.
Some of these trojans are really malicious and will disable your firewall and antivirus program. There are ways to remove it, but it doesn't sound like you want to do any more cleaning here. So go with the format if that's the case.
Otherwise, you may post back on the status and we will continue helping you.
Some of these trojans are really malicious and will disable your firewall and antivirus program. There are ways to remove it, but it doesn't sound like you want to do any more cleaning here. So go with the format if that's the case.
Otherwise, you may post back on the status and we will continue helping you.
Basically, I would agree with the reinstall from scratch (i.e. format and reinstall) if the data and software are not really important. Many times is the less troublesome way out of trouble.
Anyway, I would have a go with Stinger as it targets AV disabling malware that also seems to have hit you. Even if after that you still decide to reinstall, it will be a worthy (IMO) learning process.
After the clean reinstall take a look at these FREE tools:
To Home Users: Do you want free security programs that really works?
http://msmvps.com/donna/archive/2004/12/06/22450.aspx
Best of luck,
Zee
ASKER
Hi All
I downloaded and ran a few scans
MicroTrend
A Squared
Right now am running that stinger.
MicroTrend found 4 virus files
Troj Narrator.a
Troj Zapchast.n
Troj Qlogic.a
Worm Sdbot.bct
It said the files were uncleanable to "simply" delete them?..so choosing delete from the scan window will complete delete them from my system??...seems to good to be true lol
I deleted them anyway.
A squared found nothing but I have it enabled and protecting right now. I am not sure how well its working yet.
I know MicroTrend found viruses I didn't even know I had but it didnt find any of the ones that I seen Mcafee find.
This really is a lesson learnt but a little too late..lol
What leaves you open to viruses more not having a firewall or not having virus proctection??? I know not having both for a few days has been total hell.
I just really appreciate the help thank you so much.
When/If I decide to re-install windows do I have to uninstall my current windows manually?
I downloaded and ran a few scans
MicroTrend
A Squared
Right now am running that stinger.
MicroTrend found 4 virus files
Troj Narrator.a
Troj Zapchast.n
Troj Qlogic.a
Worm Sdbot.bct
It said the files were uncleanable to "simply" delete them?..so choosing delete from the scan window will complete delete them from my system??...seems to good to be true lol
I deleted them anyway.
A squared found nothing but I have it enabled and protecting right now. I am not sure how well its working yet.
I know MicroTrend found viruses I didn't even know I had but it didnt find any of the ones that I seen Mcafee find.
This really is a lesson learnt but a little too late..lol
What leaves you open to viruses more not having a firewall or not having virus proctection??? I know not having both for a few days has been total hell.
I just really appreciate the help thank you so much.
When/If I decide to re-install windows do I have to uninstall my current windows manually?
Thank you for the feedback.
Curious on the Stinger scan results.
If you want to reinstall Windows you don't need to uninstall anything, just backup or copy what you need (with the risk of copying infected files!).
This is a very thorough step by step for Windows XP:
http://www.michaelstevenstech.com/cleanxpinstall.html
And this is a simple one, easier to follow up:
http://www.blackviper.com/Articles/OS/InstallXPHome/installxphome1.htm
Good luck,
Zee
ASKER
Hey,
I ran the stinger, unfortunately it didn't find anything cause it kept getting frozen during scan.
I finally had enough at that point and re-installed my windows.
After uninstalling I discovered that I was missing my CD-ROM that installs my modem etc.
I used my OS cd to install windows and it seems to have done the job as now my mcafee and stuff is working brilliantly.
Thank god for all of your help.
Unfortunately, I am using my slow ass PC right now to get online as I cant get online still with my laptop cause now I cannot re-install my modem cause i dont have the CD.. lol. I thought it would install it automatically but thats not the case. Right now I am trying to remember the exact name of the modem (conexant???)to see if I can download the software from online as my guarantee is up.
This has been a bad computer week.lol
I ran the stinger, unfortunately it didn't find anything cause it kept getting frozen during scan.
I finally had enough at that point and re-installed my windows.
After uninstalling I discovered that I was missing my CD-ROM that installs my modem etc.
I used my OS cd to install windows and it seems to have done the job as now my mcafee and stuff is working brilliantly.
Thank god for all of your help.
Unfortunately, I am using my slow ass PC right now to get online as I cant get online still with my laptop cause now I cannot re-install my modem cause i dont have the CD.. lol. I thought it would install it automatically but thats not the case. Right now I am trying to remember the exact name of the modem (conexant???)to see if I can download the software from online as my guarantee is up.
This has been a bad computer week.lol
To identify your hardware, try this Everest Home Edition:
http://www.lavalys.com/products/download.php?pid=1&lang=en
Good luck,
Zee
ASKER
I have searched high and low for my installation cd and i cannot find it. You mentioned that I should download that hardware identifier for my laptop and then use a cd, install and run iton my laptop??
If i cannot find my cd and Everest HomeEdition is not working what are my options can I download the software from online|?. Also my DVD will not play on the laptop now ( I assume cause the software for the DVD is on the same one that installs the modem??).
On the back of my laptop it says:
conexant systems
conexant AMC20493
My Modem.
If i cannot find my cd and Everest HomeEdition is not working what are my options can I download the software from online|?. Also my DVD will not play on the laptop now ( I assume cause the software for the DVD is on the same one that installs the modem??).
On the back of my laptop it says:
conexant systems
conexant AMC20493
My Modem.
I believe this will help:
http://www.conexant.com/support/md_driverdownload.jsp
Quote:
There are several ways that you can determine which drivers you
need to download:
1. Download and Use the Listmodem application as described in the List Modem document.
2. Use the current driver information for your modem to determine what type of modem you have.
3. Use the "Check Correct Chipset" documentation to determine what modem you are using.
When you have determined which modem you are using, please proceed below to review the list of available generic modem drivers for use with Conexant devices only.
Unquote.
Zee
Nic,
A 'C' grade?
If nothing helped, you just ask for it to be deleted.
But then why did you say: "Thank god for all of your help."?
:(
Zee
I thought the grades were gone... I guess their back...
https://www.experts-exchange.com/help.jsp#hi18
Can I get a grade changed?
If you are the person who asked the question, then yes, you can, by asking the Moderators to change the grade -- although they won't be inclined to lower it.
If you are the Expert receiving the grade, you will absolutely need a reason, and you may be asked to explain your request in the original question. Generally speaking, the Moderators assume that the Asker gave the grade for a reason, and unless it is vindictively a C, they will not be inclined to change it.
-rich
https://www.experts-exchange.com/help.jsp#hi18
Can I get a grade changed?
If you are the person who asked the question, then yes, you can, by asking the Moderators to change the grade -- although they won't be inclined to lower it.
If you are the Expert receiving the grade, you will absolutely need a reason, and you may be asked to explain your request in the original question. Generally speaking, the Moderators assume that the Asker gave the grade for a reason, and unless it is vindictively a C, they will not be inclined to change it.
-rich
ASKER
Cause I only had so many points to allocate and I had more than one question so I gave as much as I could. If I gave more than that I wouldnt be able to accept any other answers?
Nic,
It's the grading not the points.
You graded it a C, the poorest grade possible.
Please see this:
https://www.experts-exchange.com/help.jsp#hi73
Cheers,
Zee
> richrumble,
The grades have never gone away.
Really? I coulda swore... my bad.
-rich
The grades have never gone away.
Really? I coulda swore... my bad.
-rich
Ahhh now I remember, it was the Feedback portion... sorry about that.
-rich
-rich
ASKER
Ok Zee, I read your grading link... Im so sorry for the misunderstanding.
No way did you deserve a C - It needs to be changed to an "A"
How do I go about doing this? Ask the Moderator here just by posting it?
Please advise,
Thanks
Sorry bout the confusing...
-Nic
No way did you deserve a C - It needs to be changed to an "A"
How do I go about doing this? Ask the Moderator here just by posting it?
Please advise,
Thanks
Sorry bout the confusing...
-Nic
Nic,
Thanks.
I believe the moderator will take care of that.
Cheers,
Zee
ASKER
COOL- Will the Moderator also DELETE my question now as I no longer have the problem
Have you tried running your Anti Virus in Safe Mode?