• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 305
  • Last Modified:

Search the web browser window.

Hello,

I ahve a customer who is (was) infected with the Downloader.small.18.T trojan virus.  I ran AVG and it cleaned the file supposedly.  Yhe CPU usage is still 100%.  Mostly used by the yahoo browser.  I ran a Hijack this scan went through and eliminated any files that looked bogus.  I have uninstalled and am reinstalling at this time the yahoo browser applications.
I am still having problems witht he Yahoo browser also i have this search box in the lower right hand corner that I can't get rid of.  What is the going on with this? Please respond quickly if you can.  I need to get this resolved for my customer.

Sincerely,

Compucharley
0
compucharley
Asked:
compucharley
  • 6
  • 2
1 Solution
 
blue_zeeCommented:

Start here:

First of all, download NOW this Winsock fix (FREE):
http://downloads.subratam.org/WinsockFix.zip
If you lose internet access after the cleanup, run this tool.

After that, download the fully functional trial version of Spy Sweeper:
http://www.webroot.com/downloads/?WRSID=595f27d74dd2795a56af83b763c321e1
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once ('in use').

Download Ad-Aware (FREE) from here:
http://lavasoft.element5.com/support/download/
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once ('in use').

Also excellent is SpyBot Search & Destroy (FREE) available here:
http://www.spychecker.com/download/download_spybot.html
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once ('in use').
You should also apply the 'immunize' function, since it blocks roughly 1900 known 'bad' runs/apis/apps.

Even if Ad-Aware and SpyBot S&D are similar, they do clean different things. You should have both of them and use REGULARLY.

You can also install 'preventive' software that will help you control these nasties:

SpywareBlaster (FREE):
http://www.javacoolsoftware.com/spywareblaster.html
Prevents the installation of Active-X based spyware, malware, dialers, etc
Currently protects you against 3500+ nasties.
Advantage: no system resources used!!!
Just download, install and UPDATE.

All of them extremely useful but you must keep them UPDATED.

Suggestion: Make sure you can see all files and folders and run Ad-aware and Spybot S&D in Safe Mode.

Zee
0
 
blue_zeeCommented:

Have you tried an online virus scanner (run at least 2 of them)?

Panda ActiveScan
http://www.pandasoftware.com/activescan 

Bitdefender
http://www.bitdefender.com/scan/Msie/index.php 

McAfee FreeScan
http://us.mcafee.com/root/mfs/default.asp 

Symantec Security Check
http://security.symantec.com/sscv6/ 

Pc-Cillin (Trend Micro Housecall)
http://housecall.antivirus.com/housecall/start_pcc.asp 

PcPitstop
http://pcpitstop.com/antivirus/default.asp 

RAV
http://www.ravantivirus.com/scan/ 

Zee
0
 
blue_zeeCommented:

And last but by no means least, try a different browser.

Why not the best?

Firefox available here:

www.mozilla.org

Zee
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
blue_zeeCommented:

And useful in many occasions, download and run Process Explorer:

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

It will show you everything running in the system and CPU usage, and much, much more.

Zee
0
 
compucharleyAuthor Commented:
Yes Firefox is downloaded and working great.  I was wanting to sniff out the culprits in IE. The customer has updated Mcafee and I ran an AVG scan.  AVG  and mcafee keep telling me that I ahve a virus.  It cannot delete it for some reason.  I went the path of the virus in the WINDOWS\ isrvs  and said it could not delete.  I went to Safe mode and got into the registry and was able to delete them there. I will see what happens in normal mode and post things as they happen.  thanks.

Compucharley
0
 
blue_zeeCommented:

Listening...

Zee
0
 
compucharleyAuthor Commented:
Thanks Blue Zee. I appreciate the help.
0
 
blue_zeeCommented:
You're welcome.

Glad I could help.

Zee
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now