• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 929
  • Last Modified:

Can't get rid of Trojan on Windows 7 Dell Laptop

We have purchased and run Malwarebytes several times, and each time after the restart, Malwarebytes  STILL reports a Trojan.


Vendor:  
Trojan Agent

Category:  
File
Memory Process

Item:
c:\Windows\svchost.exe

Other:
4172


How can I clean this out?  I recall there being some very strong "medicine" I can use.


Thanks.


Larry
0
computerlarry
Asked:
computerlarry
6 Solutions
 
younghvCommented:
Hi Larry,
It is almost never good enough to just run one of the tools/scanners any more - regardless of how they...and MBAM is one of the best.

Please follow the directions in these EE Articles for using a 'rogue process stopper' - and then running your scanners.

http://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Aid-for-Malware


PLEASE be sure to post the logs from any tools/scanners you run so we can review the details of what is found.
0
 
Michael-BestCommented:
Boot into safe mode and then remove the trojan.

HijackThis may be more effective:
 http://sourceforge.net/projects/hjt/

You can get ageneric report of what HijackThis finds @ http://www.hijackthis.de/
Then use HijackThis to remove the trojan
0
 
younghvCommented:
@Michael-Best -
Most current variants of malware aren't even running their processes during a "Safe Mode" boot and they will be invisible to any scanner - much less something as old and out-dated as "HijackThis".

When Trend bought it from 'Merjin' (orginal developer) the wouldn't hire him to maintain it, so he moved over to the team at MalwareBytes.

Anyone wanting to see the processes running will be better served to run "OTL" (http://www.geekstogo.com/1888/otl-by-oldtimer-a-modern-replacement-for-hijackthis/) - but to run it in "Normal Mode" so that (a) the rogue processes are actually running and (b) they can be identified.

Of course, in most instances running a rogue process stopper and one of the automated tools is light years better than trying guess what to do based on only a scan.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
pgm554Commented:
Download the bootable security essentials disk from MS.

http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
0
 
sniperguy02895Commented:
Use Malwarebites and windows security essentials they work very well for me. If that does not work try using Mbam.
0
 
computerlarryAuthor Commented:
This one is quite resistant!  It couldn't be removed by RogueKiller or Combofix.

What's left to run?
0
 
Darr247Commented:
If you followed the articles recommended by younghv, you would have run RogueKiller, let it do its prescan, then clicked its Scan button in the upper right corner... when that scan's done, minimize (DO NOT CLOSE/EXIT)  RogueKiller, then do a full scan with MalwareBytes AntiMalware (MBAM for short).
0
 
nobusCommented:
on severe cases, i gain more time by a full reinstall, than by cleaning the system, so that's my suggestion : a fresh install
0
 
younghvCommented:
@computerlarry

<<This one is quite resistant!  It couldn't be removed by RogueKiller or Combofix.
What's left to run?>>

I suggest that you actually read the advice that has been offered, then follow the instructions.
You might also review these suggestions from EE that seem to be applicable:

"Three Rules":
http://www.experts-exchange.com/help/viewHelpPage.jsp?helpPageID=13

I am sorry, but I cannot assist you any further on this question.  Perhaps there may be another Expert here who can.

I wish you good luck in this endeavor, and perhaps I will be able to help you on some future question.
0
 
Sudeep SharmaTechnical DesignerCommented:
@computerlarry,

Did you follow the instructions posted above by Younghv ?

If yes then please post the logs of RogueKiller and MBAM.
0
 
computerlarryAuthor Commented:
Good recommendations, but I had a serious problem. I ended up backing up the User files, extracting all the serial numbers, then erasing and re-installing.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now