Is there any quick measure I can take to completely eradicate possible more trojans?

I ran a virus scan during the night, and received this result in the morning:

Trojan: BAT/Stravdri.A
Serious
2017-10-30
This program is dangerous and runs commands from an attacker.

I deleted it and restarted the computer whereupon the computer worked much faster. But now I am not sure if there is an issue again, begin to get slow sometimes.

I have a large project I am working with that has a tight deadline and have no time to run more thorough virus searches. So I wonder if there is any quick measure I can take? My normal AV software (MSE) takes more than 24 hours to run a thorough scan with. Malwarebytes Pro did not find anything when I run it two days ago.

I had someone use my credit card a few weeks ago, and had it blocked by the bank. Lost around 300 USD. It is possible it could be related to this.

I use Windows 7 Home 64-bit.
LVL 1
hermesalphaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Re-run Malwarebytes and see if it still says nothing, then restart and let MSE do a full scan. Let it run until done and see what it says. If both come out clean, you would have appeared to have eradicated the virus. MSE is quite decent.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
By the way, you did say "quick" . When viruses are bad , the only sure way is to format and reinstall Windows. So follow what I said in the first post.
0
8046586Commented:
Best practice for eliminating viruses or Trojans is PC reinstallation and changing all bank accounts and e-mails passwords.

You said it took you 24h for scanning. The installation will take you 1h.

Change your antivirus too. Buy one of the well-known brands like Symantec, McAfee, ESET, Kaspersky, Trend. There is no perfect AV software, but bigger is better.
0
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

btanExec ConsultantCommented:
You should also run a full scan. A full scan might find other hidden malware.

If you do open the attachment from spam email, you should end up installing malware on your PC. E.g. malicious software programs that pose as legitimate .bat files

The malware can also be automatically installed when you connect the infected drive to your PC. Scan those external drives.  Disable the Autorun function.

With the exploitation success, Trojan procees to download other threats to your PC. Once these threats are installed on your PC they will continue to download more threats. So best mean (though not faster) is rebuild machine if possible and have best protection from malware and potentially unwanted software using an up-to-date, real-time security product. Alternate AV scanner is preferred to give the assurance. If you have the BAT file, can try Virustotal.com to see what other AV can detect. It should be removed but I suppose it has more than just this threat.
0
Shaun VermaakTechnical SpecialistCommented:
Most common causes...

• Run up-to-date security software
• Get the latest software updates
• Understand how malware works
• Turn on your firewall
Limit user privileges
Use caution with attachments and file transfers
Use caution when clicking on links to webpages
Avoid downloading pirated software
• Protect yourself from social engineering attacks
Use strong passwords
https://www.microsoft.com/en-us/wdsi/help/prevent-malware-infection

I have never had a virus on any of my personal devices. If you are unsure about a piece of software, run it Sandboxed (https://www.sandboxie.com/) or within a VM
0
hermesalphaAuthor Commented:
I think the main way I get viruses (as I never download pirated software and never visit dubious porno sites or gambling sites) is through downloading files such as pdf files and word documents. I do this a lot when I translate, and I have to do it quickly to lookup words.

What if I would do all this lookup on a Chromebook computer and then have Bluetooth connection to transfer whatever I need from each downloaded file from the Chromebook computer to my ordinary Windows laptop?
0
btanExec ConsultantCommented:
Suggest you scan all pdf and document before you actually open up. Try virustotal.com such that you can upload the document if they are not sensitive, otherwise can consider using the hash of the document but it has a higher miss in scan result, since the document may be unique. Actually, a separate scanning machine (like your Chromebook) can be used and have your machine be able to revert to clean state if it is infected, either using Virtual machine like VMware workstation or using software such as Deepfreeze.
http://www.faronics.com/en-uk/products/deep-freeze
0
masnrockCommented:
I would recommend using something like Cisco AMP for Endpoints. It leverages a lot of Cisco security research and can help give you an idea of bad files and follows through the actions of what it has been doing on detected. You can use it along with your existing AV or you can utilize it's AV features. However, this is mostly going to make sense if you're doing it across the organization. Check with Cisco sales and learn some more.

What if I would do all this lookup on a Chromebook computer and then have Bluetooth connection to transfer whatever I need from each downloaded file from the Chromebook computer to my ordinary Windows laptop?
This doesn't help you if the file is infected and you haven't caught on. You might want to implement web filtering as well as be more careful about where you're visiting. Additionally, follow the previous advice about using tools like Virustotal.
0
hermesalphaAuthor Commented:
It sounds simple to do a 1 hour re-install, but is practically impossible for me. I have so many tweaks and special settings I need for my work and  I can't get this setup in a short period of time after a re-install, would take me a long time to get that set up again.

The pattern now is that probably this trojan is using my computer as slave for doing something. Suddenly this morning I could not use my computer; got messages the IP address can't be found for a website, takes ages for sending text messages to tech remote support, couldn't download the tech remote support's application (was freezed for ages). Couldn't visit Experts Exchange. This went on for about 2 hours. Now suddenly my computer is like new again without having done anything! Even when I run a heavy virus scan with MSE. That indicates this trojan is using my laptop as slave for something.
0
btanExec ConsultantCommented:
May want to sieve out any anomalies in traffic to external destination e.g. typing netstat -b -o 5 in your Command Prompt screen
-b attribute: displays the executable involved in creating each connection or listening port.

-o attribute: displays the owning process id associated with each connection.

integer:  An integer used to display results multiple times with specified number of seconds between displays. It continues until stopped by command ctrl+c.
eventually this malware wpuld have to call back to the mothership for instruction or send back info. Need to hunt down if you are still going to use thus machinr and connect it to network and Internet. Also good to scan using another AV mentioned.
0
JohnBusiness Consultant (Owner)Commented:
What was the result of a full scan by MSE and then scan again by Malwarebytes?
0
hermesalphaAuthor Commented:
The problem with scanning with MSE it takes about 3 days for a full scan, and it slows down the computer so I can not have it on while working during the day. I will try if I can scan during night, then pause during the day then resume from where it stopped during second night and so on.

Malwarebytes did not find anything more.

The command prompt suggestion seems like it would be worth a try. I also figured, all these viruses and trojans, one one has established what type of virus/trojan it is, shouldn't its "range of influence" be limited to one extent in that a virus/trojan can't be too big in order to be able to hide in a computer system? I mean, it functions must be limited to a certain type of activity as it can't be too big. Is it possible from reading patterns to establish detailed sub-types of viruses and trojans and see what types of activities they can be concerned with?

btan, should I run your commands in Command Prompt and report back here the results?
0
hermesalphaAuthor Commented:
btan, i entered the root directory with command prompt and entered what you said, but I only get a list with explanations of each parameter.
0
8046586Commented:
If you cannot afford to reinstall the PC, do you have the ability to add another SSD? You can run the fresh installation on the second SSD, and with the time slowly move your complex configuration on to the new installation. You can run safely offline on your old installation and online on the new one.
0
hermesalphaAuthor Commented:
That could work for me, to add another SSD. How do you mean to add this SSD? Install as new internal and use the old HDD as external? Or the other way around (but can I install a Windows on an external SSD)?
0
hermesalphaAuthor Commented:
Now I'm uninstalling TeamViewer to install the latest version, and it takes ages, the indicator is stuck on about 10 % and doesn't move any more.
0
btanExec ConsultantCommented:
See if this "Netstat -ab" can work.
0
8046586Commented:
Keep both drives as internal. If you are using a laptop with CD you can replace it with a caddy for the second disk. Which model do you have?
0
JohnBusiness Consultant (Owner)Commented:
In your first post you suggested that the viruses are gone. So proceed with your plan to scan with MSE.  You first posted about 2 days ago, so the scan should be near done.

Otherwise, the only sure way (mentioned by us earlier) is to back up and reinstall Windows.

Going forward, download the files you want to a constant and specific folder that is always scanned by MSE. That will pick up viruses immediately.
0
hermesalphaAuthor Commented:
That is an excellent idea John, to have the download folder always scanned. But how do I do that? There is no setting in MSE for this. There is no such option in Malwarebytes Pro either. If I could have an anti-virus to scan the Windows default download folder, it would make a big difference. Each time a new file is downloaded there, then scan the folder.

About moving to a new computer system a little at a time, how do I make sure I don't move with me the old viruses and trojans to the new computer system?
0
hermesalphaAuthor Commented:
Now I can hardly use my computer again. What happens is that when I search in Google, I get a lot of URLs displayed in the lower left corner of my computer screen: Facebook, LinkedIn, Yandex.ru (a Russian search engine), etc. etc. And it takes ages to do a search, if at all possible.
0
JohnBusiness Consultant (Owner)Commented:
That is an excellent idea John, to have the download folder always scanned. But how do I do that?

Set the download folder in your browser. Antivirus does not perform this function.

About moving to a new computer system a little at a time, how do I make sure I don't move with me the old viruses and trojans to the new computer system?

Keep your new computer system separate from your old one. Let us assume Windows 10.  Windows Defender works great on Windows 10. Make sure it is set up and working. Then bring over documents to your Documents folder and let Defender scan. Install Software fresh.
0
btanExec ConsultantCommented:
May also want to add scan option directly to the File Explorer right click context menu so that you can trigger the scan as when demanded https://winaero.com/blog/add-scan-with-windows-defender-to-explorer-right-click-context-menu-in-windows-8-1/
Another common place that can host PUP is the browser add-on. You may want to take a look at that and remove any unnecessary and unknown add-on that has not been your intentional for its existence. There is the Safety scanner though it is not a replacement for the AV or anti malware https://www.microsoft.com/en-us/wdsi/products/scanner
0
btanExec ConsultantCommented:
for author advice
0
btanExec ConsultantCommented:
Suggested the possible mean of scan, prevention and restoration approaches
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.