HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Having a technical difficulty? Post here for help or advice.

Moderator: Officers

HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Postby [CS] Ice_GopherFC on Tue Apr 27, 2010 4:07 pm

So I was browsing things for our wedding registry the other night when I saw a link for a really cool looking bug creature. Being the red blooded American man I am I decided to check out said bug. Five minutes later checking out the website I have umpteen million alerts flashing on my screen and a certain "Antimalware Doctor" telling me I am getting hacked, that my system is being hijacked, my fans are going to fly out like shurikens blah blah blah, either way, I knew it was jacked because my anti virus is AVG. Well, I ran a full AVG scan and while it caught some things, it is NOT finding or removing this sucker. I have googled it and found some guides but none of the files or registry entries match or are found on my PC, leading me to believe that this is a "new and improved" version of this trojan horse... This thing is driving me nuts...

HELP!!!!!!!!
"Blimps remind me of myself to much to want to own one. The are slow, round, full of hot air and not tax free. :shock:" -[CS] Goodytwoshoes

I've learned that I'd much rather have fools pray for me, than work with intellectuals who run me down. I love you folks! (1 Corinthians 1:25!)
User avatar
[CS] Ice_GopherFC
Official Clan Fire Fodder
 
Posts: 1331
Joined: Sun Jun 18, 2006 12:52 am
Location: Crofton, MD

Re: HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Postby Frostbite on Tue Apr 27, 2010 4:49 pm

Try booting in safe mode and running the scan. Then uninstall avg, install the newest full version (30 day trial with root kit detection) and run the scan again. And don't plug your usb thumb drives into the computer while the virus is there. The new ones tend to install on them.
User avatar
Frostbite
Officially Retired
 
Posts: 1061
Joined: Tue Apr 25, 2006 10:55 pm
Location: UNC Charlotte

Re: HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Postby [CS] Joab on Tue Apr 27, 2010 6:48 pm

Do what Frosty said. You can also try Cureit if that doesn't get it fixed. Link here.
"A thorough knowledge of the Bible is worth more than a college education." -- Teddy Roosevelt
"There is only one person God has treated worse than He deserved." -- John Piper
User avatar
[CS] Joab
Clan Llama and a Legend in his Own Mind
 
Posts: 12267
Joined: Fri Jan 05, 2007 3:33 pm
Location: NW Ohio, USA, Earth

Re: HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Postby [CS] Goodytwoshoes on Tue Apr 27, 2010 8:23 pm

Try trendmicro house call http://housecall.trendmicro.com/
User avatar
[CS] Goodytwoshoes
Site Admin
 
Posts: 517
Joined: Tue Apr 25, 2006 11:44 pm

Re: HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Postby Frostbite on Tue Apr 27, 2010 8:49 pm

This reminds me of something, how much I love linux. Except the part about punkbuster not allowing me to play. Oh wait, thats right. It fails at its job anyways.

Actually my roommate ran into something AVG couldn't wipe. I had to scan it from my version of AVG. Not sure if the virus hacked into his avg file or what. I then had to replace his windows driver folder from a version off my computer. Real pain.
User avatar
Frostbite
Officially Retired
 
Posts: 1061
Joined: Tue Apr 25, 2006 10:55 pm
Location: UNC Charlotte

Re: HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Postby [CS] Ice_GopherFC on Tue Apr 27, 2010 9:33 pm

Well, I downloaded the "trial" of AVG full and ran it while in safe mode. The whole command prompt thing was weird, but it showed no threats or removals... Also ever since this happened my google chrome browse has quit working, but the trojan horse seems to exclusively use IE as it's pathway... WEIRD

Hmmm... I forgot to uninstall AVG before I started the trial... Lemme run this mess again... YEARGH!!!! I just want to enjoy my new components in PEACE!
"Blimps remind me of myself to much to want to own one. The are slow, round, full of hot air and not tax free. :shock:" -[CS] Goodytwoshoes

I've learned that I'd much rather have fools pray for me, than work with intellectuals who run me down. I love you folks! (1 Corinthians 1:25!)
User avatar
[CS] Ice_GopherFC
Official Clan Fire Fodder
 
Posts: 1331
Joined: Sun Jun 18, 2006 12:52 am
Location: Crofton, MD

Re: HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Postby [CS] Ice_GopherFC on Tue Apr 27, 2010 10:03 pm

Looks like I'm on the road to another reformat... BLAH, luckily I don't have anything important added since the last one a month ago. I'll try some of the programs that you guys offered up. Right now this sucker is blocking my re-installation of AVG... GRRRR!!!!!!
"Blimps remind me of myself to much to want to own one. The are slow, round, full of hot air and not tax free. :shock:" -[CS] Goodytwoshoes

I've learned that I'd much rather have fools pray for me, than work with intellectuals who run me down. I love you folks! (1 Corinthians 1:25!)
User avatar
[CS] Ice_GopherFC
Official Clan Fire Fodder
 
Posts: 1331
Joined: Sun Jun 18, 2006 12:52 am
Location: Crofton, MD

Re: HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Postby [CS] Jedi on Tue Apr 27, 2010 10:07 pm

AVG is not the answer for a Trojan Horse. You need to use A-Squared - http://www.emsisoft.com/en/software/free/ . It's free. Install and do a Deep Scan.
Image
"Raston, do you get a commission from YouTube?" - [CS] IcePrincess
"The only useless weapon in DOD is the lack of cooperation." - Steff Meister
"This isn't Counter-Strike, let's leave the attitudes at the door." - Sparky Jamers
User avatar
[CS] Jedi
Site Admin
 
Posts: 1642
Joined: Tue Apr 25, 2006 10:27 pm
Location: Atyrau, Kazakhstan

Re: HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Postby [CS] Ice_GopherFC on Tue Apr 27, 2010 10:12 pm

I hope the multiple posts aren't annoying folks... I tried Joab's and Goody's programs, with no luck, I can't even get Joab's to download and install. I really am ready to just lay down the guns... BLEAH

Just saw your post Jedi... I'm downloading it right now.
"Blimps remind me of myself to much to want to own one. The are slow, round, full of hot air and not tax free. :shock:" -[CS] Goodytwoshoes

I've learned that I'd much rather have fools pray for me, than work with intellectuals who run me down. I love you folks! (1 Corinthians 1:25!)
User avatar
[CS] Ice_GopherFC
Official Clan Fire Fodder
 
Posts: 1331
Joined: Sun Jun 18, 2006 12:52 am
Location: Crofton, MD

Re: HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Postby Garrett on Tue Apr 27, 2010 10:44 pm

I got hit by the same thing (It's also known by Vista AntiMalware and ect) and added a screenshot of the stuff that all of a sudden just started popping up. It came through the browser and think it was a Java virus (like most are I think). :roll:

EDIT: Here's a good post on the virus at BleepingComputer.com LINK

Image

One of the best utilities out there and the one that found it/quarantined it was Malware Bytes & IMO, is a must have free utility for every PC:

Malware Bytes

Just download it - do an update and then run it - it should catch it if it's the same thing I had and no need to reformat...hopefully.
Image
Image
User avatar
Garrett
Officially Retired
 
Posts: 1446
Joined: Thu Apr 05, 2007 12:58 am
Location: Rockies

Re: HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Postby Hooligan on Tue Apr 27, 2010 11:13 pm

One thing I got some of people I used to help often, before I started doing what I am now, was creating a full image backup of their PC's with Seagate's DiscWizard.

If they were willing to invest in a fair sized external drive, which are pretty cheap for a 250G which 90% of the time is plenty, I would show them how to do it and show them how to restore the image if they needed to, like it never happened. Some of them found it so great they took it upon themselves to buy the full version from Acronis and scheduled it themselves and now sing its praises. It saves hours of frustration in dealing with malware that gets out there before the anti-malware companies can code it out.

"I can clean the laundry but I can't stop you from playing in the mud."
Hooligan
Clan Member
 
Posts: 679
Joined: Wed Oct 10, 2007 11:36 pm

Re: HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Postby [CS] Ice_GopherFC on Wed Apr 28, 2010 12:46 am

Garrett, 3/4 of those images look just like the one I'm hit with, with it just being XP's version vice Vista, so I'm going to have to check your link out...

Jedi, your software did find three trojan horses on my compy, but this rascal is STILL alive and kicking even after the quarantine and subsequent deletion...

Thanks so much to everyone for your help!!!! Maybe I'll be able to reward it with a presence by the esteemed Gopher himself in game sometime this week/end :wink:
"Blimps remind me of myself to much to want to own one. The are slow, round, full of hot air and not tax free. :shock:" -[CS] Goodytwoshoes

I've learned that I'd much rather have fools pray for me, than work with intellectuals who run me down. I love you folks! (1 Corinthians 1:25!)
User avatar
[CS] Ice_GopherFC
Official Clan Fire Fodder
 
Posts: 1331
Joined: Sun Jun 18, 2006 12:52 am
Location: Crofton, MD

Re: HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Postby [CS] Scubadvr on Wed Apr 28, 2010 11:57 am

Gopher, another one I find works very well (and is free) is http://www.ad-aware.com

I also recommend HiJack This, which shows every running process (even those that don't appear in the Task Manager), and you can disable them from starting up. The caveat is that you need to know which processes are needed by Windows, because this will totally disable something. Anything that looks suspicious, you can google, and you'll find whether or not it's a process you can disable.

The use of these two programs is actually encouraged here at my company, which is known for its general discouragement of user-added applications.
Image
Psalm 66:1,2
Ecclesiastes 5:18-19
"Since all have sinned and fall short of the glory of God; they are now justified by his grace as a gift, through the redemption that is in Christ Jesus." Romans 3:23-24
User avatar
[CS] Scubadvr
Clan Officer
 
Posts: 5611
Joined: Wed Apr 26, 2006 10:26 am
Location: Missouri

Re: HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Postby Frostbite on Wed Apr 28, 2010 2:30 pm

You said that you wiped it a month ago and wouldn't lose anything important. At this point, my suggestion is to wipe it, be done with it, and go about with life.
User avatar
Frostbite
Officially Retired
 
Posts: 1061
Joined: Tue Apr 25, 2006 10:55 pm
Location: UNC Charlotte

Re: HELP!!!! I'VE GOT A TRICKY TROJAN HORSE!!!

Postby [CS] Ice_GopherFC on Wed Apr 28, 2010 6:36 pm

After using Garrett's recommended software once in safe mode and once under normal, I believe I have successfully removed the threat... *Knocks on wall while crossing fingers* If this doesn't do it... Reformat time! :evil:

Thanks again to EVERYONE for their input! :D
"Blimps remind me of myself to much to want to own one. The are slow, round, full of hot air and not tax free. :shock:" -[CS] Goodytwoshoes

I've learned that I'd much rather have fools pray for me, than work with intellectuals who run me down. I love you folks! (1 Corinthians 1:25!)
User avatar
[CS] Ice_GopherFC
Official Clan Fire Fodder
 
Posts: 1331
Joined: Sun Jun 18, 2006 12:52 am
Location: Crofton, MD

Next

Return to Support/Help

Who is online

Users browsing this forum: No registered users and 1 guest

cron