Trojans !!!!

Discussion in 'OFF-Topic / Misc.' started by Geedee, Feb 16, 2010.

  1. Geedee

    Geedee Well-Known Member

    Joined:
    Dec 5, 2008
    Messages:
    3,292
    Likes Received:
    210
    Trophy Points:
    63
    Gender:
    Male
    Location:
    Wiltshire, UK
    Sorry guys....got taken out by a very agressive trojan called XP Antispyware 2010 last weekend. Its converted my home PC into a essentially a doorstop !.

    Unfortunatley, even though I was running a fully upto date copy of Norton 360 I also had a second antivirus programm running in the background...and they both thought the other was going to bin this trojan...and neither did.

    In short, I can no longer connect to the internet, Anything on the PC Control Panel I either dont have administrator rights to or the program isnt there. It has deleted my RUNDL32 file so I have no links to anything on the PC.

    I downloaded a program to remove the trojan from another PC and ran it OK. but when I re started the computer....errrr.....its trucked (miss-spelt ! ).

    I have been able to copy most of my stuff...airshow pics etc... onto an external drive but I cant restore or run a re-build from the installation CD (didnt get one with pc !)...and I have also lost all my e-mail stuff. And Rocketeers website cant be updated and I've got a shed load of stuff for the site !!

    And to cap it all off, I have lost completely, all my gaming profiles GRRRRRRR.

    It going to be at least the end of this month before I can afford a new XP disc and license and then it'll probaby take a full day to nuke the hard drive, re-install the OS and then update all the drivers and then start to re-install all my other programs. Have been looking at Windows 7 as a possible alternative.

    So...thats why I've been quiet. Just thought I'd let you know. Not sure when I'll be back on line as access on the works PC is very very limited and it could be a while before I'm back here to catch up with whats going on.

    Ho hum !:evil:
     
  2. Trebor

    Trebor Well-Known Member

    Joined:
    Feb 15, 2008
    Messages:
    2,418
    Likes Received:
    39
    Trophy Points:
    48
    Location:
    KCLS
    reformat. that's all you can do.

    I've had the exact same type of virus, except it was called PC antispyware 2010. and it tottaly screwed up my comp. so I had to reformat. my advice to you is to buy a USB memory stick. but first gather ALL the files you want to save, put it into one folder, determine the size of the folder by right clicking it and selecting properties, THEN buy the right kind of USB stick.

    hope this helps
     
  3. evangilder

    evangilder "Shooter"
    Staff Member Administrator

    Joined:
    Sep 17, 2004
    Messages:
    19,419
    Likes Received:
    137
    Trophy Points:
    63
    Occupation:
    Network Engineer/Photographer
    Location:
    Moorpark, CA
    Home Page:
    I had something attack me a while back as well that clobbered my machine. I was able to get rid of it after about 5 days of intense work. I was running Norton and AVG and they both completely missed it. Since then, I have been using Avast and have had good result so far.
     
  4. Clave

    Clave Well-Known Member

    Joined:
    Jun 15, 2005
    Messages:
    3,167
    Likes Received:
    40
    Trophy Points:
    48
    Occupation:
    Graphic Designer of sorts
    Location:
    Deep in suburban Surrey
    Ouch! I hate those hackers so much! :evil:

    I'd seriously back an International Law against them - where the agency could travel to any country to arrest them and seize their equipment followed by stuffing them in jail for a few years...

    Any other fraudster/scumbag causing billions in damages all over the world would have all kinds of police, insurance agents, corporate heavies etc. all over them, but computer crime is still seen as 'victimless'... well.... it's damn well NOT!
     
  5. Wurger

    Wurger Siggy Master
    Staff Member Administrator

    Joined:
    Jun 19, 2005
    Messages:
    47,783
    Likes Received:
    1,550
    Trophy Points:
    113
    Occupation:
    A retired military Navigator/ATC, FIS controller
    Location:
    Poland
    Holy crap....:(
     
  6. Thorlifter

    Thorlifter Well-Known Member

    Joined:
    Jun 10, 2004
    Messages:
    7,911
    Likes Received:
    189
    Trophy Points:
    63
    Occupation:
    IT Nerd
    Location:
    Dallas, Tx Jubail, Saudi Arabia
    Here is the deal with the AntiSpyWare programs that are so bad right now......

    They are being programmed in Russia and are constantly being modified so Sophos, McAfee, AVG, Norton, or whoever, can't block them. What they do is "force" you to buy their program to remove the software. However, their program is filled with trackers and spyware that you still can't remove.

    There is a light at the end of the tunnel Gary. I have cleaned it off two pc's at work and each took me a couple hours, but I did get them cleaned.

    First, you have to boot into safe mode. the moment you get a desktop, open your task manager and watch for a process called PCAntiSpyWare (or something like that.....you will just have to watch for it) and kill it immediately. This is the process that is locking down your pc.

    If this process starts successfully, you will not be able to open IE, FireFox, or be able to kill processes in task manager and you will have to reboot and try again.

    Once you kill it, the best way to remove it is download MalWareBytes from Malwarebytes.org

    Fortunately, the free version will remove the F'ing thing. I have ran this one 6 pc's now that were infected so I know it works.

    Once installed, run the Update for MalWareBytes and then do a complete scan that might take an hour or so. This is a NASTY program. If you know what your doing, it doesn't hurt to go through the registry looking for AntiSpyWare or whatever name yours has to remove those keys as well.

    I sure hope this helps......
     
  7. Lucky13

    Lucky13 Forum Mascot

    Joined:
    Aug 21, 2006
    Messages:
    36,731
    Likes Received:
    1,064
    Trophy Points:
    113
    Occupation:
    Nightshift picker
    Location:
    A Swede living in Glasgow, Scotland
    Home Page:
    Round them all b*stards up and de-nutify them c*nts!
     
  8. comiso90

    comiso90 Active Member

    Joined:
    Dec 19, 2006
    Messages:
    3,672
    Likes Received:
    2
    Trophy Points:
    38
    Occupation:
    Video and multi-media communications expert
    Location:
    FL
    malwarebytes has saved me a few times. Have you used a "kill process" software that u can recomend? I'm afraid to install them cause they themselves may have trackers, spywareand trojans..

    another reason why I'm thinking about buying Mac!

    .
     
  9. Shinpachi

    Shinpachi Well-Known Member

    Joined:
    Feb 17, 2008
    Messages:
    6,829
    Likes Received:
    1,025
    Trophy Points:
    113
    Gender:
    Male
    Occupation:
    CGI Creator
    Location:
    Osaka
    This solution seems the best and most realistic.

    If failed, I recommend you, Geedee, to keep the hard disc as it is for the future dada recovery.
    Yes, buy a new hard disc to replace and reinstall.

    Even some data recovery free softwares would be effective to take back jpg, bmp, txt, wmp, avi, etc from the old hard disc.

    In my case, 2 kinds of OSs are installed on the same hard disc - Win XP and Linux because
    Linux can also access to the Win XP data base and is hard to be affected by the malicious softwares.
     
  10. Wurger

    Wurger Siggy Master
    Staff Member Administrator

    Joined:
    Jun 19, 2005
    Messages:
    47,783
    Likes Received:
    1,550
    Trophy Points:
    113
    Occupation:
    A retired military Navigator/ATC, FIS controller
    Location:
    Poland


    What kind of OS usually is run on Mac computers? What file system do these use?
     
  11. comiso90

    comiso90 Active Member

    Joined:
    Dec 19, 2006
    Messages:
    3,672
    Likes Received:
    2
    Trophy Points:
    38
    Occupation:
    Video and multi-media communications expert
    Location:
    FL

    Mac are not immune to viruses and hijacking but there are FAR fewer problems (i've worked at places with 30% macs and i have used both Mac and PC ... had a mac virus once in 15 years)

    Mac has it's own proprietary OS but many Macs are made with intel chips which allow you to boot in PC mode so it will operate like a PC.

    IMO there are only 1 argument against Mac: The Price!

    Software used to be a factor but with the intel chips you now can run PC software.

    .
     
  12. Colin1

    Colin1 Active Member

    Joined:
    Jan 2, 2009
    Messages:
    3,541
    Likes Received:
    0
    Trophy Points:
    36
    Occupation:
    Engineer and overgrown schoolboy
    Location:
    United Kingdom
    Couple of posts here
    guys running two anti-virus programs; I thought you weren't supposed to do that?
     
  13. Thorlifter

    Thorlifter Well-Known Member

    Joined:
    Jun 10, 2004
    Messages:
    7,911
    Likes Received:
    189
    Trophy Points:
    63
    Occupation:
    IT Nerd
    Location:
    Dallas, Tx Jubail, Saudi Arabia
    100% unnecessary!

    Malwarebytes will clean this up and you will be back and running in an hour or two.
     
  14. Colin1

    Colin1 Active Member

    Joined:
    Jan 2, 2009
    Messages:
    3,541
    Likes Received:
    0
    Trophy Points:
    36
    Occupation:
    Engineer and overgrown schoolboy
    Location:
    United Kingdom
    Will it cure my slow-scroll problem?
     
  15. Wurger

    Wurger Siggy Master
    Staff Member Administrator

    Joined:
    Jun 19, 2005
    Messages:
    47,783
    Likes Received:
    1,550
    Trophy Points:
    113
    Occupation:
    A retired military Navigator/ATC, FIS controller
    Location:
    Poland
    I see. Thank you for the info. :)
     
  16. Thorlifter

    Thorlifter Well-Known Member

    Joined:
    Jun 10, 2004
    Messages:
    7,911
    Likes Received:
    189
    Trophy Points:
    63
    Occupation:
    IT Nerd
    Location:
    Dallas, Tx Jubail, Saudi Arabia
    Colin, More than likely that would be a video issue. Try updating your video driver to the latest version.
     
  17. Gnomey

    Gnomey World Travelling Doctor
    Staff Member Moderator

    Joined:
    Nov 28, 2004
    Messages:
    41,790
    Likes Received:
    519
    Trophy Points:
    113
    Gender:
    Male
    Occupation:
    Doctor
    Location:
    Portsmouth / Royal Deeside, UK
    Home Page:
    Yep, it is what I use along with, Spyboy Search and Destroy and AVG but I also sometimes use this very useful tool which is helpful as well: VundoFix by Atribune

    No, try updating the video driver. Would be worth giving your computer a scan anyway.
     
  18. B-17engineer

    B-17engineer Active Member

    Joined:
    Dec 9, 2007
    Messages:
    14,953
    Likes Received:
    13
    Trophy Points:
    38
    Occupation:
    model builder
    Location:
    Revis Island.
    Jan.... you and I are taking a trip to Russia. :lol:
     
  19. RabidAlien

    RabidAlien Active Member

    Joined:
    Apr 27, 2008
    Messages:
    6,592
    Likes Received:
    4
    Trophy Points:
    38
    Occupation:
    IT
    Location:
    Hurst, Texas
    I'm with Thor and Gnomey. I've cleaned several permutations of this (a half-dozen or so versions a year, it seems), and booting into safe-mode and then running Malwarebytes to nuke the bastages is one of the best things to do. Also Google and download a program called "Autoruns", which will show you every process/driver/program/etc that starts up when your PC starts (you can escape out of the scan, and choose an option to ignore Windows and Microsoft entries, which will make your list a lot easier to look through). You're probably going to be looking for something named with just a bunch of random letters/numbers, such as ae3zqrl.exe (for example), those are typically the virus files. Also, once Malwarebytes runs, it will give you a list of all the problems it found. Hop on another computer with Internet access, and Google those virus names. I usually will search for something like "Antivirus2010 manual removal", and follow the manual instructions showing file locations and registry entries to look at. There is typically NO need to reformat/reinstall/buy a new hard-drive. This is just a waste of time and money and all of your personal data/files. A little bit of hard work, a couple of beers, copious amounts of cursing the ancestors of those who infected you, and you'll be back to normal.
     
  20. GrauGeist

    GrauGeist Well-Known Member

    Joined:
    Aug 29, 2008
    Messages:
    15,221
    Likes Received:
    2,050
    Trophy Points:
    113
    Occupation:
    Public Safety Automotive Technician
    Location:
    Redding, California
    Home Page:
    You guys are going about this the hard way.

    Just send in a bunch of Greeks.

    It worked before...

    :evil4:
     
Loading...

Share This Page