Please help..Trojans? Viruses?

  • Thread starter Thread starter boylers11
  • Start date Start date
B

boylers11

Hey,
Over the past week or so, my computer is running really, really slowly.
I have been into certain files on my computer e.g. C:/WINDOWS and I've
found some files which I thought might be 'bad' so I typed their names
into Google and it came up with "virus", "trojan" etc. I'm a beginner
with things like this, but I know Trojans are pretty bad. Please could
someone help me out....tell me how to get rid of bad files and prevent
them from returning? If you could spare me a few minutes, that would be
great! Thank you!
Boylers
 
I take it you don't have any up-to-date anti-virus and any anti-spyware
programs running on your system?

Here are some reputable online virus scans:
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.pandasoftware.com/activescan/
http://www.bitdefender.com/scan/license.php
http://security.symantec.com/sscv6/default.asp
http://www.ravantivirus.com/scan/
http://us.mcafee.com/root/mfs/default.asp
http://www.kaspersky.com/scanforvirus
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Run two or three of them. Then get a AV program from one of those
companies, and install it on your system. Preferably one with real-time
protection.

Then, check for malware/spyware....

Use Ad-Aware, Windows Defender and/or Spybot Search & Destroy to remove it.

Windows Defender (beta)
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Ad-Aware: http://www.lavasoftusa.com/
Spybot: http://www.safer-networking.org/en/index.html
Good sites on how to install and use Spybot -
http://www.safer-networking.org/en/tutorial/index.html
http://tomcoyote.com/SPYBOT/index1.php

Also download a winsock repair tool, to have just in case cleaning up
anything found breaks it -

Winsock repair tools:
LSPFix- all versions of Windows http://www.cexx.org/lspfix.zip
Winsock2 Fix- Win98, ME
http://www.bu.edu/pcsc/internetaccess/winsock2fix.html
LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip

More information here:
http://www.spywareinfo.com/
http://inetexplorer.mvps.org/tshoot.html
http://spywarewarrior.com/sww-help.htm

If no joy, in IE go to Tools...Internet Options...Advanced tab, Browsing
section, uncheck "Enable third-party browser extensions", click Apply, click
Okay, reboot. If that solves your problem, then more troubleshooting is
needed to find out exactly which program, or Browser Helper Object (BHO) is
causing this problem. You don't want to leave it at that, as some BHOs are
useful or necessary - like Adobe Acrobat for reading .pdf files or an
essential component of Norton AV. Get BHODemon -
http://www.definitivesolutions.com/bhodemon.htm - read all about BHOs.
Disable all items, and then gradually replace one or two at a time to narrow
down the culprit.

Or if you have IE 6 SP-2 you can do this within the browser:
How to manage Internet Explorer add-ons in Windows XP Service Pack 2
http://support.microsoft.com/default.aspx?scid=kb;en-us;883256

If all the above fails, then the problem could be something new that the
spyware cleaners above don't have in their databases yet. In that case....
HijackThis direct download:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Tutorial on how to use HijackThis:
http://www.spywareinfo.com/~merijn/htlogtutorial.html
Then post it's output log to the forum here for analysis and feedback by the
parasite experts:
http://www.spywareinfo.com/forums/
Or the other HijackThis Logs forums listed here:
http://www.spywareinfo.com/~merijn/forums.html

Or try this program to get some of the most nasty malware:
CWShredder direct download:
http://aumha.org/downloads/cwshredder.zip

An alternate resource for all of this and more:
http://www.aumha.org/secure.htm
 
Hi Boylers :-)

To fully clean your system of all scumware, start here and work through the
detailed steps:
Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm

Be aware, your Anti-Virus won't detect all types of warez, Trojans, malware,
worms, etc., and neither can other adware or spyware related programs such
as AdAware and SpyBot. They don't have the proper definitions. They must
also be run in Safe Mode with Hidden Files enabled in order to fully scan
all files. Even if you have run such programs and nothing shows up, it does
not mean your system is clean. It takes a series of programs to fully clean
your machine. Some very aggressive and damaging variants of malware can
replicate themselves repeatedly, or mutate, if not removed properly.

Also...

Download and install HiJackThis. This is one of the most important steps.
Follow all instructions carefully. This program should be run in Normal
mode.

How to download and install HiJackThis: Win 98-XP
http://www.download.com/HijackThis/3000-8022_4-10227353.html
Please see http://aumha.net/viewtopic.php?t=4075 and
http://aumha.org/a/quickfix.htm before posting to the forum

Please.. DO NOT post your log HiJackThis log to this newsgroup. DO NOT
delete anything from the list yourself unless you are an experienced user of
this program. It is important that you post your log on one of the
HiJackThis Support Forums below and allow the experts there to analyze it
for you:
AumHa HiJackThis Forum
http://forum.aumha.org/viewforum.p
(http://www.dslreports.com/forum/security)
to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.
(Note: You will have to Register before posting on these Forums.
http://aumha.net/profile.php?mode=register
Please follow all pre- posting instructions below carefully to avoid having
your log deleted or ignored.
http://forum.aumha.org/viewtopic.ph...ghlight=&sid=b59f8de4de1850003b79b74558a4b58b)
All responders are volunteers and they are very busy, so please be patient.
..
Please post a link back here to your log at AumHa so that we can follow your
progress.

If you need help along the way, we're here, just post back here and we'll
help you through it.

Hope this helps.

Jan :)
MS MVP - Windows IE/OE [DTS/AumHa]
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
 
Back
Top