Avast WEBforum

Other => Viruses and worms => Topic started by: 24 Grams on January 08, 2008, 11:59:46 PM

Title: Unknown trojan !?
Post by: 24 Grams on January 08, 2008, 11:59:46 PM

 First of all Happy New Year! This is my first post in this forum.

I have a virus and i'm not sure what it is. Everytime i click on a link or click on anythink a fake warning pops up saying:

 System Error!
 Your computer was infected by unknown trojan.
 It's dangerous for your system (critical files can be lost)!
 
 Click OK to download the antispyware program to clean your system! (Recommended)

This is obviously fake and has alot of grammical errors, which would not happen if it were a real warning by Microsoft.

Also everytime i search something on google it gives a porn link from youtube. It also gives me blank search results when i type things like 'remover' and 'deleter'

I have used advast and it has gotten rid of some viruses but it still pops up when i restart. I have tried switching off system restore and using safe mode when scanning but as i said the viruses keep coming back. As if it were hiding.

Title: Re: Unknown trojan !?
Post by: Lisandro on January 09, 2008, 12:58:24 AM

Never use this offers.
Use RogueRemover to clean your computer (http://www.malwarebytes.org/rogueremover.php).

I also suggest, if a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

1. Disable System Restore on Windows ME (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887) or Windows XP (http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405). System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp (http://www.stevengould.org/downloads/cleanup/) or the Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (http://support.microsoft.com/default.aspx?scid=kb;en-us;315222) (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run AVG Antispyware (http://www.ewido.net/en/). Some users recommend SUPERantispyware (http://www.superantispyware.com), Spyware Terminator (http://www.spywareterminator.com/) and/or a-squared (http://www.emsisoft.com/en/software/free/) (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest AVG (http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0) or Panda (http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx).

6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here and, specially, scan and submit to on-line analysis the RunScanner (http://www.runscanner.net/) log would help to identify the problem and the solution.

7. After you're clean, use the immunization of SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or, which is better, the  Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features of spyware/adware cleaning and removal.

8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/) to update insecure applications and avoid reinfection.

Title: Re: Unknown trojan !?
Post by: oldman on January 09, 2008, 03:28:42 AM

Hi welcome to the forum

Please download and run in the order posted


Download and run this clean up utility. You can use it regularly. When it's first run, it is in demo mode to show you what it will remove. Review it and then rerun in real mode. It is configurable.

CleanUp (http://www.stevengould.org/downloads/cleanup/)





Download  superantispyware
(http://www.superantispyware.com/)

First update SAS Then boot into safe mode and set up as below

Under Configuration and Preferences, click the Preferences button.
Then click the Scanning Control tab.

Under Scanner Options make sure the following are checked
- CHECK ALL BOXES




Return to the main page by clicking close on that screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive.(and other fixed drives)
Under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan.

When the scan is done, quarentine everything found . Reboot if asked. You can post the log in your next reply if you wish.


Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.


Click here (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  
• Put a check by Create a desktop icon then click Next again.
  
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
  
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
  

Title: Re: Unknown trojan !?
Post by: 24 Grams on January 09, 2008, 06:41:52 PM

 Thanks guys i managed to get rid of the pest i'm not sure how though. I downloaded over 20 anti-spyware programs ??? but anyhow thanks the cleanup tool freed up alot of space!  ;)

Title: Re: Unknown trojan !?
Post by: oldman on January 09, 2008, 06:44:15 PM

Yep that cleanup is pretty good.

You should post your combofix log and HJT log, just to be sure.

Title: Re: Unknown trojan !?
Post by: Lisandro on January 09, 2008, 07:36:17 PM

Quote from: 24 Grams on January 09, 2008, 06:41:52 PM

I downloaded over 20 anti-spyware programs ???

Is it a way of speaking or you, indeed, have them? Can you list them? We can give you a clue to what you have to keep :)