Virus problems. How can I remove them? *EDITED*

[Misuzu]

I (Or one of my family members) got another virus on the family computer. Usually we are pretty safe when it comes to E-mails and what websites we go to, in fact, we've only had 2 viruses and they both happened this month, is there a reason for this? We never had any before. But anyway...
 
I turned on my family computer and Windows Defender told me that I had a trojan/virus. Apparently it is called: "TrojanDownloader:Win32/Renos.JM". Which brings up ads on your computer? Is this dangerous? What does it really do? (Or does it just pop up ads?) Windows Defender says it's a Level 1 High Risk virus.
  
Avast! and Windows Defender both told me that I had that virus. I supposedly deleted it with Avast! (Does just hitting "delete" when Avast tells you that you have a virus, actually work?) but not Windows Defender. As I was doing a thorough scan with Avast!, Windows Defender kept telling me that I had that same virus. But last night I "supposedly" got rid of it with Avast!.
  
Until I logged onto the computer today. Now two ads just popped up about buying a camera, without me being on the Internet, that is from the virus right?  
 
Avast! says I don't have any viruses, but there is a lot of files it can't scan. I tried OneCare's Safety Scanner and it cleaned up most of the viruses/problems but 2 viruses (?) and 1 issue couldn't be cleaned up. Windows Defender is still giving me warnings about the virus, and everytime I try to quarantine the virus with Windows Defender, it says it was successfully quarantined, but then the warning pops back up about a hour later.

So far, 4 advertisements have popped up. 2 Pop up at a time.
 
I also heard you can get viruses from other computers using the same network. So I disconnected my other computer (My computer) from the Internet, would this prevent it from getting this same virus? I'm afraid to use my computer (Not the one with the virus) just in case I get this virus. Should my computer be safe if it isn't connected to the Internet?
  
Please help.
Thanks in advance!

[Tarq57]

If your computer is firewalled and does not have permissions set to file share across th network it should be ok.
Did you try MBAM (recommended in your other thread) on this one? Please do so.
This trojan is typically installed when trying to play a movie from the internet that "says" it requires a particular codec or player to play it. When the user clicks "download" or "ok" the malware is installed. It may then download more components (trojans etc), not good.
Here is what the malware centre at MS have to say about it. Quite informative.

You need to make sure the software on all computers is up to date. Try www.secunia.org once this is cleaned up, and perform an online scan. The site will ask to install an ActiveX control; this should be allowed. If preferred, the PSI can be installed instead. Rather than an online scan which only requires an ActiveX, it is a full install program that will constantly monitor software for known vulnerabilities and updates.

You need to make sure the other computer users in the house do not just click "OK" every time the net tells them to do something, without checking first. That's a toughie. In the end it's their choice. All you can do is keep your own computer password protected and isolated from the home network.

[Pondus]

Deleted:  already in Targ57 post......

[Misuzu]

If your computer is firewalled and does not have permissions set to file share across th network it should be ok.
Did you try MBAM (recommended in your other thread) on this one? Please do so.
This trojan is typically installed when trying to play a movie from the internet that "says" it requires a particular codec or player to play it. When the user clicks "download" or "ok" the malware is installed. It may then download more components (trojans etc), not good.
Here is what the malware centre at MS have to say about it. Quite informative.

You need to make sure the software on all computers is up to date. Try www.secunia.org once this is cleaned up, and perform an online scan. The site will ask to install an ActiveX control; this should be allowed. If preferred, the PSI can be installed instead. Rather than an online scan which only requires an ActiveX, it is a full install program that will constantly monitor software for known vulnerabilities and updates.

You need to make sure the other computer users in the house do not just click "OK" every time the net tells them to do something, without checking first. That's a toughie. In the end it's their choice. All you can do is keep your own computer password protected and isolated from the home network.

Thanks for replying guys!
I will be sure to use MBAM like you said. But, how dangerous is this virus?
 
Mind if I ask one more question?: Is it true that computers can get virused from other computers that use the same network? If so, would disconnecting my computer from the the Internet (Netgear) keep it safe? Oh wait, you kind of said that... How can I isolate my computer from the home network? (My neighbors have used my network too.. But only around one time. How can I block my neighbors from using my family's network?)

Thanks again.

[Pondus]

GetConnected - How To - Secure Wireless Router Set Up

http://www.youtube.com/watch?v=9UFh0W_Z3kI&feature=PlayList&p=B5FE761D3AAEE6EE&playnext=1&playnext_from=PL&index=11

http://www.youtube.com/results?search_query=how+to+secure+my++router&search_type=&aq=f

[Misuzu]

GetConnected - How To - Secure Wireless Router Set Up

http://www.youtube.com/watch?v=9UFh0W_Z3kI&feature=PlayList&p=B5FE761D3AAEE6EE&playnext=1&playnext_from=PL&index=11

http://www.youtube.com/results?search_query=how+to+secure+my++router&search_type=&aq=f

Thank you. I'm watching the first video right now.

Sorry, here's yet another question: How do I get my computer, "firewalled". Does that just mean that firewall is turned on? Oh no.. Avast just told me about another virus. It's a "Trojan Horse" called "Win32:Walivun [trj]" What does this do? What should I do? Please help.

EDIT: I moved the new virus into a chest. Is this ok?

Also, why do I keep getting new viruses? Does one virus cause more to get on your computer?
Avast found the location of the virus, and once again, it's in the temp folders... Would deleting it get rid of the virus?
Sorry about all the questions. But.. Would these viruses hurt my computer or corrupt my files?

[Tarq57]

Password protect your computer at the log on.
Password protect the (hidden) administrator account. here's how.

Firewall should be on, with no exceptions allowed. Now, I don't know much about networks, it being there is only one computer at my home and no wireless, but basically, if you can see and browse your computer (any part of it) from another computer on your home network, you need to do something to nail the security down.

Threatexpert info about Walivun.
An Avast forum entry about Walivun.

As for how bad is it, who knows? I wouldn't trust it as far as I could pee. Uphill and into wind. Any trojan downloader has to be considered a major security risk. If Avast has caught it before it had a chance to run/download anything else/send information out to the master-bot, you should be OK.

Sending it to the chest was totally the correct thing to do.
Just spotted you edits. Unlikely the trojan would corrupt your files. A file infector like Sality or Vitro/Virut would.
What the risk is, is that any sensitive info (passwords, bank account numbers, candid photos,even, etc) could end up in the hands of someone you don't want to know. Since Avast has stopped it, this is probably unlikely in your case.

You need to look at your home security. Here
 is a pretty good example of a tutorial for securing an operating system.  Such tutorials exist around the net. Here is another one.
Check here or at another trusted support site for which sites/applications are good (or not) before following them/installing anything.

The links to Youtube above are a good intro to wireless security. There are also tutorials around the web for this. (Hint: WPA 2 would be a good protocol to use.)
Don't forget Microsoft have a huge knowledgebase abd tutorials/info about this subject, too. I know a lot of folk around are a bit anti-MS, but it's their OS, they should know about how to configure it. You could do a lot worse.

[Misuzu]

Thank you for your help! But my post is going crazy back and forth. Why is this?
Should I change my passwords? But if I change them on this computer would the virus be able to get them. Ok, getting rid of the quote fixed my "crazy post" thing.. Anyway...

One of my family members went to their bank account on this computer, should they change their password ASAP? Or am I safe? What should I do with the virus in the Avast's Chest? If I change the passwords with another computer will that other computer get a virus?

Another thing:
I backed up my most important files just in case, with DVD+R's. The virus can be on the DVD+R's though, can't they? Or only if the files I backed up are corrupt? I scanned the discs with Avast! and it said that "Disk D: Boot Record" (Whatever it is) couldn't be scanned. What does this mean?
Would it be safe to use the discs on another computer?


I hope I'm ok. Sorry about any typo's, but my post is acting up again.
Hope can I really get rid of this problem?


Sorry, I can be just so worried about my computer problems, and I really don't want anything bad to happen. I'm virus-stupid and these are some of the first viruses I've ever had.. So I'm totally lost.

EDIT: I tried to change my Avast forum password, and I'm almost postive I pasted the right password in to change my password, but it kept saying it was the wrong password. Why is this? I hope this isn't because of the virus.

Sorry for being so desperate.
(Sorry for any typo's)
EDIT: I couldn't login to this website. It said I had the wrong password. I had to set a new one. I'm getting afraid that this is the viruses.
I also got a massage that I had a new virus called "HTML:Iframe-inf". Why do I keep getting more viruses? I'm getting worried. I put the new virus in the chest.

[Tarq57]

I might have given you too much info at one time.
You need to be methodical.

Install, update, and run MBAM on all the computers on the home network.Once MBAM is updated, disconnect the computer/s affected from the internet. Do that first. Post the scan report/s here.

Worry about how to prevent malware and securing your network next. (Like tomorrow, or tonight. We need to make sure the computers are not downloading malware etc in the meantime.)

General comments:

I don't know what you mean by "post jumping back and forth."
It is a waste of time changing any password until the computer is cleaned up.
I don't know how serious a security breach this is, and am therefore proceeding on a "almost worst case scenario", which may not be the case here.
That means that absolutely the bank should be informed, and any credit card that has been used, and after the cleanup, then passwords can be changed. And should be. (It may not be necessary, but why take the chance? I don't know what the malware writer's intention was when this malware was written and released.)

So get MBAM up and running first.

As to why you are getting viruses now, for the first time, I don't know. But the proliferation of malware is at an all time high. I have read a stat (originally read it on this forum) that every 16.5 seconds a new website is infected. Something like that.
So what may have been considered safe a month or a year ago just isn't, any more. And probably never was; it's just the chance of getting infected is so much higher now, that with a shoddy security policy (including out of date software and no encryption - which won't let malware in but is indicative of the household  attitude) it was your time to get infected.

This affects everyone. Everyone needs to take responsibility for this, it's as basic (but more complicated) as washing your hands after using the toilet. It's that simple, I'm afraid.

[Misuzu]

I'm using a scan with MBAM right now.

By my post "jumping back and forth", I mean... Everytime I type, it goes up to the top or middle of the post, then goes back down to the bottom, and does that very fastly.

So I need to run a scan with MBAM and then disconnect the virused computer from the internet?
My computer had virus problems as well, and I disconnected it from the internet as well. Could my older computer get viruses from this one? I'm kind of afraid of updating MBAM on my computer because I DID disconnect my computer from the net and I don't want to get the virus this computer has.

In my history, there's a lot of websites I haven't visited before.

Ok, MBAM is done scanning. It found 9 objects. The results are:

Trojan.FakeAlert - Registry Key
Trojan.FakeAlert - Registry Key
Trojan.FakeAlert - File
Trojan.Downloader - File
Trojan.Agent - File
Trojan.Agent - Memory Process
Trojan.Downloader - File
Trojan.FakeAlert - Registry Key
Trojan.Dropper - File


Malwarebytes' Anti-Malware 1.42
Database version: 3396
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

12/20/2009 1:27:37 AM
mbam-log-2009-12-20 (01-27-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 269590
Time elapsed: 1 hour(s), 26 minute(s), 27 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zagrebland (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\[my name]\AppData\Local\Temp\b.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Users\[my name]\AppData\Local\Temp\a.exe (Trojan.Dropper) -> No action taken.


What should I do? Click on the MBAM's button that says "Remove Selected"... Right?

And sorry for asking again, but I really want know this: would the DVD+R backup files that I created be infected by these viruses?

I'm just really confused and kind of afraid.   What am I supposed to do to secure my network? Change the password that pops up right before the computer comes on? Etc...
Thanks.

EDIT: I clicked on "remove selected" and MBAM said that some of the viruses couldn't be deleted, so it asked me to reboot. I did, and then Windows Defender popped up saying that it blocked some programs.. And MBAM was one of them!

I went into MBAM and clicked on "Quarantine" tab and picked "Delete All" ... It got rid of all the viruses in the list. (Not that kind of removed, I mean that it just made the words disappear, not the actual viruses) Does that mean that I have to scan again to be able to do something to the viruses again?
Is there any way that can allow me to just get rid of the viruses and be sure of it? (I know this is asking for a lot)

When I got a virus on my computer, I found the location of the virus, and just deleted it and the adult picturse with it, manually. And it seemed to actually work. (Hopefully, I don't want another virus on my computer...) Would deleting those files work too? (I doubt it)

Sorry for all the questions. But I'm worried. :/ Windows Defender just popped up and asked me if I wanted to continue with.. Something.

In the end of it all: I am virus-stupid, and I can't do anything. I don't know what to do, and I don't understand much about this kind of stuff. But, will my accounts be hacked? Hackers wouldn't want to hack a forum account, would they?
I'm really getting worried.
Sorry for any typo's and for being so whiney. :/

[envd]

Remove them all! Only a keylogger and some trojans can record what you tipe. I recommend using spybot too since one of its features is to block dangerous sites.

[Tarq57]

Looks like we're on the right track.
Select everything that MBAM finds, select "remove selected".
MBAM will almost certainly prompt for a restart to finish the removal. When it does, please restart promptly. The memory process will be deleted on reboot.
After that, run a quick scan again, please, and post the scan report.

Do this for all the machines on the home network. We will deal with the security of your home network later, please don't be afraid. (Just be a little bit nervous. )

[Misuzu]

Did clicking on "Remove Selected" and rebooting actually work? I haven't really had a virus warning so far after that.

EDIT: Ok, I'm going to go do another scan. Thank you so much for your help!


IT WORKED!!
I think... I did a MBAM full scan on all the computers (Even though my computer's MBAM wasn't updated.. Maybe it was.. I don't know...) and both computers turned out clean... I should be ok... Right?

Since I do have some websites on my history that I shouldn't have, I'm going to clean out my history, cookies and other things. Also, the forums post thing is still messing up, but this may be a forum issue... I don't really know.
Thank you so much for your help! If this may have not worked, feel free to say something, I need to get rid of stuff like this...

So is it gone..? Or not? Heh.

P.S. Avast still has the two viruses it detected in the chest. And it can still detect those viruses when I click on "Scan" in the chest. Is this just because I had a virus BEFORE I got rid of them, or does this mean I still have the viruses? But so far, so good. No pop-ups about viruses or ads, or anything.

Thanks again.

[Pondus]

P.S. Avast still has the two viruses it detected in the chest. And it can still detect those viruses when I click on "Scan" in the chest. Is this just because I had a virus BEFORE I got rid of them, or does this mean I still have the viruses? But so far, so good. No pop-ups about viruses or ads, or anything.

QUOTE: Avast user guide

Virus Chest
 
The Virus Chest can be thought of as a folder on your disk drive, having special
properties that make it a safe, isolated place suitable for storing potentially harmful
files. You can work with the files in the Chest, though with some security restrictions. 
 
The main properties of the Virus Chest are complete isolation from the rest of the
operating system. No outside process, such as a virus, may access the files inside,
and the fact that the files inside the Chest may not be run means there is no danger
in storing viruses there. For more information, see page 48.

[llariel]

Oh! God, I had this problem but I could solve it without any type of problem, it is very simple any time you know that to do, I lowered this trojan and sent it to analysis three days ago and avast! was detecting it at: Win32:FakeAV.AAJ (if you have this problem is because you execute the trojan manually)

If you use Windows Defender in advanced mode, you will never have any type of problem. (related with trojans and spywares)

Procedure to eliminate TrojanDownloader:Win32/Renos. JM

1) clean the temp files (start/control panel/system maintenance/free up disk space

*choose all the options related to temp files

2) open Task Manager

3) go to processes, and search for msa.exe (locate it on the disc and erase it)

4) go to services and look for the components: a.exe, b.exe, c.exe, locate them and erase them

5) uses Windows Defender in advanced mode, so that you could eliminate his actions and stop completing the process of elimination of keeping on going out emergent windows

6) Completed

* I did all this and managed to eliminate it completely, any doubt they can allow me to know. Using Windows Defender in advance mode, is the best antispyware that you can use