Hi,
My friend's computer was attack by a Trojan by the name of Win32:Jifas-CM early Dec. 28, 2009.
I was surfing and the threat was encountered by either loading an ad on a website or clicking a hyperlink.
His computer is running on Windows XP, (SP2 i think.)
His previous antivirus wasn't able to defend the computer from the attack. Avira.
I quickly changed his antivirus to Avast! to see if that would help.
It did help me locate the infected files and gave me a name to the Trojan so that I could search google for it.
I saw several other cases with the exact description of what was happening at the time.
The Trojan overrides your windows firewall, antivirus, and security center after it has downloaded itself to your temp folder in your document and settings. It then displays a bogus security center warning which totally fooled me, that your antivirus is not working and that you should download this thing called malware defense. If you click on the enable protection button they give you without an antivirus that detects the Trojan, I believe it begins to spread.
Well I tried to erase as many files as I could using avast! and spybot. spybot confirmed many threats but wasn't able to detect several hidden threats.
Since I had no other way of connecting to the internet, I searched on the web for a solution or another antivirus that had the capability of ridding me of the Trojan horse.
After some googling, I found a website that gave me a suggestions of antiviruses that had the capability.
This is where I make a huge mistake.
I uninstall Avast!, the only thing defending my computer while still on the internet.
The Trojan started and install.exe while the defenses were down and install something that I have no comprehension of.
The reason for the installation was so that I wouldn't have avast interfering with this other antivirus i found out about all Dr. web because pctools doesn't have a demo that I don't have to pay for without signing up for something.
After that restart, the Trojan some how is interfering with the window's licensing.
When I start the computer windows loads up to where the account sign in is.
After I click on the administrator icon.
It gives me the error saying that there is interference with windows recognizing the computer's license and that I need Microsoft to activate it.
I have no clue what I have to do.
This is where I am stuck now, just got back to my house to use the internet and set up this post.
I was thinking of going back with the xp cds and see if that helps me get back to the desktop.
I still don't know if I will be able to get rid of the files. I was thinking of trying to reinstall Avast! and get it to quarantine the files in documents and settings.
Like I tried to delete the files when I first found out about them but I couldn't because they were in use and quarantining was the farthest thing from my mind. I am also wondering if there are other files possibly in the C:\windows folder.
Do you think there is anyway you can help?
The infected files I noticed were sort of named like setdebuggx (something like that) and a wr3sx (that one is wrong but I'm working off memory.)
Thanks for the time.