Author Topic: Computer Infected by Jifas-CM [Trojan] HELP!!  (Read 4994 times)

0 Members and 1 Guest are viewing this topic.

civilian

  • Guest
Computer Infected by Jifas-CM [Trojan] HELP!!
« on: December 29, 2009, 10:50:21 PM »
Hi,

My friend's computer was attack by a Trojan by the name of Win32:Jifas-CM early Dec. 28, 2009.
I was surfing and the threat was encountered by either loading an ad on a website or clicking a hyperlink.

His computer is running on Windows XP, (SP2 i think.)
His previous antivirus wasn't able to defend the computer from the attack. Avira.

I quickly changed his antivirus to Avast! to see if that would help.
It did help me locate the infected files and gave me a name to the Trojan so that I could search google for it.
I saw several other cases with the exact description of what was happening at the time.

The Trojan overrides your windows firewall, antivirus, and security center after it has downloaded itself to your temp folder in your document and settings. It then displays a bogus security center warning which totally fooled me, that your antivirus is not working and that you should download this thing called malware defense. If you click on the enable protection button they give you without an antivirus that detects the Trojan, I believe it begins to spread.

Well I tried to erase as many files as I could using avast! and spybot. spybot confirmed many threats but wasn't able to detect several hidden threats.

Since I had no other way of connecting to the internet, I searched on the web for a solution or another antivirus that had the capability of ridding me of the Trojan horse.

After some googling, I found a website that gave me a suggestions of antiviruses that had the capability.

This is where I make a huge mistake.

I uninstall Avast!, the only thing defending my computer while still on the internet.
The Trojan started and install.exe while the defenses were down and install something that I have no comprehension of.

The reason for the installation was so that I wouldn't have avast interfering with this other antivirus i found out about all Dr. web because pctools doesn't have a demo that I don't have to pay for without signing up for something.

After that restart, the Trojan some how is interfering with the window's licensing.

When I start the computer windows loads up to where the account sign in is.
After I click on the administrator icon.
It gives me the error saying that there is interference with windows recognizing the computer's license and that I need Microsoft to activate it.

I have no clue what I have to do.
This is where I am stuck now, just got back to my house to use the internet and set up this post.
I was thinking of going back with the xp cds and see if that helps me get back to the desktop.

I still don't know if I will be able to get rid of the files. I was thinking of trying to reinstall Avast! and get it to quarantine the files in documents and settings.

Like I tried to delete the files when I first found out about them but I couldn't because they were in use and quarantining was the farthest thing from my mind. I am also wondering if there are other files possibly in the C:\windows folder.

Do you think there is anyway you can help?



The infected files I noticed were sort of named like setdebuggx (something like that) and a wr3sx (that one is wrong but I'm working off memory.)

Thanks for the time.
« Last Edit: December 29, 2009, 11:11:59 PM by civilian »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37334
  • Not a avast user
Re: Computer Infected by Jifas-CM [Trojan] HELP!!
« Reply #1 on: December 29, 2009, 11:28:40 PM »
Check your computer for Malware with

MBAM http://filehippo.com/download_malwarebytes_anti_malware/
update and run quick scan, click the button "remove selected" to quarantine anything found, and restart

SAS http://filehippo.com/download_superantispyware/

Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found other than cookies you may post the scan logs here

civilian

  • Guest
Re: Computer Infected by Jifas-CM [Trojan] HELP!!
« Reply #2 on: December 29, 2009, 11:34:39 PM »
That totally sounds like a worthwhile suggestion.

My current problem is the how windows activation thing.
I'm not sure if my plan about using xp cds will work.

I am far away from the computer at this moment, thank you for the suggestion.

Any idea about how I can solve the whole windows thing.
When I sign into windows, I can't see anything besides the wallpaper in the bg.

Can't ctrl alt delete, alt f4, windows button.

Has anyone heard of a trojan or virus that has the capabilities of doing this?

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33810
  • malware fighter
Re: Computer Infected by Jifas-CM [Trojan] HELP!!
« Reply #3 on: December 29, 2009, 11:45:40 PM »
Hi civillian,

Proposed example of a cleansing routine: http://www.geekstogo.com/forum/Unable-to-do-much-anything-t241915.html

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

civilian

  • Guest
Re: Computer Infected by Jifas-CM [Trojan] HELP!!
« Reply #4 on: December 30, 2009, 12:28:27 AM »
thanks,

I'm looking at it.
Will see if it helps at all.

i still have to travel back to my friend's house to try and get his windows working again first before i can try out any of these clensing methods.