Jump to content

Multiple Trojans on Hijacked computer


sleepingdog1
 Share

Recommended Posts

I am trying to help a relative whose computer has all these infections. Cannot use the internet to get online with her computer so I am using my own computer to write this post. I put Asquared and Malwarebytes onto a CD and ran them but of course they cannot hook up to the internet for updates etc. The scans revealed lots of malware but much of it could not be removed or quarantined.

For sure Enterprise Suite, Reanti, and Koobface are on her machine and I think there are many many more problems. She had no antivirus, firewalls, or other security installed except for spybot search and destroy so the machine was essentially defenseless.

Despite running malwarebytes and Asquared, the fake security messages continue to pop up, the internet cannot be used for anything except access to MSN or the fake site the trojan wants to direct it to.

Is the best thing to do just to see if she has the operating disc and reinstall the operating system? Manual removal sounds like it will be very difficult and results not guaranteed. Any advice you could give would be most appreciated. Thank you.

Link to comment
Share on other sites

Clean install may be the best course of action, seeing as the system was basically unprotected.

We can attempt to clean the system, there is no guarantee that we will successfully reid the system of all malware.

-----------------------------------------------------------

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

Link 3

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

-----------------------------------------------------------

Attach fresh logs for:

  • ComboFix (C:\combofix.txt)
  • a-squared Free/Anti-Malware
  • ISeeYouXP
  • HiJackFree

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

Thank you for your reply! I am wondering though, you say to download combo fix to my desktop. You see, I can't download anything with the infected computer. I don't have a repair shop or anything so I wonder if it would work to actually download the combo fix on my healthy machine onto a CD, and then to install the CD from there onto the infected computer? Otherwise I don't know how to get the combo fix onto the sick machine. Hope this question on your instructions makes sense! Thanks again!

Link to comment
Share on other sites

...Cannot use the internet to get online with her computer so I am using my own computer to write this post...
... I can't download anything with the infected computer...

Hi sleepingdog1, and welcome to the forum.

If you cannot download required Tools and you have Internet access from another clean uninfected computer you may try to download all listed Utilities there.

Save them on external media and then copy to your (her) infected Desktop / install / run... as per instruction

note: Please copy (don't type) all referred links from the instruction so you will use precisely the sites suggested when downloading on another PC.

My regards

Link to comment
Share on other sites

I was able to get a log out of running combo fix. The computer is still infected. The infection is blocking me from running CCcleaner, Hijackfree, and ISeeYouXP.

A squared is able to run from when I installed it before I contacted your site.

I can attach logs of combofix and asquared but unless you can advise, I am not able to get the other programs running to show logs.

I am a little worried about putting the log files from the infected machine onto a cd and then putting the cd into my computer. Could the infection get on the uninfected computer? I did insert the disc with the combofix log onto the uninfected computer and scanned it with asquared, malwarebytes, and AVG9.0 and it looks uninfected. Please advise on whether it would help for me to attach the combofix log and the Asquared logs and if it is safe to do so.

Thanks!

Link to comment
Share on other sites

I have the combo fix log that I can attach.

I ran asquared before contacting your site in the hopes it would take care of the problem and I set it to delete as many infected files as possible. I have two logs from before contacting your site and seeing the start up instructions that say not to delete anything just save the logs.

So I am running asquared right now just to see what is currently the situation. Would it help you to have all three asquared logs once the current scan is run to help sort out any files that I deleted before contacting your site? Or do you just want the most current log?

Thanks!

Sleeping Dog

Link to comment
Share on other sites

The problem is that the infected computer cannot get to the internet except for the site the trojan is directing it to so an update is not possible.

It seemed like I could not get the updated version on the CD although the updated version is on my healthy computer. I got the program installed but am not sure how to get the updates onto a cd and then update Asquared.

Hope this is clear.

Thanks,

Sleepingdog

Link to comment
Share on other sites

Now my supposedly healthy computer is showing virus.win32.sality!ik on a current Asquared scan that is still running. Don't know if this could be from transferring the logs over from the infected machine. virus.win32.sality!ik was not one of the infections that seemed to be on the other computer I am fixing.

I will quarantine the files after A2 is finished scanning. Can you instruct me how to do a "clean install" of the operating system? I still have my disk so maybe that would be the safest way to go.

Also, if I do a clean install, can I backup movies, music, photos, spreadsheets, and word files in such a way as to avoid transferring the virus with my valued data? Can the virus attach itself to this type of data or do I need to be worried about that?

Thanks,

Sleeping Dog

Link to comment
Share on other sites

Based on the contents of the CombFix log, the system is so heavily infected it may not be worth the effort to disinfect the system. A Clean Install of the Operating System would be the most prudent Course of Action.

Instructions for performing a Clean Install of Windows XP can be found at http://www.theeldergeek.com/xp_home_install_-_graphic.htm

Link to comment
Share on other sites

Thanks for the clean install instructions of windows xp. One other problem which from quickly looking at the instructions I do not think it addresses is that my sister in law does not think she has the operating disc that came with the computer (it's with her ex-husband who is not likely to help her in any way).

I have the discs for a different laptop, a gateway that had XP as well as for desktops of various versions like windows 98. What if I used one of those...could that work? The clean install instructions talk about what to do if the computer won't boot up from the cd-rom and if that is the case how to obtain a windows xp setup boot disc, but I don't think that is the problem with her machine. Or is the setup boot disc what I'm looking for?

Sorry to be flailing around so much here... One other question is that, providing I can get an operating system disc to do the clean install, is it safe to back up her photos, music etc onto a CD and then scan and reinstall them or is that just inviting the virus to reinfect the computer again? Should I attempt to save some of her data?

Also, I mentioned in my last post that my own computer ahd a virus issue. I let A2 run and quarantined the files it told me to. The Win32 problem seems to have something to do with Big Fish Games which I have installed on my machine. Hopefully the issue was taken care of by A2. If I have further issues with this new problem should I start a new thread?

Thanks,

Sleeping Dog

Link to comment
Share on other sites

You can't use OEM Installation Media that came from one manufacturer on a system not made by that manufacturer.

Depending on the age of the system, it may have come with a special restore partition. In which case, you can restore the system to it's original ship state. Meaning it will be just like it came out of the box the day it was first powered on.

You should make every attempt to backup all personal files on the system before performing a clean install.

If you have reason to believe that your system is infected you should start a new thread for that system.

Link to comment
Share on other sites

Okay, so if she can't find the OEM installation media that came with the computer she would either contact the manufacturer or microsoft? Is she just out of luck?

Thanks!

Sleeping Dog

Contact the manufacturer of the system. They may be able to provide the installation media for a nominal fee. Which, would be far less then what Microsoft would charge for a copy of Windows XP Professional.

Link to comment
Share on other sites

I just talked with my sister in law and she found the bag the computer came with. It is an HP and so apparently it does not have recovery discs but rather a partition that you can access upon rebooting to restore the system. There is an option for a user to make their own recovery discs but of course my sister in law never did this.

So it sounds like all I have to do is back up whatever data she wants to save, then reboot the computer and hit F11 and then follow the steps from there to reset the system back to factory clean and then update all the windows and HP updates that have happened up to this date. The virus should be eradicated then correct? Then I will install firewall, antivirus, etc. to help make sure this doesn't reoccur.

Does this sound like what I should be doing?

Thanks,

Sleeping Dog

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...