Spyware, Viruses, & Security forum

General discussion

Trojan/Adware Attack- Help!

by Vaportrails02 / May 14, 2010 11:22 PM PDT

Some sort of virus suddenly popped up on my computer.

I'm using Super anti spyware to try to get rid of it & so far it's found "Trojan dropper" & "adware tracking".

An Antivirus software demo & at first appeared to be working but it seems it's part of the problem. I stopped this program at 80% & unplugged my Internet.

My Internet explore keeps opening on it's own. Red shields keep appearing at the bottom of my screen which are supposedly antivirus, but they are also part of the problem. Also I am unable to open what I need to in my control panel because of this.

An unfamiliar window (antivirus software alert infiltration) keeps popping up. Ot looks like it's trying to emulate the windows antivirus program software.

I tried opening Avsti & Spybot but it won't let me into either. Like I said, the only prgram working is the Super Anti Spyware.

I'm wondering if I do a system restore, will that possibly fix the problem? Any help /advice on how to fix this problem is greatly appreciated! Thanks!

Discussion is locked
You are posting a reply to: Trojan/Adware Attack- Help!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Trojan/Adware Attack- Help!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Assuming Your Avast! & Spybot
by tobeach / May 15, 2010 4:20 PM PDT

& SAS are recently updated. Physically disconnect from internet connection to prevent even more badness from being downloaded!

You don't say what OS/SP level so these will be general suggestions. IF Vista/Win 7 be sure to do from log on w/ admin rights.

I would first try opening Task Mgr (C/A/D
together) & try & spot unknown new processes & applications running.
Look for the name of the fake A/V & similar. If you can see any , then disable the process/applications from there.

Then boot to safe mode & try running SAS & Spybot & Avast from safe mode (before windows loads start pressing F8 button every second. Use up/down keys to select safe mode & hit enter, don't worry about weird appearance as it will be normal when you reboot to normal mode).

Hopefully, some or all will work in this mode.Let them find & quarantine/remove all found while noting on paper the names & paths of infections found. Particularly note if ANY listed in System restore or system volume. If they are, you'll have to dump restore points but hold off on this till you see IF they're contaminated.

The problem is probably running from a safe spot in a .temp file likely in your IE cache (since it wants to download more bad stuff using IE). In Control Panel>internet options delete cookies & delete temp files including Offline files & delete History. While there look in Options >Connection Tab to see if a "proxy server" is listed/enabled. If you don't use such, then disable IF one found.
If you have other browsers, delete their temp & caches also. Same for caches in Java.

OR IF you have CCleaner on board, Under Options>Advanced, uncheck box for "only delete windows files older than..." and then run CCleaner.

Then after cleaning , scans & removals, reboot to normal mode and see if all seems normal. IF so, I'd update all protectors and re scan with each.

Post back w/ more info/results. IF still not right, then there are other steps to be taken with other programs & tools which will need access to a clean computer & some CD/DVD or flash thumb drives to transfer these new tools to infected machine. Good Luck! Happy

Collapse -
P.S....While in Safe Mode...
by tobeach / May 15, 2010 4:26 PM PDT

you may be able to run some of the repair tools included in your SAS!!
Open SAS, click preferences button & then "Repairs" Tab. There are tools to fix task mgr/control panel/ etc etc. Happy

Collapse -
Try this
by manmur / May 15, 2010 4:51 PM PDT

Before I start, You need to state your OS (Vista, 7, XP) What is the name of the anti-virus demo?

Fallow the directions in this link.

http://forums.cnet.com/5208-6122_102-0.html?messageID=3161457&tag=forums06;posts#3161457


You may want to also Download a Anti-virus stinger/Rescue disk that can be found on this site:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Run one after you run Malwarebytes and Super anti-spyware.

In case you do not know how to get to Safe-mode do the fallowing:

1. As soon as you press the power button on, press and hold on the (F8) key.

2. As soon as you here a beep/buzz like sound, let go of the (F8) key.

3. A Black and White menu should pop-up. Use your arrow key to get 'Start in safe mode' highlighted. Press enter

4. Log on as normal. Please note you will not have internet access unless you went to 'safe-mode with networking'. I recommend that you do not do this.

After cleaning out everything log back in as normal. Do a full scan with whatever you used to remove the infection. If it is found again you will have to disable system restore. Since I do not know the OS of your computer I cannot tell you how. Vista and XP have different ways to disable System restore.

I hopes this helps

Manmur

Collapse -
my progress...
by Syrinx77 / May 16, 2010 1:50 AM PDT

Hello,

"Vaportrails02" was nice enough to post the original thread on my behalf because while I was having this problem, I was unplugged & offline. (in the midst of trying to fix the problem)

After running SAS, & rebooting, the problem *seems* to have been solved for the most part. (I use XP, btw)
After reading the suggestions posted, I realized I hadn't run SAS in Safe Mode. Should I re-do?

Also, I noticed my scan may've missed a "Google redirect virus". I was under "Guest" on my laptop & several attempts to Google something took me to some random, plain-ish looking websites.

So from there, I did a search on these forums & saw that someone else had the same problem & someone suggested they download Malwarebytes' Anti-Malware. (which I'm now in the middle of scanning with- though again, not under Safe Mode. Should I restart?)

Thank you!

Collapse -
If both SAS and MBAM say you are clean then
by roddy32 / May 16, 2010 2:31 AM PDT
In reply to: my progress...

you are probably OK. Rebooting and rescanning would not hurt though with both just to be on the safe side. Safe mode shouldn't have to be used unless you are having a problem removing something. IF MBAM finds something though, just follow the prompts for whatever it tells you to do.

Collapse -
done...
by Syrinx77 / May 16, 2010 2:57 AM PDT

Both SAS & MBAM found stuff.

SAS found about 6 items & MBAM found about 7. I followed the steps after it was done & it says they'd been all removed.
I suppose now I'm good...though like you suggested, maybe I oughta do it once more in Safe...

Collapse -
It would not be a bad idea but it
by roddy32 / May 16, 2010 3:06 AM PDT
In reply to: done...

also depends on exactly what the 2 programs found. SAS also grabs tracking cookies which can be considered adware but not really malicious. Try it in safe more but do the complete scans with both and not the quick scans.

Collapse -
Glad You're Clean Now.
by tobeach / May 16, 2010 2:33 PM PDT
In reply to: done...

I suggested safe mode because you stated you'd run 80% of the Fake A/V
scan before quiting. I assumed this meant that you were beyond the "scare only" stage, and now had active trojans functioning which often can't be removed while active (hence safe mode).

MBAM would have been one of "the other tools" but I had hoped to get you clean enough to download yourself (not knowing you had alt. access
available). Good work & congrats on fine results. Happy

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.