|10 Dec 2013||#11|
Just so you understand the 'nature' of backdoor.poison Backdoor:W32/PoisonIvy
Warning! Backdoor Trojans
These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.
If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.
More info can be found below:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports, ISP Information
Download Combofix from any of the links below, and save it to your desktop.<--Important
Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
After rebooting ensure your Security applications have been re-enabled.
In your next reply post:
***A guide and tutorial on "How to use Combofix" can be found here:
ComboFix: A guide and tutorial on using ComboFix
|My System Specs|
|11 Dec 2013||#12|
Finally i solved the problem myself. I am listing these steps so that it could be a least help to others like me if possible.
1) First i installed the Software named "Spy-bot search and destroy" and uninstalled other antispyware software like avast malwarebytes etc.
2) Turned system protection off, because this trojan can restore itself from system restore points. Delete those recovery points
3) Reboot the computer in Safe mode.( type "msconfig" in run program and look for the options)
4) In safe mode start the "spy-bot search and destroy program. Scan everything that the program will provide in option
5) scanning will take time and it will show some infected registry. Click fix found option.
6) Type %temp% in Run program and delete those temporary files( Skip system files)
7) Now type msconfig in run program and uncheck the safe mode option
8) Reboot the computer in Normal mode and now you can turn on system recovery and install Antivirus and do a scan and be happy now.
i hope i helped you. I tried these steps and i got my clean laptop again.
|My System Specs|
|Similar help and support threads|
Lately my HP 6620 is slow. Ran defrag, chkdsk, McAfee, Malwarebytes, Max Secure Spyware, System Mechanic (will not do a full analyze anymore). Ran Spybot Search & Destroy and it stops for quite awhile on Win32.bicololo. Googled this and it says it's a trojan. I can't find it anywhere in the...
Hello All Norton pick this up and can't Delete it.:mad: a0ee3d65141.Class ( Trojan Horse ) Need "Help" On how to get rid of this!:hot: Thanks for your help:geek:
Trojan horse in svchost.exe... What?
Hey. I was checking virusses, but then I was something really strange. AVG antivirusscanner 8.5 gave a Trojan horse in 'svchost.exe'... But that's a Windows file, right?
© Designer Media Ltd
All times are GMT -5. The time now is 08:53.