How do I kill a Trojan?

Elljay · 20 May 2015

Hi there. I have been trying help my sister clean up her Dell Desktop Windows 7 for about a week now. Her PC started to freeze up. So I would shut it down and boot back up and I'd have about 5 minutes before everything would freeze up. This allowed me enough time to be able to run a few programs.
This is what I have done so far. I ran:
Adwcleaner and found nothing.
Malwarebytes and found nothing.
Super AntiSpyware found 131 adware/malware things and 3 Trojans.
Then I ran MSE deep scan and it found 2 adware/malware things and 1 Trojan.
The PC isn't frozen anymore but weird things are happening. Like file renaming and there are 2 Mouses without Borders Icons. She uses Palemoon occasionally and when I rebooted. The Palemoon Icon appeared on her desktop as huge as the Moon in the sky. LOL! She does not have these shortcuts on her desktop.
She has a malware or something called Trusteer. I could see the Icon in her programs. I tried to uninstall it with REVO. There was a pop up and I accidently hit it. So REVO couldn't uninstall it. Now the Icon has disappeared from the program list but it is still there. It has hijacked her Fire Fox Browser. I can also see conduit in msconfig Sartup.
I went out and bought the Fix It Sick. It didn't remove it.
I ran Kaspersky Rescue Disk 10, for 12 hours it didn't catch it.
I am out of ideas and ready to tear my hair out. Any suggestions on how to get rid of this thing?

GokAy · 20 May 2015

Trusteer seems to be a legit software, are you sure it is an infection? google it.
It may be possible to uninstall it with Download Rapport | Trusteer if this is the same software. Check for yourself.

There are also:
Adwcleaner
TDSSkiller
Rkill
to scan with.

Download from bleeping computers.

Note: Backup your data and perhaps make an image, I don't know how disruptive these programs can be trying to remove infections.

Elljay · 20 May 2015

Here is some of the weird stuff. That moon was huge!

Elljay · 20 May 2015

I think this is a fake. It says Intel Graphics Media Driver Accelerator. It's in her programs and in the Taskbar Startup icons. I don't have these icons on my PC. In msconfig I see conduit too.

Elljay · 20 May 2015

GokAy said:

Trusteer seems to be a legit software, are you sure it is an infection? google it.
It may be possible to uninstall it with Download Rapport | Trusteer if this is the same software. Check for yourself.

There are also:
Adwcleaner
TDSSkiller
Rkill
to scan with.

Download from bleeping computers.

Note: Backup your data and perhaps make an image, I don't know how disruptive these programs can be trying to remove infections.

It maybe be legit GokAy, but it is malware of some sort. I can't even use the windows snipping tool and it pops up and blocks me or the screen goes black.
GokAy, with all due respect ...I have researched this for a week now. I have been everywhere and I'm tired. They even have YouTube Videos for Godsake.
The Icon disappeared GokAy. There is nothing to uninstall.

GokAy · 20 May 2015

Download the one from my link, and install it. If it is the same thing, it may offer to modify/uninstall when you run the installer. If not then install first then uninstall. At worst they are different and you would have to install/reinstall.

Am I sure if this would get rid of it? No. But I would try nevertheless. That's all I tried to say in previous post. I guess it wasn't clear enough.

Edit: Oh and sorry for listing Adwcleaner for you to scan with, you mention you scanned with it in your first post.

Elljay · 20 May 2015

GokAy said:

Download the one from my link, and install it. If it is the same thing, it may offer to modify/uninstall when you run the installer. If not then install first then uninstall. At worst they are different and you would have to install/reinstall.

Am I sure if this would get rid of it? No. But I would try nevertheless. That's all I tried to say in previous post. I guess it wasn't clear enough.

Edit: Oh and sorry for listing Adwcleaner for you to scan with, you mention you scanned with it in your first post.

OK GokAy. That makes sense, seeing that I did find their Icon in the programs before it vanished.
I never thought of that. I'll try this tomorrow.
I ran TDSkiller also.
Speaking of research, while I was trying to find information on this program, I found other people's comments about it being malware and others saying it is an all out nuisance. What I do know is that my sister did not download it.
She rarely downloads anything and she barely surfs the net. So when she gets infected, she kinda freaks out. That has happened several times to her. She uses her PC mainly to check email and do banking etc. So I'm inclined to think it must have been one of her kids on there doing something...again. No more though, she now has a password...finally.
Kids have their own machines anyways.
No need to be on Mom's.

Elljay · 22 May 2015

Well, this takes the cake. This so called legit Company @
IBM Security Trusteer Rapport
is for the worst of the worst. Be careful of this one folks!
Never have I had this kind of crap...ever, trying to uninstall a program. I managed to finally download it again.
Choosing one of their options, "No, I'm trying to fix it". The icon showed up again in the installed programs. I tried 4x to uninstall it, after repeating the process yet again...and then again. 3 with Revo and once with CCleaner. It eluded both of them. When trying to uninstall, a small window appears asking "Are you sure you want to uninstall this product?" Revo was struggling to uninstall it for 1/2 hr. So, of coarse I had to hit the stupid button and then their other popup appears with more options. Click 'Yes' and Revo disappears and they take over. With CCleaner, they freeze the uninstall button.
I've been trying for a week already... Is there a Command I can give, to blast this program right off the planet?

Jacee · 22 May 2015

See if this article helps: https://www.trusteer.com/support/uninstalling-rapport

Callender · 22 May 2015

It's not a trojan - it's security software that some banks recommend to improve browser security when visiting secure sites.

The problem is that there's no way to shut it down and no way to remove it other than using the dedicated removal tool that you can get via the request form on their website.

Note: I just installed it to see if it could be removed. It's stated that it has self protection to protect itself from being removed by malware.

Well I can tell you that it resisted deletion even by some powerful removal tools that can delete files on boot.

One of my softwares did manage to force delete Trusteer Rapprort folders, files, serivces, drivers and registry entries.

Howsver that left the machine in a constant startup repair loop so I restored yesterday's system image backup.

Bottom line is - get the dedicated removal tool.