Solved Trojan, Please HELP!!!

[EvilOzzmess]

Well, I’m a little embarrassed to say, I’ve been hit with a rather nasty Trojan. McAfee detected it right away, and I told it to quarantine the junk, and I assumed it had… until IE kept opening with random junk pages I didn’t prompt it to open.

I therefore, did not write down the name of the malware, or even bookmark the info page that came up about it – as again, I thought McAfee had taken care of it. I remember something about “Auto” and it ending in .CO though, anybody know what the rest of it is or could be?

Anyway, I foolishly neglected to set weekly restore points, and so I cannot roll the system back to said restore points (I assumed that was already set up, but it isn’t). So, with that said how can I get rid of this and also how can I set up these weekly restore points so I don’t ever have to consider factory restoring again because of this problem?

I’m running a free trial of A-Squared right now, but I don’t know if that’s going to take care of it yet or not.

Thanks in advance for any help or information…

 

[Terrorz]

Download Malwarebytes and scan your PC (Full scan)
Download: Malwarebytes' Anti-Malware Free Download and Reviews - Fileforum

Also for your antivirus download Microsoft Security Essentials its free.
Download: http://www.microsoft.com/security_essentials/

Scan with MSE first than malwarebytes... both of them work great together to protect your PC. Hope I helped

Im sure either one or both will find the virus and destroy it


Click Windows 7 Forums to rep me if I helped

 

[thathagat]

try.....
hitman pro Hitman Pro 3 - SurfRight
mbam Malwarebytes.org
sas SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

 

[EvilOzzmess]

Thank you so much! Where McAfee, Microsoft Malicious Remover Tool and A-Squared failed, MBAM took care of it! Again, thank you so, so, so much! You just saved me hours of restores!

I would really like to know how I can set up system restore points to save on the hard disk though, in case this ever happened again and for whatever reason, antivirus removals fail. Any help on that would again, be very much appreciated!

EDIT: I know how to do this manually, but I would like to somehow set it up to do it automatically once a week, at a specific day and time. Thanks again for the help in advance!

 

[Terrorz]

No problem you can always rep my post... and yea for your antivirus you should consider Microsoft Security Essentials.

 

[thathagat]

I would really like to know how I can set up system restore points to save on the hard disk though, in case this ever happened again and for whatever reason, antivirus removals fail.

well....alternatively you can try......
Comodo Time Machine Data Recovery with Comodo Time Machine | Comodo
or
RollBack Rx - Windows System Restore Software - Download Today

the former is free the latter a paid software

but the best is drive/image backup on an external hdd

 

[EvilOzzmess]

Yeah, I was thinking about that too. Ghosting right? I think I would have to partition the External for that... a bit beyond my expertise.


UPDATE: I still have crap on here, actually. I don't know why, but it keeps coming back and I think it's "Zwangi". I'm running a full scan, but I think it won't work either. I don't know. I might have to just wipe everything out and then restore from the disks I made (thank God I did that)! If this doesn't work, should I try it in safemode with networking - before dealing with the pain in the butt that is resorting to factory image?

 

[thathagat]

UPDATE: I still have crap on here, actually. I don't know why

hi...did you scan with hitman and sas pro ?

I think it's "Zwangi"

here........http://www.prevx.com/filenames/2346422944934837948-X1/ZWANGI.EXE.html

 

[EvilOzzmess]

Trying that now... let's hope this works.

And of course, they want my money before getting rid of it.

I give up, I'm broke. I can't pay for it. So... factory image restore it is.

 

[jimbo45]

Thank you so much! Where McAfee, Microsoft Malicious Remover Tool and A-Squared failed, MBAM took care of it! Again, thank you so, so, so much! You just saved me hours of restores!

I would really like to know how I can set up system restore points to save on the hard disk though, in case this ever happened again and for whatever reason, antivirus removals fail. Any help on that would again, be very much appreciated!

EDIT: I know how to do this manually, but I would like to somehow set it up to do it automatically once a week, at a specific day and time. Thanks again for the help in advance!

Hi there
consider a commercial backup product such as Acronis -- thei is quite a popular one and can restore images directly from a bootable USB or DVD.

Macrium is another one -- I haven't used macrium but I gather its highly regarded as well and its free.

After a CLEAN install of your OS you should take an image and use it to restore after any computer infection.

I would NEVER trust a machine again if it had been infected . A complete restore IMO is the only safe solution.

Cheers
jimbo

 

[ridakash]

Look here:
Adware.Zwangi - Threat Details

 

[Tews]

even though this is categorized as a low threat, I agree with Jimbo... a clean install!

 

[thathagat]

Trying that now... let's hope this works.

And of course, they want my money before getting rid of it.

.

hitman pro has free cleaning for 30 days....just activate trial license and it will clean for free.....

 

[Jacee]

You can manually remove it:
Encyclopedia entry: BrowserModifier:Win32/Zwangi - Learn more about malware - Microsoft Malware Protection Center

Or, rescan with Malwarebytes'
* Be sure that everything is checked, and click Remove Selected.

Don't back up 'dirty' restore points!

 

[Jo 90]

Macrium

I use Macrium Reflect and I take an image of my machine about once a month, it's quite easy to use and I have had to restore twice in the past after I messed things up, just download from there website, Macrium Reflect FREE Edition - Information and download make a rescue disk and make an image on an external HDD or network drive or a bunch of DVD's. It took about 40 mins to back up and the same to restore a 160gb HDD that was half full.

 

[Jo6Pak]

I use Macrium Reflect and I take an image of my machine about once a month, it's quite easy to use and I have had to restore twice in the past after I messed things up, just download from there website, Macrium Reflect FREE Edition - Information and download make a rescue disk and make an image on an external HDD or network drive or a bunch of DVD's. It took about 40 mins to back up and the same to restore a 160gb HDD that was half full.

Jo 90 -

I've been thinking of giving this app a try. Which rescue method do you use (linux disk, linux usb, bartPE disk)?

Any tips/pointers in overall use?

THANKS!

 

[echrada]

I removed the same trojan from a clients computer yesterday. I started it up in safemode with networking. Downloaded and ran Rkill then downloaded and ran Malwarebytes scan, do the full scan as it is much more accurate.

While it is running go and do something else as it can take quite some time.

It found 27 items. I quarantined and then removed all items. I restarted the machine and then deleted restore points see here

http://windows.microsoft.com/en-US/w...-restore-point

This is important as if you go back to a restore point at a later date you might restore this virus.

Run the Malwarebytes scan again (quick this time) and bob's your uncle.
__________________

 

[EvilOzzmess]

Thanks guys, I chose a full factory restore - so my computer's now exactly back to how Acer shipped it out as (and subsequently was their recommended course of action for persistent, severe malware infestations). Along with five other programs, I tried running MBAM twice, fully - and twice quickly, and it DID detect and remove two Trojans - each time, but it was unable to fully remove whatever caused those two to get in here - so I really had no choice but to completely wipe out the system on this one.

I wouldn't have trusted it if I hadn't, anyway. Just kind of ticked I forgot to save my Firefox bookmarks before doing it... this is why you shouldn't panic and try to do this stuff on an all-nighter whilst half asleep. Ha... >_<


As for backup, I discovered I didn't really need that at all. I DO have a self-made Acer Restore Manager set of disks which did ghost the entire drive, along with drivers and the OS itself. But I find Factory Restore to do the exact same thing, so it's less complicated to just do that and then put everything back as it was before (like I'm doing right now, in fact). No big deal.

Thanks again for all your help guys! Really appreciate it.

 

[Terrorz]

Well good to here your virus problems are over, but for future reference have Microsoft Security Essentials as your antivirus if you cant afford to buy one and Malwarebytes along with it. These are two great programs that will keep you safe

 

[EvilOzzmess]

No, wait...once again, not sure if it's completely gone. MBAM found "Hijack.DisplayProperties" Registry Data HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

I don't know how that is even possible, but there it is. What should I do now? I don't see the old Processes that I had with whatever it was last time, that I believe I did just get rid of, but... yeah. It's there, somehow.


EDIT: I have found winlogon.exe in the processes, and when I checked it out it shows an icon with a WINDOW, WITH A MOON IN THE BACKGROUND. It is NOT capitalized, and it is NOT WINLOGIN.EXE which I know to be the TRUE Windows program type. How do I kill this?