Help with removing new Trojan

T

trinaz

New member
Member
VIP
Local time
10:45 PM
Messages
477
Location
Phoenix
Well didn't take long...my girlfriend's computer with a brand new Win 7 Pro installation has a Trojan...Bit Defender stops it from accessing the Internet and Quarantines it...but it keeps reappearing as a new name. The location is always the same though as shown in the attached JPG. The Folders (source) always stay the same...but Bit Defender just Quarantines it...can't seem to find the source and remove it tho ?

The C:\Windows\ServiceProfiles\NetworkService\AppData\Temp\ is always the same...the wbwb.tmp changes...the svchost.exe is always the same.

When I first opened the W\SP\NS directory...there was no "APPDATA" folder...and some how I managed to get the "\SERVICEPROFILE\NETWORKSERVICE\" to become hidden...while trying to show the APPDATA folder ?

Any help on how to both get the SERVICEPROFILE\NETWORKSERVICE folders to reappear, and, isolate this Trojan and remove it will be greatly appreciated.

Thanks, Tim
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built
OS
Windows 7 Pro 64bit SP1
CPU
AMD FX-6100 Six-Core Processor
Motherboard
M5A78L-M LX PLUS
Memory
2ea Corsair-1333MHz-PC3-10666-240-pin-CMX4GX3M1A1333C9
Graphics Card(s)
NVIDIA GeForce GT 630 - 1023MB (EVGA)
Sound Card
OnBoard Via High Def Audio
Monitor(s) Displays
Samsung 204B main - ASUS VS228 secondary
Screen Resolution
1920x1080 main - 1920x1080 secondary
Hard Drives
Samsung SSD 840 128GB Win7 Pro 64bit - Western Digital WDC 465GB - Seagate 640GB Sata B/U - Maxtor 500GB Sata B/U - Maxtor 200GB Sata
PSU
Antec 650 watt
Cooling
Multiple case fans
Keyboard
MS USB dual Wireless Keyboard - IntelliType Pro
Mouse
MS USB dual Wireless Mouse - IntelliPoint
Internet Speed
Cox Cable
Antivirus
Bitdefender IS 2014
Browser
FireFox Primary - IE 11
Other Info
Hauppaguge Win TV HVR-1250 (Model 22xxx, Hybrid ATSC/QAM)
Samsung HD103SI USB 1TB Desktop Drive - Backup & Disk Image storage
You can enable "show hidden files and folders" by going to device manager then choose folder options and click to show files and folder then hit apply. You might try either MalWarebytes or spybot S&D to get that trojen.
 

Attachments

  • folder options.jpg
    folder options.jpg
    33.5 KB · Views: 5

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home built
OS
Windows 7 Ult, Windows 8.1 Pro,
CPU
Q9650-4.275GHz, E8600 4.5GHz, E6750-3.8GHz
Motherboard
Evga 780i FTW
Memory
G.Skill PC2 9600 1200Mhz 5 5 5 15 2T
Graphics Card(s)
GTX480
Sound Card
Asus Xonar D2
Monitor(s) Displays
HannsG
Screen Resolution
1680X1050
Hard Drives
GSkill Phoenix Pro 120GB SSD
PSU
ThermalTake Toughpower 1000Watt modular
Case
ThermalTake XaserV
Cooling
Xigmatek S1283
Keyboard
Logitech G15
Mouse
Logitech G9
Internet Speed
T1
chev65 said:
You can enable "show hidden files and folders" by going to device manager then choose folder options and click to show files and folder then hit apply. You might try either MalWarebytes or spybot S&D to get that trojen.
Click to expand...

I agree with chev65 and suggest you run malwarebytes in safe mode twice ;)
 

My Computer

Computer Manufacturer/Model Number
built my own
OS
win7 ultimate / virtual box
CPU
Intel Core i7 3770K,1155, Ivy Bridge
Motherboard
MSI Z77A-G43
Memory
GSkill Ripjaws Z Series 1600 CL 9.0 16GB
Graphics Card(s)
KFA2 GeForce GTX 670 EX OC 2048MB GDDR5 PCI-E gfx card
Sound Card
onboard Nvidia HDMI audio
Monitor(s) Displays
ASUS VK222H 22" widescreen LCD monitor
Screen Resolution
1680x1050
Hard Drives
Kingston 128gb SSD
OCZ Vertex 90gb SSD
500GB WDCaviar 16mb 5000KS
320GB WDCaviar 16mb 3200AAKS sata 2
1TB Samsung 16mb HD103SJ sata 2
PSU
Corsair HX 750W ATX2.2 Modular
Cooling
Antec 25 Kuhler H2O 620
Keyboard
logitech
Mouse
logitech MX518
Internet Speed
7mb adsl
Thanks guys...downloading malwarebytes now (free version I'm assuming ). Do I install this normally before rebooting to safe mode...or install it after rebooting to safe mode ?

Tim
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built
OS
Windows 7 Pro 64bit SP1
CPU
AMD FX-6100 Six-Core Processor
Motherboard
M5A78L-M LX PLUS
Memory
2ea Corsair-1333MHz-PC3-10666-240-pin-CMX4GX3M1A1333C9
Graphics Card(s)
NVIDIA GeForce GT 630 - 1023MB (EVGA)
Sound Card
OnBoard Via High Def Audio
Monitor(s) Displays
Samsung 204B main - ASUS VS228 secondary
Screen Resolution
1920x1080 main - 1920x1080 secondary
Hard Drives
Samsung SSD 840 128GB Win7 Pro 64bit - Western Digital WDC 465GB - Seagate 640GB Sata B/U - Maxtor 500GB Sata B/U - Maxtor 200GB Sata
PSU
Antec 650 watt
Cooling
Multiple case fans
Keyboard
MS USB dual Wireless Keyboard - IntelliType Pro
Mouse
MS USB dual Wireless Mouse - IntelliPoint
Internet Speed
Cox Cable
Antivirus
Bitdefender IS 2014
Browser
FireFox Primary - IE 11
Other Info
Hauppaguge Win TV HVR-1250 (Model 22xxx, Hybrid ATSC/QAM)
Samsung HD103SI USB 1TB Desktop Drive - Backup & Disk Image storage
trinaz said:
Thanks guys...downloading malwarebytes now (free version I'm assuming ). Do I install this normally before rebooting to safe mode...or install it after rebooting to safe mode ?

Tim
Click to expand...
You should install the program normally then reboot to safe mode and run malwarebytes scan.;)
 

My Computer

Computer Manufacturer/Model Number
D3f's Customs
OS
Win 7 Ultimate SP1 x64
CPU
Intel Pentium Dual Core E5300 OC'd @ 3GHz
Motherboard
Asus P5G41-M LE
Memory
Kingston 2x2GB DDR2-800 Dual Channel SDRAM
Graphics Card(s)
Integrated Intel GMA X4500
Sound Card
Realtek 5.1 HD Audio (ALC887)
Monitor(s) Displays
LG Flatron W1943S @ 60Hz
Screen Resolution
1360 x 768
Hard Drives
Internal - WD Caviar Blue 500GB, External - WD My Passport Essential 500GB
PSU
Headway 450w PSU
Case
Pixxo Slim Black mATX Case
Cooling
Stock Cpu Fan, 1 x Top Case Fan
Keyboard
Logitech K120
Mouse
Logitech LS1 Laser Mouse
Internet Speed
17.66Mb/s Down, 0.82Mb/s Up
Other Info
Creative SBS A300 2.1 Speaker System, LG GH22NS50 22x Internal Super-Multi DVD-RW, 2Wire 5012NV Wireless Modem Router
First thing after install is to check for updates.
 

My Computer

OS
7

My Computer

Computer Manufacturer/Model Number
Samsung NP530U4B-S02IN
OS
Windows® 8 Pro (64-bit)
CPU
Intel® Core™ i5 Processor 2467M (1.60GHz, 3MB L3 Cache)
Motherboard
Samsung Electronics
Memory
6GB DDR3 System Memory at 1,333MHz (on BD 4GB + 2GB x 1)
Graphics Card(s)
AMD Radeon™ HD7550M 1GB DDR3 (Ext. Graphic)
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
35.56cm (14.0) SuperBright 300nit HD LED Display
Screen Resolution
1366x768
Hard Drives
1TB S-ATA II Hard Drive (5400RPM) with ExpressCache 16GB SSD
Internet Speed
sucks
Antivirus
Microsoft Security Essentials
Browser
Google Chrome (Sync enabled)
trinaz said:
Thanks guys...downloading malwarebytes now (free version I'm assuming ). Do I install this normally before rebooting to safe mode...or install it after rebooting to safe mode ?

Tim
Click to expand...
Hello Tim
1. Install it on normal mode.
Update it.
Run Quick scan with it on Normal mode
Tick all detection except those on C:\System Voulme Information folders
Click remove selected.
It will open up lof file.
Post it here.

2. Now run Full scan and tick all drives.
same instructions as above.
Post back log.


For other guys who recommended safe mode. Sorry for hijacking your posts, but: http://www.sevenforums.com/system-security/53038-malwarebytes-safe-mode.html
Hope you guys will understand me. ;)

Dinesh said:
Hi there, scan with Hitman Pro.
Downloads - SurfRight
Click to expand...


+1
Do this one aswell.
Don't worry it's really fast.
 

My Computer

OS
Windows 7 Ultimate x86 SP1
You must log in or register to reply here.
Back
Top