Solved Need some help got a trojan

[Shinra]

Hello,
First off sorry if this is in wrong area.
My parents have got a trojan ( Smart internet protection) even tho they was protected using Mcafee internet security. Anyways, when i tried to open mcafee to run a system scan it would not let me. I don't know any thing about what to do, i have bought a nortan internet security protection but it wont even let me install it.
Any help would be much appreciated.
All so i can't even make a back up disc for the computer

 

[WesCole]

Try booting into safe mode, then loading the anti-virus. Sometimes this works...otherwise, make a note of the file path where the virus resides and delete the file in safe mode. Hope this helps.

 

[DMHolt57]

Boot the computer using the F8 key and choose Safe Mode with Network. Download Malwarebytes Anti Malware free version and run it.

 

[EzioAuditore]

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

• Save it to your Desktop.
• Double click the RKill desktop icon.
• It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
• Please post its log in your next reply.
• After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

 

[Shinra]

I have looked and i can not find where the trojan resides, all so i use f8 and start in safe mode with networking but it wont connect to the internet.
If maybe some one knows where abouts i can look for where it resides, that would be very helpful.

All so thanks for the promp responses so far

 

[Ambimom]

When you F8 select safe mode with networking; that will give you access to the Internet.

 

[Shinra]

hi i have run rkill but the computer that it is on will now not connect to the internet, so using laptop.
the log says
this log file is located at C:\rkill.log.
please post this only if requested to by the person helping you.
otherwise you can close this log when you wish.

rkill was run on 31/01/2011 at 18:19:22.
Operating System : windows 7 Home Premium


processes terminated by rkill or while it was running:

C:\windows\SysWOW64\InfDefaultInstall.exe
C:\windows\SysWOW64\runonce.exe

rkill complete on 31/01/2011 at 18:19:28

 

[Shinra]

windows network diagnostics
trouble shooting has successfully completed


problems found

Then remote device or resource won't accept the connection detected then a ! mark in a yellow triangle

have not restarted the computer, the symbol for the trojan has gone off the task bar at the bottom of the desk top. But in the windows start it is still there. It is showing there twice

 

[EzioAuditore]

Download Malwarebytes Anti-Malware and its update file from here - http://data.mbamupdates.com/tools/mbam-rules.exe to an uninfected computer.
Copy the files to any CD/DVD or flash drive and transfer it to the infected pc.
Install Malwarebytes Anti-Malware. Close it if its open.
Run the mbam-rules.exe file to update MBAM.
Run a full scan.

 

[Jacee]

Smart internet protection is a new clone in the same group as these previous trojans.
Follow the instructions here, in order to run MBam!
How to remove XP Security Tool 2010, XP Defender Pro, and Vista Security Tool 2010 (Uninstall Guide)

Copy and paste the log back here when finished.

 

[Shinra]

Thank you so much every one for the help, i hope this works, i will get some disks first thing in the morning
Will post with the outcome tomorrow.

 

[Shinra]

Thank you every one who posted to help.
And a big thank you to EzioAuditore, the pc is now working great again.
We are all so happy and so appreciative that there are kind ppl willing to help.
Thank you all again!! *Big Hugs*

 

[EzioAuditore]

Now, to get you started, delete old resore points:

Right click MyComputer icon and select Properties.
Click Advanced System Settings.
Navigate to System Protection tab and select your system drive (on which Windows is installed).
Click COnfigure and select 'Turn off system protection', Apply>OK>OK.
Reboot and the follow the above steps again and click 'Create'.
Name the new restore point, eg, 'Clean' and click OK.


Please read the following information that I have provided, which will help

you prevent malicious software in the future. Please keep in mind, malware is

a continuous danger on the Internet. It is highly important to stay safe

while browsing, to prevent re-infection.

Software recommendations

Free Antivirus

*Microsoft Security

Essentials: this is Microsoft's free antivirus/antispyware program. It

equips you with protection against viruses, spyware, trojans, rootkits, and

worms. It is also light on the computer's performance. Note: when installing

this, you have both an antivirus and antispyware. Make sure you also get a

firewall.
*AVG Free: this is one of the most

powerful, and easiest to use security software. The free version equips you

with protection against viruses, spyware, trojans, rootkits, worms, and

rogue software. Note: when installing this, you have both an antivirus and

antispyware. Make sure you also get a firewall.
* Avast!: This is an advanced malware

removal antivirus program. The free version equips you with protection

against viruses, spyware, trojans, rootkits, worms, and rogue software.
*Avira Antivir: this is an advanced

malware removal antivirus program. The free version equips you with

protection against viruses, spyware, trojans, rootkits, worms, and rogue

software.
*Rising Antivirus: this is a

lightweight, and great virus destroyer. It removes tough viruses, and even

rootkits and trojans get destroyed.



AntiSpyware

• 
  
  SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your
  
  computer. A tutorial on using SpywareBlaster may be found
  
  here.
• 
  
  Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also
  
  has realtime protection, TeaTimer to help safeguard your computer against
  
  spyware. (The link for Spybot - Search & Destroy contains a tutorial that will
  
  help you download, install, and begin using Spybot).

Anti Malware

*Malwarebytes' Anti-Malware

* is a great malware removal program. It is recommended for anyone's

arsenal. There is a paid version, which is highly recommended, but the

program will work fully for free.

Firewall


*

Tallemu Online Armor: The free version is just as good as the

premium. I have linked you to the free version.
* Comodo Firewall:

the free version is just as good as the premium. I have linked you to the free

version. The optional security suite enhances the firewall by 40% increase. If

you would like to install the suite that includes antivirus, then remove your

old antivirus first.
* PC Tools Firewall Plus: Free

and excellent firewall.

NOTE: Please keep ALL of these programs up-to-date and run

them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run

the resident protection of one of each type of program to maintain

protection. However, it is important to run only one resident program

of each type since they can conflict and become less effective. That means

only one antivirus, firewall, and scanning anti-spyware program at a

time. Passive protectors such as SpywareBlaster can be run with any of

them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving

them your money and some malware actually claims to be security

programs. If you get a popup for a security program that you did not install

yourself, do NOT click on it and ask for help immediately. It is very important

to run an antivirus and firewall, but you can't always rely on reviews and ads

for information. Ask in a security forum that you trust if you are not sure. If

you are unsure and looking for anti-spyware programs, you can find out if it

is a rogue here:
Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites

Securing your computer

• Windows Updates - It is
  
  very important to make sure that both Internet Explorer and Windows
  
  are kept current with the latest critical security patches from
  
  Microsoft. To do this just start Internet Explorer and select Tools >
  
  Windows Update, and follow the online instructions from there.

• http://hosts-file.net replaces your current
  
  HOSTS file with one containing well known ad sites and other bad sites. This
  
  prevents your computer from connecting to those sites by redirecting them
  
  to 127.0.0.1, which is your local computer's loopback address, meaning it
  
  will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being

generally more secure than Internet Explorer, it has a very good built-in

popup blocker and add-ons, like NoScript, can make it even more secure.

Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: Mozilla | Firefox web browser & Thunderbird email client
• Opera is available here: Opera Web Browser | Faster & safer | Download the new Internet browsers free
• Google Chrome is available here:
  
  Google Chrome
• SRWare Iron is available here:
  
  
  
  SRWare Iron

Virtualization
Please consider using virtualization software to prevent permanent changes

to other programs and data in your computer. Some examples are below:

Application level virtualization (For regular users)

*Sandboxie-Sandboxie runs

your programs in an isolated space which prevents them from making

permanent changes to other programs and data in your computer.

​

Benefits of the Isolated Sandbox


* Secure Web Browsing: Running your Web browser under the protection

of Sandboxie means that all malicious software downloaded by the browser

is trapped in the sandbox and can be discarded trivially.

* Enhanced Privacy: Browsing history, cookies, and cached temporary

files collected while Web browsing stay in the sandbox and don't leak into

Windows.

* Secure E-mail: Viruses and other malicious software that might be hiding

in your email can't break out of the sandbox and can't infect your real

system.

* Windows Stays Lean: Prevent wear-and-tear in Windows by installing

software into an isolated sandbox.

System level virtualization (For advanced users)

*VirtualBox- VirtualBox is a powerful

x86 and AMD64/Intel64 virtualization product for enterprise as well as home

use. VirtualBox is an extremely feature rich and high performance product .

*

Wondershare Time Freeze-Virtual system safeguards real system
# Easy switch between virtual system and real system: To enter virtual

system, you don't need to reboot computer; to return to real system, just

exit System Protection, and you can save or discard virtual system data

freely.
# Effective virtual system tool: Time Freeze creates a virtual environment as a

twin (copy) of the real system, on which you evaluate applications, watch

movies, and perform online activities. While the real system is under

protection, you no longer have to worry about viruses, spyware, malware

and other threats.
# MBR protection: Time Freeze 2.0.3 enhanced protection to the boot sector

of hard disk so as to guarantee the normal startup of system.


Happy surfing and stay clean!