trojan damage, please help!

[ap0calyptic]

yesterday I surfed some auto traffi exchanges and suddenly acrobat reader popup came up and I clicked 'open', cause I thought it was of some file I downloaded, after that acrobat opened a popup saying something 'this action is not allowed' and windows defender showed message I got a trojan and I cliked to disifect it and on desktop I noticed all my folders were hidden-greyed out, I restarted and all my stuff from desktop was gone except shortcuts to some programs, went to restore points and there was none, so it seems this trojan deleted all my restore points+ damaged my files, because when I tried to open those hidden folders' files (I had to set folders to show hidden folders first to see them at all) it said I don't have permission or that they can't be accessed...now I'm doing full scan with kaspersky, spybot and windows defender, but still my folders are greyed out and somehow disk assistance seemed to fix my files, so I can open them again, but everything is still greyed out and ati catalyst always reports it stopped working when I restart it also some other programs have error starting saying I don't have the right permissions...please help me!

I could first use some help on where in events log can I find this report on trojan, so first we know what trojan I'm dealing with?

 

[Orbital Shark]

Hi,

I would advise (as well as the other scans you done) performing a full system scan with MalwareBytes and it will give a text log of anything it finds.

 

[ap0calyptic]

Hi,

I would advise (as well as the other scans you done) performing a full system scan with MalwareBytes and it will give a text log of anything it finds.

thank you, tho I don't know why , but whenever I installed malwarebytes and did scans my sytem would get all slow and eventually on every booting it went into repairing console and I couldn't do anything other than reainstalling my windows, so I'd rather use some other program...can you suggest any other, please?

 

[SoBored]

Hi,
...can you suggest any other, please?

HitmanPro

SuperAntiSpyware

You should consider installing a program called EMET...

Protecting your Windows PC with Microsoft EMET 2.0 - rationallyPARANOID.com

EMET - A new Windows security mitigation toolkit

it probably would have stopped this exploit of Acrobat Reader.

Also, consider using Sandboxie while surfing...

Sandboxie - Sandbox software for application isolation and secure Web browsing

 

[wilywombat]

I would suggest stongly that you follow Orbital Sharks advice as Malwarebytes will probably find your problem...put it this way..this is the normal course of action for finding trojans and has worked very well in the past......But its your call!!

 

[ap0calyptic]

I would suggest stongly that you follow Orbital Sharks advice as Malwarebytes will probably find your problem...put it this way..this is the normal course of action for finding trojans and has worked very well in the past......But its your call!!

thanks, I'll try the free version then and hopefully it doesnt ruin my sytem...will free version be able to find anld repair problems?

Also @sobored, thanks a lot for all these, but are all of these freeware?

 

[SoBored]

Also @sobored, thanks a lot for all these, but are all of these freeware?

EMET is totally free.
fyi, those websites will help you configure it.
Basically, you add programs you want to protect.
If you're using XP it's less powerful, but if your using Vista or Win7 it's much more effective.

Sandboxie is free but limited to one sandbox (your browser).

If you want the full unlimited program (unlimited sandboxes) it is a one time fee of 45 dollars (I think)

 

[wilywombat]

The free version of Malwarebytes is the one that most people use and yes, it does find and repair problems...Good luck

 

[ap0calyptic]

The free version of Malwarebytes is the one that most people use and yes, it does find and repair problems...Good luck

thank you, I installed it now and hopefully it helps me.

Also @sobored, thanks a lot for all these, but are all of these freeware?

EMET is totally free.
fyi, those websites will help you configure it.
Basically, you add programs you want to protect.
If you're using XP it's less powerful, but if your using Vista or Win7 it's much more effective.

Sandboxie is free but limited to one sandbox (your browser).

If you want the full unlimited program (unlimited sandboxes) it is a one time fee of 45 dollars (I think)

thanks for telling. Tho with EMET I'm not sure which programs should I protect?

 

[whs]

Unfortunately you are not out of the woods once you removed the trojan. The damage it has done cannot be repaired by any AV scanner. You do best to restore to a previous restore point or image (if available) or if push comes to shove you may have to reinstall.

 

[wilywombat]

whs surely that depends on the result of the scan? Sometimes there is no collateral damage and the infection is cleared up by Malwarebytes.

 

[whs]

whs surely that depends on the result of the scan? Sometimes there is no collateral damage and the infection is cleared up by Malwarebytes.

Yeah, maybe. But a smart trojan turns off all your facilities for recovery. But you usually become aware of the damage pretty soon. Problem is that by that time you may have lost the relevant shadows and/or not be able to use them. That's why I rather rely on my images.

 

[ap0calyptic]

@whs there's no restore points, as I wrote this trojan must've destroyed them, cause I know I had some...what to do now? also the thing I wrote about event viewer, anyone care to help me how to search for that trojan report, so I know what virus I got?

 

[SoBored]

...so I know what virus I got?

I suppose MalwareBytes will tell you that.

As for what programs to add to EMET, you could start with Acrobat reader.

Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit - Security Research & Defense - Site Home - TechNet Blogs

and then add this article to your reading list.

Microsoft EMET | help.artaro.eu

it suggests which programs to add.

 

[ap0calyptic]

...so I know what virus I got?

I suppose MalwareBytes will tell you that.

As for what programs to add to EMET, you could start with Acrobat reader.

Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit - Security Research & Defense - Site Home - TechNet Blogs

and then add this article to your reading list.

Microsoft EMET | help.artaro.eu

it suggests which programs to add.

ok. thanks a lot. btw any idea why all of my folders except shortcuts were set to hidden and read only? and I noticed my ownership has changed to system too, now if I want to have granted permission to my whole drive again instead of going to take permissions on every folder and taking ownership, is there a way to get around this?
I take it I have to take ownership back, cause a trojan whichever it is may allow unauthorized access to that one person who created it, no?