Trojan popups coming often

Status
Not open for further replies.

Frogshark40

Posts: 47   +0
On my fathers computer, he told me of some of these fake anti-virus "buy me" programs coming up, so I scanned his computer and got rid of what was there. I installed Anti-Viri PE Classic and scanned, only 1 suspicious file but nothing apparently.

He is having random popups from anti-viri saying that trojans are just coming in out of nowhere, hopefully someone can run through this.
 
yea i had that problem too, a while back its Extremely annoying. Its the VUNDO.H trojan...
here is a link that tells you how to deal with it

www (dot) trendmicro.com/vinfo/uk/virusencyclo/default5.asp?VName=TROJ_VUNDO.H&VSect=Sn
 
mbam removed some infections.

AVG v7.5 antispyware is no longer being supported as far as I know> This means he isn't getting updates. You will need to be careful about upgrading though because AVG v8 has an antivirus program AND spyware program combined!

The Java is out of date. Most current is v6u7. Updates here:
https://www.techspot.com/downloads/6463-java-se.html

Reopen HijackThis. Check the following:
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

Check 'fix this' and close Hijack This> Reboot into Safe Mode:
Control Panel> Add/Remove Programs> uninstall all earlier versions of Java.

Boot into Normal mode. Please advise status of any pop-ups since Malwarebytes was run and removed entries. Run all security program scans updated, again. Decide about AVG- it doesn't do much good without update.
You might also note that these auto-update are loading from the Registry:
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

None are needed. If you want to stop them, add them to the HijackThis fix. Then after you boot into Safe mode:
Add/Remove Programs>> open Java, then Adobe>> update tab> uncheck 'check for automatic updates> answer Yes if asked to confirm.
 
He did some online shopping aswell, eBay and stuff, any certain precautions I should take about that?
So I'm guessing I remove the older versions after the first set of O2/4/6 then download the update.

I can't understand to much about what you were trying to say about AVG, your saying I should remove it and get another program? Any recommendations?
 
I can't understand to much about what you were trying to say about AVG, your saying I should remove it and get another program? Any recommendations?

The one you're using is out of date. Is it a free version or a paid version.

Also, after I do all this stuff will all these popups end?

Sorry, no guarantees. But it will be an improvement and hopefully the solution. I'd like to have you run SuperAntipsyware also. That is good for finding the Tracking Cookies. We can only work with what we're given.

The full cleaning programs are here: https://www.techspot.com/vb/post645589-1.html
 
AVG popup:

While opening file: C:\System Volume info\_restoreID 368F2c5058b3-4595-af15-fa0ff9e8d258}\rp316\a0016274.exe

Trojan horse sheur.bzvs

Clicked heal.
----edit
AntiVir came up

C:\System volume info\...\a0016335.exe
is the tr/dldr.agent.abnd trojan

----at the time i edit this, 1000 tracking cookies were detected
 
If this persists, with AntiVir popping up saying "Threat Detected!" would a system restore be the best bet?
NO! Never do a System Restore when malware is suspected and/or when you are cleaning malware. It is most likely that the infection will be in the restore points and anything removed will get right back into the system.

C:\System Volume info\ is the system restore. The files are protected and spyware/adware programs don't remove the infections from them. That's why we clean then at the end. Please follow along with the Steps and the logs.

When malware cleaning is done, we have you drop off all the old restore points.

You need to post the logs from the programs you ran. 10000Tracking Cookies is impressive. It's also an indication that a lot of third party files are getting on the system
 
TechSpot has a full cleaning program set up for all malware, not just viruses. It has already been recommended:

New malware cleaning instructions from TechSpot:

https://www.techspot.com/vb/post645589-1.html

It includes running the programs and posting the logs. Assistance is given to find and remove all the malware entries. ven the advanced users usually need help finding all the entries and require help in handling them.
 
kk and I just posted some stuff I do to make sure I have 0 virus's and malware and all that lot also it helped me get rid of most of my infections that stopped me from booting up and doing anything else lol that topic is for people that want to make sure 100% of their HDD is clean.
 
Status
Not open for further replies.
Back