So as the title suggests, i was lucky enough to stumble across a trojan and have spent yesterday trying to find ways to resolve it using my Norton 360 software (to no avail). In the end, i downloaded an anti spyware program known as "STOPzilla" which located the trojan and some sort of tracker cookie (which initially kept taking me to an "IE Defender" site). Anyway, they've been quarantined (and according to STOPzilla, they will be destroyed after 30 days), but im not too sure if the software picked up EVERYTHING ie.are there other malicious software programs still in hiding..? i dont particularly want STOPzilla on my computer (dont really trust it), but im afraid that if i try to remove it, it might not destroy what it found and instead release it back onto my computer. i realise all this may sound silly to You, however, im am not wise in the ways of the Computer...my computer literacy skills have yet to 'blossom'. Additionally, with my first Degree exam on coming up VERY SOON, im feeling a wee bit edgy, considering i use my laptop to look at lecture notes.

Thank you for your patience.

Quanfused, Edinburgh.

Let me just say, Norton is not worth the money - it creates more problems than it solves.

Do the following;

Go and read the [URL="http://www.techspot.com/vb/topic58138.html"][B][COLOR="Blue"]Viruses/Spyware/Malware, preliminary removal instructions[/COLOR][/B][/URL]. Follow all the instructions exactly.

Post fresh [B]HJT[/B], [B][COLOR="Red"]AVG Antispyware[/COLOR][/B] and [B]Combofix[/B] logs as [B][COLOR="Blue"]attachments[/COLOR][/B] into this thread, only after doing the above.
[B]
Also, let me know the results of the Panda Antirootkit scan[/B].

Regards Jason

[B][COLOR="Red"]This thread is for the use of[/COLOR][/B] [B]quanfused[/B] [B][COLOR="Red"]ONLY[/COLOR][/B]. [B][COLOR="Blue"]Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our [URL="http://www.techspot.com/vb/menu28.html"]security and the web forum[/URL][/COLOR][/B].

Hi! I'm on Step 10 - "Tool 1" of your prelim instructions. My laptop runs on Vista. Could you please tell me how i can "reboot to Safe Mode" so i can proceed with the "cleaning process"?

Thank you

To get into the Windows Vista Safe mode, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.

Regards Jason

Its a laptop; from your start, type msconfig in the search bar and press enter.
Go to the "boot" tab and check on "safe boot". Restart your system.

To boot back in normal mode, uncheck that box.


Regards,
momok =)

Hello! I've completed all the steps as stipulated. I hope you find the three log files attached were to your specifications. Having a Laptop that runs on Vista meant that for "Step 11", I had to download the AVG Antirootkit programme. It found nothing.
Again, Thank you (both) very much for your time and effort in helping me to resolve this issue.

Kindest regards,
Quanfused.

p.s. If there are any problems, or should you require any further information from me, please dont hesitate to contact me.

Attached Files

	hijackthis.log (11.2 KB, 2 views)
	Report-Scan-20071204-000518.txt (1.4 KB, 1 views)
	ComboFix.txt (16.8 KB, 1 views)

Put a tick next to the following HJT line;

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Click the fixed check button and close HJT.

All your logs look clean.

How is your system running? Any problems?

Regards Jason

[B][COLOR="Red"]This thread is for the use of[/COLOR][/B] [B]quanfused[/B] [B][COLOR="Red"]ONLY[/COLOR][/B]. [B][COLOR="Blue"]Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our [URL="http://www.techspot.com/vb/menu28.html"]security and the web forum[/URL][/COLOR][/B].

Done as requested. Thank you Big Man. You're a legend. The good news is that my system is working alot better (as far as i can tell). The bad news is I have to resume the joy that is revision. After this whole shebang, ive ended up with 3 different Antivirus softwares (plus all the programs that i downloaded during those "prelim" 15 steps. I've lost all confidence in Norton 360 and Stopzilla. Is it best that I remove them and let the AVG software do its work?

Kindest regards,
Quanfused

Get rid of STopZilla and Norton.

Use this [URL="http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039"]Norton Removal Tool[/URL] to get rid of Norton.

Get one of the following antivirus software;
[URL="http://files.avast.com/iavs4pro/setupeng.exe"][B]
avast! 4 Home Edition[/B][/URL]
[URL="http://free.grisoft.com/filedir/inst/avg75free_503a1205.exe"][B]
AVG Anti-Virus Free Edition 7.5[/B][/URL]

Followed by one of the free Firewalls;
[URL="http://download.zonealarm.com/bin/free/1025_update/zaSetup_en.exe"][B]
ZoneAlarm[/B][/URL]
[URL="http://www.personalfirewall.comodo.com/"][B]
Comodo[/B][/URL]

[URL="http://www.agnitum.com/products/outpostfree/download.php"][B]Outpost[/B][/URL]

Install any antivirus updates - and then reboot your computer.

You should be all set to go now.

Regards Jason

[B][COLOR="Red"]This thread is for the use of[/COLOR][/B] [B]quanfused[/B] [B][COLOR="Red"]ONLY[/COLOR][/B]. [B][COLOR="Blue"]Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our [URL="http://www.techspot.com/vb/menu28.html"]security and the web forum[/URL][/COLOR][/B].

Definitely got rid of Norton. Such a waste of money. Same goes to STOPzilla, although that was a little more tricky to get rid of. I've deleted it from my computer wherever it turned up and disabled it on my internet browser. I've decided to go ahead with AVG and Zone Alarm. It's working a treat so far...

Hope all is well,

Quanfused

Norton creates more problems than it solves.

Good to hear you got them two programs.

Are you sure STOPzilla is completely gone? If not post an HJT log and I'll have a quick look.

Regards Jason

[B][COLOR="Red"]This thread is for the use of[/COLOR][/B] [B]quanfused[/B] [B][COLOR="Red"]ONLY[/COLOR][/B]. [B][COLOR="Blue"]Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our [URL="http://www.techspot.com/vb/menu28.html"]security and the web forum[/URL][/COLOR][/B].

chances are that its still there, but i couldnt find anything obvious.

Kindest regards,

Quanfused

Attached Files

hijackthis.log (9.9 KB, 1 views)

* Run HijackThis

* Click on the Scan button

* Put a check beside all of the items listed below;

O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll

O2 - BHO: STOPzilla Browser Helper Object {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll

O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll

* Close all open windows and browsers/email, etc...

* Click on the "Fix Checked" button

* When completed, close the application.

[b]Flush the system restore points[/b]
[list=1][*]Right click on [b]My Computer[/b] and select [b]Properties[/b].[*]Select the [b]System Restore[/b] tab.[*]Check (tick) [b]Turn off system restore on all drives[/b] box.[*]Click [b]OK[/b].[*]Restart your computer.[/list]
After restarting your computer, follow these steps:
[list=1][*]Right click on [b]My Computer[/b] and select [b]Properties[/b].[*]Select the [b]System Restore[/b] tab.[*]Uncheck (untick) [b]Turn off system restore on all drives[/b] box.[*]Click [b]OK[/b].[*]Restart your computer.[/list]
[color=red][b]Note:[/b] Do this only ONCE, don't flush it regularly.[/color]

[b]Keep your system updated[/b]

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

[b]To update Windows[/b]

Go to [b]Start[/b] > [b]All Programs[/b] > [b]Windows Update[/b]

[b]To update Office[/b]

Open up any Office program.

Go to [b]Help[/b] > [b]Check for Updates[/b]

Alternatively, you can visit the links below to update Windows and Office products.

[url=http://update.microsoft.com/][b][color=blue]Windows Update[/color][/b][/url]
[url=http://office.microsoft.com/en-us/officeupdate/default.aspx][b][color=blue]Office Update[/color][/b][/url]

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:
[list=1][*]Go to [b]Start[/b] > [b]Control Panel[/b] > [b]Automatic Updates[/b][*]Select [b]Automatic (recommended)[/b] radio button if you want the updates to be downloaded and installed without prompting you.[*]Select [b]Download updates for me, but let me chose when to install them[/b] radio button if you want the updates to be downloaded automatically but to be installed at another time.[*]Select [b]Notify me but don't automatically download or install them[/b] radio button if you want to be notified of the updates.[/list]
Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

[b]Be careful when opening attachments and downloading files.[/b]
[list=1][*]Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.[*]Never open emails from unknown senders.[*]Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.[*]Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on [url=http://sourceforge.net/][b][color=blue]Sourceforge[/color][/b][/url] or [url=http://www.pricelesswarehome.org/][b][color=blue]Pricelessware[/color][/b][/url].[/list]
You should be good to go now mate!

Regards Jason

[B][COLOR="Red"]This thread is for the use of[/COLOR][/B] [B]quanfused[/B] [B][COLOR="Red"]ONLY[/COLOR][/B]. [B][COLOR="Blue"]Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our [URL="http://www.techspot.com/vb/menu28.html"]security and the web forum[/URL][/COLOR][/B].

How do I flush the system using Vista? The instructions you've laid out don't 'directly' correspond to the options that appear on my screen.

Kindest regards,

quanfused

Sorry about that - forgot you were using vista lol.

Follow this guide [URL="http://www.bleepingcomputer.com/tutorials/tutorial143.html"][B]HERE[/B][/URL].

You will need to scroll down to where it says disable and enable system restore.

Regards Jason