JS Fake Trojan infection, please advise

By wannabee
Jan 28, 2009
  1. I posted a thread a while back for a friend's computer, although I was given a lot of tips from user Kritus back then, I was also informed over and over again that every situation is different, and a lot of these removal tools don't necessarily work for ALL viruses, so I should never just assume, for it might result in a critical error. This being said, I'm back, with a different issue on a different computer. It seems my mom and dad fell victim to an attack on their machine, clicking somewhere they shouldn't have clicked, and when I ran avast, I came up with 3 instances (so far, it crashed after only scanning 19% of the infected folder (temp internet files) of what looks to be a trojan (JS FAKE AV-A [Trj], JS FAKE AV-B [Trj], JS FAKE AV-C [Trj])
    I've looked online and found no real information on any virus under this name, but want to be absolutely sure that they are clean, since after finding these files I am hearing less than desirable information on certain sites they have been witnessing while browsing.

    They are currently using a "rebuilt" machine, formerly Win98 v. 2, now operating with XP home, using most recent IE, recently added Avast, also running Zone Alarm and Adaware to help reduce attacks, or be made aware of them anyway. I've installed and run Hijack this, and attached most recent log file for review. Could you please tell me what the next steps should be, and how I can clean this up for them? They have a broadband internet connection that is really slow, can't run most pages, and when they try to use their web-based mail, or run pages with any kind of flash/java installed, the ENTIRE page simply disappears.

    I appreciate your help. They live a fair distance away from me so anything you'll offer as help I will make an attempt to work on and repost as soon as I am able, multi part responses will be handled EXACTLY as you instruct, I wouldn't dare do anything out of order. Thanks in advance!

  2. raybay

    raybay TS Evangelist Posts: 7,241   +10

    Find the 8 Steps recommendations found elsewhere on this forum. They will take care of all your needs on this infestation.
  3. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi wannabee

    Run HJT Select and remove the below
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    Do the TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

    Skip no steps (do not install another virus scanner if you already have one, nor Firewall even if you do not have one.).

    Most importantly update MalwareBytes and SuperAntiSptware!

    Before you scan with SuperAntiSpyWare do the below:

    SuperAntispyware extra config

    After installed double-click the icon on your desktop to run it.

    Update the program definitions.

    Click the Preferences button.

    Then Scanning Control.

    In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:

    MalwareBytes extra config

    After update but before running
    Click settings and confirm all are Checked.

    I repeat Update these 2 programs.

    Run them and attach their logs.

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...