Trojan help

By rwillis ยท 4 replies
Aug 3, 2008
  1. I downloaded a torrent of what I thought was a cracked version of some software only to run the .exe included and have all my open windows close. I immediately restarted the computer and was greeted with a message that windows had detected new versions of operating system files and that I should insert the windows disk to fix them. I tried a system restore to no avail, at which point I consulted Julio's sticky to try and fix it. I also noticed that Firefox was much slower than usual and sometimes closed unexpectedly (with the dialog saying "firefox.exe has had to close unexpectedly... etc)

    I followed Julio's instructions as closely as I could. After installing AVG it popped up with a list of trojans. I continued with the instructions and when I had done everything I thought I was done because my latest SuperAntiSpyware scan turned up clean and AVG no longer popped up with warnings and I didn't get any messages from windows. However, firefox still terminates without warning so I figure something is still wrong.

    I ran AVG again and found two files, which it said it deleted. But then I looked in the "virus vault" and there is still a list of things in there. Do I need to do something about that, and what?

    Help! here are my logs... (combofix didn't work... I got some message that the "application failed to start" or something and then a 0x00000005 or some odd number of zeros. I used dss.exe instead, as instructed)
  2. raybay

    raybay TS Evangelist Posts: 7,241   +10

    Upon running SuperAntispyware, I would immediately run it once more in SAFEMODE.
    I would also run MBAM Malwarebytes and either Spyware Doctor 5.5 or SpySweeper., and antivir Antivirus, and rerun them immediately in SAFE MODE.
    Also, run Combo Fix and post it here along with new logs from Superantispyware and Malwarebytes, and HiJack This

    As you have already seen, you are still infected with

    Adware.Vundo Variant
    and probably others.
  3. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    you need to disable teatimer in spybot and any other real time protection before using combofix

    Disable Teatimer
    • Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
    • Open Spybot S&D
    • Click on Mode at the top and make sure that Advanced is checked
    • Expand the Tools tab in the left pane
    • Single click on the Resident Icon also in the left pane
    • Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
    • Close spybot
  4. rwillis

    rwillis TS Member Topic Starter Posts: 47

    ok i ran antivir, mbam, and spyware doctor, with antivir and mbam each finding a few things. Then I ran antivir, mbam and superantispyware in safe mode, with nothing coming up. Then I ran combofix (thanks for the tip blind dragon) and hijackthis.

    Firefox still closes...
  5. rwillis

    rwillis TS Member Topic Starter Posts: 47

    ok I'm still not sure if my computer is still infected or not, but I think I fixed the firefox crashes by disabling AVG safe search and updating Java.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...