Results 1 to 14 of 14

Thread: help removing trojan + othes - tried everythin

  1. #1
    Registered User
    Join Date
    Sep 2005
    Posts
    23

    help removing trojan + othes - tried everythin

    I've run every possible scan there is, and this thing is still in the system.

    Trojan hunter
    Norton antivirus
    avg
    ad-aware
    bit defender online scanner
    cwshredder
    stinger
    winsockxpfix
    cleanup
    s&d

    it first started with the computer logging onto the net and playing audio, random audio with nothing open. norton blocked a few things with the messages indicating trojans - couldn't get the names. widows defender also block stuff (stop working now - cant run it)

    i tried to log into safemode but im thinking something is blocking this as i only get a black screen after selecting a user. i did however manage to run all the above by ctrl+alt+del then start new task

    hijack this looks clean too

    the appz only seem to be piking up Trojan.agent.alz in avg / agent.100 in trojanhunter

    ive run out of ideas..... help plz

  2. #2
    Hardware guy Super Moderator FastGame's Avatar
    Join Date
    Apr 2002
    Location
    Blasters worm farm
    Posts
    3,333
    You don't say what OS but I take its XP ?

    If so the first I'd try is see if system restore has a restore point that precedes this problem.

    You can also try

    AOL AVS (free Kaspersky 6.0)

    AntiVir free has one of the best Trojan detections. Set (in advance settings) heuristics to high.

    You said AVG, is that the AV or AVG Anti-Spyware Free, if it was the AV then use the AntiSpyware.

    Give SUPERAntiSpyware a try.

    If you use the other AV's make sure Norton real time protection is disabled.
    Last edited by FastGame; June 25th, 2007 at 01:04 AM.

  3. #3
    Registered User
    Join Date
    Sep 2005
    Posts
    23
    Quote Originally Posted by FastGame View Post
    You don't say what OS but I take its XP ?

    If so the first I'd try is see if system restore has a restore point that precedes this problem.

    You can also try

    AOL AVS (free Kaspersky 6.0)

    AntiVir free has one of the best Trojan detections. Set (in advance settings) heuristics to high.

    You said AVG, is that the AV or AVG Anti-Spyware Free, if it was the AV then use the AntiSpyware.

    Give SUPERAntiSpyware a try.

    If you use the other AV's make sure Norton real time protection is disabled.
    yes its xp and its AVG Anti-Spyware

    there seem to be two, tojan.agent and trojan.vundo

  4. #4
    Hardware guy Super Moderator FastGame's Avatar
    Join Date
    Apr 2002
    Location
    Blasters worm farm
    Posts
    3,333
    tojan.agent is generic and all the things you tried should get rid of that, where is this being found, what files ?

    trojan.vundo can be nasty if deep rooted or you have a program such as WinFixer that keeps reinstalling itself. AOL, AntiVir, SuperAntiSpyware should get rid of that...but...you might need to visit an AV site and get the removal tool.

    Did you try system restore ?

    hijack this looks clean too
    Hmm it should have shown vundo.
    Last edited by FastGame; June 25th, 2007 at 01:26 AM.

  5. #5
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,506
    run security taskmanager to see whats running on your system..

    Curio turned me onto this gem

    Security Task Manager displays detailed information about all running processes (applications, DLL's, BHO's and services). For each Windows process, it improves on Windows Task Manager, providing:
    • file name and directory path
    • security risk rating
    • description
    • start time
    • CPU usage graph
    • embedded hidden functions (e.g. keyboard monitoring, browser supervision or manipulation)
    • process type (e.g. visible window, systray program, DLL, IE-plugin, startup service)

    The Security Task Manager recognizes also virtual driver software, services, BHO and other processes hidden from the Windows task manager.



    http://www.neuber.com/taskmanager/
    ------------------------------------------------------------



  6. #6
    Registered User
    Join Date
    Sep 2005
    Posts
    23
    Quote Originally Posted by FastGame View Post
    tojan.agent is generic and all the things you tried should get rid of that, where is this being found, what files ?

    trojan.vundo can be nasty if deep rooted or you have a program such as WinFixer that keeps reinstalling itself. AOL, AntiVir, SuperAntiSpyware should get rid of that...but...you might need to visit an AV site and get the removal tool.

    Did you try system restore ?



    Hmm it should have shown vundo.
    i cannot figure out what roots its in, none of the scans come back with an address.

    no, my system restore was off

    im ran a app i foudn, VundoFix.exe, it seems to have taken some stuff out.

    im going to restart and re-run all the scans to see if anything is still left.

  7. #7
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,638
    You might also want to run "Combofix" as well. You can find it here.

  8. #8
    Registered User
    Join Date
    Sep 2005
    Posts
    23
    So I ran all of the scans again, and all came up clean. I ran:
    Ad-Aware
    AVG Anti-Spyware
    Spybot - Search & Destroy
    TrojanHunter Scanner
    Windows Defender

    I thought everything was fixed, too check, I powered down fully and power up few hours later. as soon as i logged in, pop up in ie - (didnt go anywhere bc my wireless was off). I also noticed everything that suppose to be in my taskbar is missing.

    the last hijack this looked clean, so i renamed it to shahdad.exe, and for first time ive got some stuff in it.

    im currently running ComboFix. im going to run AOL AVS, AntiVir free and SUPERAntiSpyware right after the scan is finished

    can i post logs here?

  9. #9
    Registered User
    Join Date
    Sep 2005
    Posts
    23
    HOLY SMOKY!!!

    i ran ComboFix, shit! it fixed everything, insane!!

    what the heck is that app? a better ver of hijack this!

    ive got my taskbar items back and no pop ups on log in

    looks good so far, final check to come but i think that did it

  10. #10
    Registered User
    Join Date
    Sep 2005
    Posts
    23
    haha nope

    superantispyware is picking up trojan.winfixer - 6 items

  11. #11
    Hardware guy Super Moderator FastGame's Avatar
    Join Date
    Apr 2002
    Location
    Blasters worm farm
    Posts
    3,333
    ComboFix is like and used with HijackThis, the logs should be posted at Spyware Warrior so one of the experts can help you remove the correct things. ComboFix and HijackThis aren't really made for the general public to use, one needs to understand the logs.

    Quote Originally Posted by shahdad View Post
    haha nope

    superantispyware is picking up trojan.winfixer - 6 items
    Quote Originally Posted by FastGame
    trojan.vundo can be nasty if deep rooted or you have a program such as WinFixer that keeps reinstalling itself
    U lucky dog......

    You're going to need more scanning (also in safemode if you can) rebooting, more scanning.

    I just did the most infected PC in the world, normally I don't fix things that bad, format and reinstall is my motto on the bad ones. Anyhoo I decided to take the challenge 8 hours of scanning with the things in this thread and the PC was clean as a whistle Only problem was that XP wouldn't work afterwards XP repair fixed that...

    Keep scanning and keep us posted.

    BTW don't forget AOL AVS and AntiVir and don't forget to disable the real time protect of the AV's not in use while using another

  12. #12
    Registered User
    Join Date
    Sep 2005
    Posts
    23
    Quote Originally Posted by FastGame View Post
    ComboFix is like and used with HijackThis, the logs should be posted at Spyware Warrior so one of the experts can help you remove the correct things. ComboFix and HijackThis aren't really made for the general public to use, one needs to understand the logs.



    U lucky dog......

    You're going to need more scanning (also in safemode if you can) rebooting, more scanning.

    I just did the most infected PC in the world, normally I don't fix things that bad, format and reinstall is my motto on the bad ones. Anyhoo I decided to take the challenge 8 hours of scanning with the things in this thread and the PC was clean as a whistle Only problem was that XP wouldn't work afterwards XP repair fixed that...

    Keep scanning and keep us posted.

    BTW don't forget AOL AVS and AntiVir and don't forget to disable the real time protect of the AV's not in use while using another
    LOL nice!!!

    i think i pulled out everything in my think tank for this one. glad it came of use to someone else.

    but i give up.... haha

    im going to just do a format and fresh install of everything. i think its time for one anyways.

    I was wondering though, is there guide, like top 10 things to do before and after re-install to avoid problems like this in the future/save your self time and hassle of a full format?

    this is what im going to do

    format, PARTITION this time haha, put windows in the smaller partition and save the larger partition for files (next time for once i wont have to burn everything to cd)

    then defrag, install my appz, defrag again
    clean out System Restore, set a new one

    then somehow figure out how to take an image to keep all stuff at that point in time.... hmm... other than system restore

    now a guide that has all that plus anything i may have missed & extra tips would be awesome.

    you only realize afterwards that you missed something. if theres a guide, many others have made the mistakes already so we can learn from them

    thanks for all the help

  13. #13
    Registered User
    Join Date
    Sep 2005
    Posts
    23
    i just thought of the other things i will need do after ive installed xp

    so... revision of thought
    1. format
    2. partition
    3. install xp
    4. defrag after install
    5. install appz off cd's (no internet connection yet) office, norton wow thats it, haha, everything else is downloaded of the net
    6. degrag again
    7. set clean system restore point here.

    now connect to the net
    8. update norton
    9. windows update
    10. dl & install windows defender
    11. dl & install firefox - also about:config at this pioint for tweaks:
    ---> use detailed guide at http://www.tweakfactor.com/articles/...oxtweak/4.html
    12. dl & install fiirefox preloader
    13. dl & install adobe reader
    14. dl & install anything else that comes to mind at this point that i may have missed now
    15. degrag
    16. set another system restore point
    17. now im on my marry way to screw up the computer again

    wow i think i just made a guide, haha

    so any tips or input on the above? i miss or skip anything crucial or even minor?

  14. #14
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,638
    Looks like you pretty much have it covered. Good Luck!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •