Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Aftermath of Infection 1

Status
Not open for further replies.
audiopro

audiopro

Programmer
Apr 1, 2004
3,165
GB
I have recently had a computer infected with a Trojan virus and a spyware loader. I have cleaned it up but I suspect there is still some adware stuff left. When searching on google, I am directed to advertising sites on the first click, if I go back and click the link again the proper page appears. I have checked it with Norton Anti, cleared out rogue processes and their registry entries, run various adware checkers and run the windows mrt.exe utility but there is still something wrong.
I see there is live check option linked from Microsoft, is it worth running this or is there a better way to solve the issue.

Code: 
[URL unfurl="true"]http://onecare.live.com/site/en-US/center/howsafe.htm?s_cid=mscom_msrt[/URL]

Keith
 
Sort by date Sort by votes
In all honesty if I were infected that badly I would take all of the needed data off the machine, scan it with a couple of different scanners (off the network\offline naturally) and restart again with a fresh installation of the OS.

The worst thing about being infected is the nagging feeling that you didn't get everything off, the easiest and quickest thing to do is rebuild it (I can have a machine rebuilt in under an hour, that's drivers and updates, of course if you have a multitude of apps installed that will take some time... but you get the idea).

As it happens I actually rebuild my machines every couple of months (4 - 6) and if I have a hardware change then I do it then as well. Old drivers, applications etc can cause no amount of headaches.

Simon

The real world is not about exam scores, it's about ability.

 
Upvote 0 Downvote
Thanks Simon
This is a development machine and has many additional apps on it as well as various servers and database engines. The data is stored on a seperate machine with network access. I am looking at this more as a learning curve and was wondering about the benefits of Microsoft remote checks.

Keith
 
Upvote 0 Downvote
Its a dev box, who let the troubles in?
Unless its exposed to the internet and other outside lines, then it came internally. Need to nip it from that angle if thats the case. But it seems it talks with the data box with external connectivity, need to lock that box down for sure.

But ideally, my belief is reinstalling OS is usually quickest, just about guarantees a clean install and will most likely give you best piece of mind.
 
Upvote 0 Downvote
Dev box has it's own connection to the web but only for email and a soild firewalled internet connection. The troubles were let in by 'friend' sending a .exe file which contained the virus. The .exe was checked by Norton and passed with flying colours. The woes started to appear in the form of a pop up window saying click me - duh not that dumb! I closed all the progs down and wiped out all the files in windows with modified dates as today and contained it. The following day the machine had a different desktop background and the associated .scr file contained some malicious code and an email address. removing this file cured the google problem. The bad code was sorted and I emailed the address from a yahoo account thanking them for causing problems. I got a reply containing more expletives than a docker's diary. I have reported them to the ISP.

Keith
 
Upvote 0 Downvote
While I have never used "One Care" myself, these are are what I normally see recommended for your type of situation.

Have you thoroughly checked your machine for malware, including running some of the online virus scanners?


SuperAntispyware

Spybot S&D

Adaware from Lavasoft

Hijack This.
 
Upvote 0 Downvote
I appreciate what help you have offered but I am keen to learn more about how viruses operate. I have full backups of everything on the machine so have been having a play at trying to erradicate all the trojans etc.

I have cleaned the machine with adaware, checked it with several scans with Norton Anti Virus, followed the erasure instructions from the Norton website, erased all .exe and .dll files modified during the infection, removed new inserts into the registry and all the symptoms have gone away. Even the problem with google has disappeared.

I will try the online virus scanners you suggest but how do I know that the scanners will not add to my problems.

One of the things this infection installed was a very convincing virus scan option but I did the research and found that this 'fix' was indeed a route into further problems and refused to play ball.

Please don't think I am ignoring your advice but I am learning about this problem in the hope of being able to help clients who have been infected (well their computers).

I know the exact time that the machine was infected so it has made it fairly simple to erradicate the problem, I feel sorry for those people who find that one day their machines don't work.

Once again thanks for the advice - it is very much appreciated

Keith
 
Upvote 0 Downvote
The next level for you then may be something like this? It is a part time course where you work and learn at your own pace.

Malware Removal University


These are more of a history lesson.

Computer Knowledge Virus Tutorial

XP home-windows explorer malfunction
thread779-1493244
 
Upvote 0 Downvote
The two programs mentioned by linney Hijackthis and spybot search and destory are both great programs. They are also programs that run in a manual mode so they do not add to your problems. Spybot does have a teatimer that can be turned on and you can live protection but it is VERY VERY clear on what you are doing. Also both programs do a reg backup before making changes.

I use Spy bot to get malware and torgan and hijack this is great for hidden startup items.

Since some malware runs as a live file they can be hard to get rid of unless you have a preboot scanner, spy bot provides for this and will suggest it if it finds something that it can not get rid of and needs to run in that mode.

Both programs are free and easy to use. No one should be without them.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pjw001
  • Locked
  • Question
Latest Windows Update - End of Service
Replies
2
Views
3K
pjw001
pjw001
goombawaho
  • Locked
  • Question
Risk of running unsupported server version 1
Replies
7
Views
397
goombawaho
goombawaho
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
1K
Flinx
Flinx
johncp
  • Locked
  • Question
W10 Defender blocking installation of uTorrent
Replies
9
Views
716
mikrom
mikrom
Mike Lewis
  • Locked
  • Question
Using TASKKILL to close a bunch of EXEs
Replies
7
Views
593
mikrom
mikrom

Part and Inventory Search

Sponsor

Back
Top