Results 1 to 12 of 12
  1. #1
    Joined
    Apr 2007
    Posts
    160

    HELP just got infected with trojan!!!

    Help guys!! I was googling dog breeds tonight and was asked download an active x file to view a movie... when I accepted, warnings of trojan began to flash. When I tried to close it, a few different porn images came up. I'm pretty petrified at the moment.
    I THINK it was AVG that then popped up and said that it had detected spyware, trojan or something and asked what i wanted to do... I said to put it in the chest as I figured i should have a record of it in case program didn't really get rid of the mess. In my panic, I'm not sure it was AVG. I have Ad-Aware and Spybot but I don't think they run like that. Pretty sure it was AVG. Oh, I also have Avast but I just checked it and don't even see anything like 'chest' or a quarantine area... I really don't know what Avast does. It's always telling me i'ts updated but right now it shows 'nothing detected'!

    Now the Microsoft security warning is flashing at the bottom of my screen (switching from red x to blue question mark) and when I click on it, it routes me to a webpage oferring free trial of spyware... I'm so flipped out. Next to the red/blue flashing symbol, and occasional yellow caution pops up telling me of the specific threat and what to do:

    Just got Critical system warning : Your system is probably infected with latest version of spyware.cyberlog-x


    avg is still running and has detected 77 objects so far. ... winspykiller.com just popped up when I was reading the warning. i can't tell if these are part of trojan or not...


    now a small screen just flashed up that looks official: WARNING SPYWARE THREAT! Your system security level is too low. Spyware threat summary: SpyWorm.32
    You need to download and install additional software developed by our official partners. Click download to get the latest version. WinPC doctor, Winspycontrol, AntiSpykit are the three choices.

    avg just finished. it fixed all but one: instead of having a red exclamation mark it has a blue i circle and says: notavirus.downloader.win32.winfixer.au

    NOW WHAT DO I DO? accept one of these three that are being offered? warning states that stroke keys are being monitored, tracks, saves user activity, etc...

    i wrote all this on word doc first to avoid having open ie window any longer than necessary...

    sorry for rambling. totally flipped out...

    cj

  2. #2
    sttubs is offline Always learning something
    Joined
    Feb 2004
    Location
    Rock Falls, IL
    Age
    48
    Posts
    950

    Re: HELP just got infected with trojan!!!

    Try a trusted free program like this one: http://housecall.trendmicro.com/ (you have to stay online while it runs). DO NOT download any of that crap from the pop ups.

  3. #3
    Joined
    Apr 2007
    Posts
    160

    Re: HELP just got infected with trojan!!!

    stubbs,
    man am i thankful that you replied...
    i went to an old thread from 10/7 and am following that advice so far.
    the following was part of that post:

    In the meantime, may I suggest www.fileresearchcenter.com, run their scan and pay particular attention to the unrecognized unsafe software, or something to that effect.

    we use smitfraudfix at work quite a bit. it works pretty well most of the time
    http://siri.geekstogo.com/SmitfraudFix.php

    You also may want to download and install the trial version of Counter Spy, update it and do a scan.

    i've done the first 2 and am downloading counter spy now.

    and yes, the winspykiller is my trojan - the helpful little popup that keeps offering to rescue me...

    i will post the info that i've gained so far... all this means NOTHING to me but that i'm screwed!

    this forum has helped me out so many other times... hopefully, again on this... apparently this bugger tracks passwords, etc...

  4. #4
    Joined
    Apr 2007
    Posts
    160

    Re: HELP just got infected with trojan!!!

    from smitfraudfix: Description
    WinSpyKiller is a trojan/adware program that masquerades as legitimate anti-spyware software and may change Windows Desktop and other settings

    File Location on your Computer
    C:\PROGRAM FILES\WINSPYKILLER\WINSPYKILLER.EXE

    Registry Path and CLSID where file was detected on your Computer


    File Size (bytes)
    432128 MD5 Checksum/Fingerprint
    39D55A672E789A1AFA9E2FA6A7FA87D6
    Company Name
    winspykiller.com Company Url/Website
    www.winspykiller.com
    File Version Information Show/Hide Version Information
    File Description
    File Version

    Product Name
    Product Version

    Internal Name
    Original File Name

    Legal Copyright
    Legal Trademarks

    Private Build
    Special Build

    listed twice, once as 'startup menu'

  5. #5
    Joined
    Apr 2007
    Posts
    160

    Re: HELP just got infected with trojan!!!

    well, this is from smitfraud, so maybe the above is from filesearchcenter.com

    SmitFraudFix v2.285

    Scan done at 0:52:08.07, Sun 02/10/2008
    Run from C:\Documents and Settings\Admin\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{747e1fbe-b70f-441d-bbca-6e536c04924a}"="didact"

    [HKEY_CLASSES_ROOT\CLSID\{747e1fbe-b70f-441d-bbca-6e536c04924a}\InProcServer32]
    @="C:\WINDOWS\system32\wuuawkz.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{747e1fbe-b70f-441d-bbca-6e536c04924a}\InProcServer32]
    @="C:\WINDOWS\system32\wuuawkz.dll"


    Killing process


    hosts


    127.0.0.1 localhost

    VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\wuuawkz.dll -> Hoax.Win32.Renos.gen.o
    C:\WINDOWS\system32\wuuawkz.dll -> Deleted


    Deleting infected files

    C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusHeat 3.9.lnk Deleted
    C:\DOCUME~1\Admin\STARTM~1\VirusHeat 3.9.lnk Deleted
    C:\DOCUME~1\Admin\STARTM~1\Programs\VirusHeat 3.9 Deleted
    C:\DOCUME~1\Admin\Desktop\VirusHeat 3.9.lnk Deleted
    C:\Program Files\Helper\ Deleted
    C:\Program Files\VirusHeat 3.9\ Deleted

    IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    DNS

    Description: Dell Wireless 1390 WLAN Mini-Card - Packet Scheduler Miniport
    DNS Server Search Order: 68.190.192.35
    DNS Server Search Order: 66.214.48.27

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{65BC08C2-E5E7-4B09-B406-6E836157D47D}: DhcpNameServer=68.190.192.35 66.214.48.27
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{65BC08C2-E5E7-4B09-B406-6E836157D47D}: DhcpNameServer=68.190.192.35 66.214.48.27
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{65BC08C2-E5E7-4B09-B406-6E836157D47D}: DhcpNameServer=68.190.192.35 66.214.48.27
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.190.192.35 66.214.48.27
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.190.192.35 66.214.48.27
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.190.192.35 66.214.48.27


    Deleting Temp Files


    Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    Registry Cleaning

    Registry Cleaning done.

    SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    End

  6. #6
    Joined
    Apr 2007
    Posts
    160

    Re: HELP just got infected with trojan!!!

    i ran smit in safe mode but am still infected.

  7. #7
    Joined
    Apr 2007
    Posts
    160

    Re: HELP just got infected with trojan!!!

    also, i DID start downloading the winspykiller 'software' and it began scanning process.... not sure how much more damage this has done, vulnerability etc...

    ideas?

  8. #8
    Joined
    Apr 2007
    Posts
    160

    Re: HELP just got infected with trojan!!!

    counter spy has has removed entries. whether there is still a problem, i don't know. am going to bed as my eyes are crossed...

    how will i know if i'm safe to go to other sites and enter passwords, etc? i do business on computer.

  9. #9
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: HELP just got infected with trojan!!!

    cjinca,

    I'm going to refer you to a specialized helper forum that has the expertise to help you. Please go here:

    http://thespykiller.co.uk/index.php?board=3.0

    Post a link to this thread (so they have the background information) together with a fresh HiJackThis log file and they will help get you cleaned up. Please follow their instructions exactly

    You can download HiJackThis from here: http://www.thespykiller.co.uk/files/HJTsetup.exe
    Last edited by Ned Slider; 02-10-2008 at 07:20 AM.

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  10. #10
    Joined
    Apr 2007
    Posts
    160

    Re: HELP just got infected with trojan!!!

    thanks ned. just ran hjt in safe mode and am going to post on recommended forum.
    cj

  11. #11
    Joined
    Apr 2007
    Posts
    160

    Re: HELP just got infected with trojan!!!

    Again NedSlider - THANKS for the great referral! As of today, I am (my computer) CLEAN! Ruby worked her tail off on this but it's done. I had no idea there was that much software even AVAILABLE for such a job... and really, don't know exactly what took place to arrive at 'clean', but she did it. Free at last... cj
    Quote Originally Posted by Ned Slider View Post
    cjinca,

    I'm going to refer you to a specialized helper forum that has the expertise to help you. Please go here:

    http://thespykiller.co.uk/index.php?board=3.0

    Post a link to this thread (so they have the background information) together with a fresh HiJackThis log file and they will help get you cleaned up. Please follow their instructions exactly

    You can download HiJackThis from here: http://www.thespykiller.co.uk/files/HJTsetup.exe

  12. #12
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: HELP just got infected with trojan!!!

    Quote Originally Posted by cjinca View Post
    Again NedSlider - THANKS for the great referral! As of today, I am (my computer) CLEAN! Ruby worked her tail off on this but it's done. I had no idea there was that much software even AVAILABLE for such a job... and really, don't know exactly what took place to arrive at 'clean', but she did it. Free at last... cj
    You're welcome - glad you've got it cleaned

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •