Trojan

brushmate · Post by **brushmate** » Thu Jun 11, 2009 8:19 pm

Hi dave

Followed instructions SAS did not pick anything up, but malware still finds the same 4 Trojans. It removes them I re boot run malware again and they are definatley gone. Log back onto net for 5 Mins run Malware again and they are back.

cheers for any help brushmate

dave.m · Post by **dave.m** » Thu Jun 11, 2009 8:53 pm

Not sure which OS you have but turn off system restore and run another scan with MBAM to check if it is only finding the picture of the trojans in SR.

Purging System Restore

To remove all SR Points thus removing any contaminated ones:

In XP:
Start -> Control Panel -> Performance & Maint. -> System -> System Restore tab
Tick Turn Off System Restore -> Apply -> OK. Then reboot your computer.

In Vista:
* Go to Start|Control Panel|Backup and Restore Center.
* On the left, select 'Create a restore point or change settings'.
* In the window that opens, select the 'System Protection' tab.
* Each available disk which is listed, has a checkbox alongside it. Deselect each of these checkboxes.
* A new window is displayed, select 'Turn System Restore Off'.

This disables System Restore. Then reboot.

Run a quick scan with MBAM .

brushmate · Post by **brushmate** » Thu Jun 11, 2009 9:15 pm

MBAM still picks up same 4 trojans Runnig xp

dave.m · Post by **dave.m** » Thu Jun 11, 2009 10:22 pm

Not going to be beaten.

Have a read of this:
http://www.freedrweb.com/cureit/?lng=en

Then download and run it.
It is a one-time cleaner, in that you download the very latest version then run it once and uninstall it afterwards as you cannot get updates for it. The version that you download comes with the latest virus definitions.

dave

brushmate · Post by **brushmate** » Fri Jun 12, 2009 7:39 pm

Dave

Think that has sorted it , seems ok up to now. It found 3 infections that were in my intertnet supplier files.

Nice One Thanks

dave.m · Post by **dave.m** » Fri Jun 12, 2009 9:22 pm

Just been out for a Silver wedding drink (Not ours), so appologies for being late back. Glad to hear that we appear to have shifted it.
MBAM shopuld have removed it and i don't understand why it kept reappearing, unless it was stashed in your IE Temp files and they were not fully cleared by ATF.

Just use your computer as usual tonight and sometime tomorrow, run a quick scan with MBAM AFTER you check for updates.
If all is clean, then turn ON system restore again:

Start -> Control Panel -> Performance & Maint. -> System -> System Restore tab,
Untick Turn Off System Restore -> Apply -> OK.

And set a new system restore point:

Start -> All Programs -> Accessories -> System Tools -> System Restore -> Create a restore point.
Give it a name and click Next.

You can uninstall DrWebCureIt as it will now be out of date,
but keep MBAM and SAS.

To use each one: It is as simple as A B C

A) Double click the SAS Icon and click ‘Check for Updates’.
B) Once updates are installed click ‘Scan your Computer’
C) Select ‘Perform Quick Scan’ -> Next.

A) Double click the MBAM Icon -> Update Tab -> Check for updates.
B) Once updates are installed click ‘Scanner Tab’
C) Select ‘Quick Scan’ -> Scan. (Scan time is about 4 minutes)

Suggestion!
Check for updates every couple of days so you are ready for anything that gets past your security.

Run Scans weekly but on different days. (One Wednesday and one Saturday, or when best for you.)

dave

brushmate · Post by **brushmate** » Sat Jun 13, 2009 9:43 am

Thanks for help dave will keep you posted how things go

Brushmate

popeye67 · Post by **popeye67** » Sat Jul 11, 2009 5:25 am

When you find virus's or trojan you can normally get rid pretty easy if they reappear turn off system restore, the virus or trojan normally infects your restore feature first so that it can always reinfect the computer, then run the scan in safe mode, ultimate boot cd do a live bootable disc, you will need to burn the iso useing somthing like cdburner xp,avast do a similar one but it will cost you best part of a few hundred quid ubcd is free.

dave.m · Post by **dave.m** » Sat Jul 11, 2009 11:25 am

popeye67 wrote: the virus or trojan normally infects your restore feature first so that it can always reinfect the computer,

Popeye,
I would like to correct you on the above statement.

System restore is simply a collection of snapshots of your system at different times, eg. when you install software or when new hardware is installed. It also sets a restore point periodically, and you can make a restore point anytime you wish.

If it takes a snapshot and you have a virus on your PC at the time, the snapshot will include a picture of the virus.

Scanning software can detect that the snapshot has a picture of the virus but cannot delete it from the picture.

A system restore point that contains a snapshot of a virus that is/was infecting your computer, is NOT a threat to your computer unless you carry out a system restore to that point. The snapshot of the virus cannot reinfect your computer unless you do a restore.

If you have removed the active virus from your PC and you are certain that it is clean and running OK then turning off System Restore dumps all the snapshots including the picture with the virus snap included.
If you had done a restore using any restore point after you had contracted the virus then you would have been putting the picture of the system (including the virus) back into action on your hard drive and so you would be just as contaminated as before you had removed the original virus.

The reason for keeping SR turned on, even knowing that it has at least one snapshot which includes the virus, is that if anything goes wrong whilst trying to remove the virus with SAS or other program and you end up with a dead computer, you do still have a restore point to try to get back to and when you do, you can start all over again removing the virus.
Better to have an infected backup than no backup at all.

dave

popeye67 · Post by **popeye67** » Sat Jul 11, 2009 12:57 pm

I go looking for virus's and trojans, most you can delette pretty easy but the really bad ones you will have to turn off system restore while you do the scan, you then turn it back on and restore points are still there.

dave.m · Post by **dave.m** » Sat Jul 11, 2009 6:09 pm

popeye67 wrote:I go looking for virus's and trojans, most you can delette pretty easy but the really bad ones you will have to turn off system restore while you do the scan, you then turn it back on and restore points are still there.

Not according to Microsoft:
http://support.microsoft.com/kb/831829

When you turn off System Restore, you remove all the restore points.

Turning off system restore removes all the restore points and you have nothing to go back to.

popeye67 · Post by **popeye67** » Sat Jul 11, 2009 9:15 pm

Well the only other way your going to get rid of the really stuborn ones is live cd you boot before start up.