We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Real hassle from virus/spyware
Options

rosy
Posts: 642 Forumite
in Techie Stuff
Hello, I posted yesterday about avg not getting rid of Trojans. I managed with the help from here to get rid, but now things are going from bad to worse. I must have run about six different scans today and now the internet connection seems to be going mad. I have been getting pop ups ( all in French), it cuts out, my welcome screen (AOL ) looks very plain, basic and not like it usually does. I have tried the free help on there but that has cut out. I seem to be getting on other sites so far.I also keep getting AVG pop ups saying it has found a Trojan and I click to heal/ quarantine, it says it has done it but the next time I go on the net it pops up again. I have not had anything like this bother before - I have McAfee firewall ( which also told me the AVG email scanner had changed, did I want to allow it access and I don't know whether to or not in case it's been infected somehow, then again I don't want to be left exposed. I also have ad aware spybot and the ewido antispyware program which I downloaded yesterday. The other users on the computer don't seem to be getting this just me! Sorry for the rant, I really would appreciate some help as I feel I am going round in circles and just making matters worse if I try to do anything.
Edited to add - I have checked in the virus vault and most of the viruses are infecting the back up copies of various programs. ( there are several different trojans and they are infecting different programs/documents) Help!!
Edited to add - I have checked in the virus vault and most of the viruses are infecting the back up copies of various programs. ( there are several different trojans and they are infecting different programs/documents) Help!!
0
Comments
-
First ensure that you are up to date on your anti-virus / anti-spyware software
Then turn off System Restore. Then you reboot in safe mode.
Run all your anti-virus / anti-spyware programs. Then reboot in safe mode & repeat until clean
Then reboot normally, connect to the internet & download all the critical Windows Updates
Reboot in safe mode and check everything again.0 -
follow this whole thread here
http://forums.moneysavingexpert.com/showthread.html?t=133269
posts 1 to 4, it is the Malware/Spyware removal thread and contains links to all the software you need (you already have Ewido from yesterday) and FULL instructions on what to do..
if you still have problems afterward there are instructions in post 4 of the thread about making a hijackthis log...do that and then post the log back here and we can advise youEx forum ambassador
Long term forum member0 -
Thanks to both of you for replying. I have run in safe mode a complete AVG scan, adaware scan and ewido scan ( I did this yesterday too. More Trojans popped up after the scan yesterday and yet more today).
If you can spare the time I would be really grateful for advice as it's really getting me concerned now.
AVG scan - listed three more Trojans today
Trojan Horse LOP.AD in Documents and Settings\All Users\Application DAta \ Four book grim noun\ armysecond.bk!
The title of this makes me think I am going to be bombarded with more and more of the things - AVG hasn't picked up a third or fourth book of viruses ( if I am interpreting the name of the thing correctly ) and I am still,in spite of clearing everything, getting more alerts from AVG ( as we speak in fact - these ones it seems to be able to fix though ). I suspect something is on a timer somewhere releasing the viruses in a stream, as that is what it seems like - I can't pick them off fast enough.
I also had the following - Trojan Horse Lop.AD in my Application Data\LONGBARBEGGS\mbhajtjr.exe and the same again but with \wrmptccm.exe ( that doesn't stand for a worm, does it:eek: )
The longbarbeggs doesn't sound too great.
What would help me calm myself is
a) Is this just someone causing nuisance value ( it takes about 4 hours a time to scan everything) or could this be causing real harm somewhere - I'm not so fussed about pop ups though they are a nuisance but I don't want my passwords etc hijacked or my computer crashing - how bad is this?
b) AVG in safe mode couldn't sort the viruses, but did allow me to quarantine them when I restarted the computer - is this normal or should I be concerned?
c) If I back up my important stuff now in case of the worst case scenario developing, how do I know there's not something still hidden in the backed up copies of things? Obviously the AVG is picking up a lot of stuff but clearly it isn't getting to the root of the problem and I really know nothing about the finer points of searching through my computer. I'm not very confident trying to sort out stuff in case I cause a calamity
d) I don't know how this stuff got in in the first place because I am very careful about not clicking on links, have a firewall and update the AVG etc virtually every day and run regular scans. Should I be doing something else? My sons use MSN a lot - I guess they may have downloaded something dodgy from their friends but they won't admit it if they have!
I'm sorry this is a big ramble but I really would appreciate more help! Thanks0 -
go here
http://www.tomcoyote.org/hjt/
download hijackthis (flashing button on the left of the screen) and install it to it's own directory not run it from the extracted file
follow the instructions to do a scan and then the Scan Button has a new Caption. Save Log. Click the Save Log button to create a file named Hijackthis.log. A dialog box will pop up. Use it to select the location where you will save the log. Close the program. Return to the Forum and reply to your original post. Open the Log in Notepad. Highlight the entire contents. Copy and paste the contents of the HijackThis log into your post.
Wait for help from either me, Pchelpman or Alfonso only.
we will analyse that log and see what is really going on and advise youEx forum ambassador
Long term forum member0 -
Hello, Thank you - I will download hijackthis and let you know what it finds, but I did a panda scan which picked up spyware ( I think it's all originating from something called Virus Burst ) - the file names it found matched up with what AVG was identifying as a virus, but the panda scan picked up lots more in the same vein ( and some others the names of which may be censored on here! ). I don't know if that helps at all before I do the hijackthis log ( the problem with the free pandascan is as it is picking it up as adware it's not deleting any of it - I posted last night ( well early this am) to ask if it was worth buying the Pro panda version). I have the log for that if that would help - should I post that first?
Thanks for your help0 -
HijackThis is an excellent tool but it doesn't see everything. Panda is better for that.
Please post a HJT log and the Panda Activescan log as well. It will give us more detail of what malware is hiding on your computer and where it is.
Then we can go a'huntin' for the bad guys.;)
Meanwhile ...DO NOT buy anything.
PCH0 -
rosy wrote:Hello, Thank you - I will download hijackthis and let you know what it finds, but I did a panda scan which picked up spyware ( I think it's all originating from something called Virus Burst ) - the file names it found matched up with what AVG was identifying as a virus, but the panda scan picked up lots more in the same vein ( and some others the names of which may be censored on here! ). I don't know if that helps at all before I do the hijackthis log ( the problem with the free pandascan is as it is picking it up as adware it's not deleting any of it - I posted last night ( well early this am) to ask if it was worth buying the Pro panda version). I have the log for that if that would help - should I post that first?
Thanks for your help
Did you check your private messages and follow the instructions?0 -
Sorry for being so ignorant but how do I install hijack this to its own directory? I have saved it to my desktop at present where it is still sitting zipped up! The pandascan I copied and pasted but it is too long to post - shuold I just post it in bits?0
-
Double-click the .zip file and extract the file inside (HijackThis.exe) to your Desktop.0
-
By all means post log reports in "bits". We've had them here before and I know Activescan can be very lengthy at times.
Doinnie .... what PMs? Please do not PM users with instructions. Three reasons ...
1. If you give helpful information everyone would like to benefit from it.
2. If the user follows your advice,then posts a question in the thread about the outcome, you are the only person who definitely knows what they have done.
3. We know nothing about your expertise in handling malware or what advice you have given; this puts the user in an unacceptable risk position.
I'm not trying to be rude here and I'm sure you can understand why we take this approach.
PCH0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards