Trojan won't go away! Please help!

redmandarin

Sorry for my absence! I’ve been running scans in safe mode, as per the malware sticky instructions. It took hours!

Thanks for your reply simonsharks, unfortunately I don't have the original discs (it is a legit copy I'm using though!) and I wouldn't even know how to format the drive before using DBAN! Sounds a bit scary to the uninitiated!

Anyway, I updated and ran the following:

CCleaner; AVG anti-spy; AVG anti-virus; Spybot S&D; Ad-Aware SE and Windows Defender.

All stated no virus found.

In addition, AVG anti-virus showed the following:
Kernel 32.ll Result Change
User 32 Result Change
Shell 32.dll Result Change
Ntoskrnl.dll Result Change
Plus it listed 8 business files that my partner uses for work, that had Result Password Protected.

Do you think that the trojan has gone or is still on my pc, hiding? (As I noted in my first post) AVG claimed to heal it the first time, but then detected it again two hours later. It then said it had healed, but when I looked at the object details, it stated - Healable, No!

Should I run the free software at pandasoft and Housecall, as stated in the sticky? Or does anyone have any other suggestions, please?

Browntoa

I think it's clear

maybe was lurking in your temp files , but ccleaner would have removed them

those "changed" files always show up on an AVG scan

redmandarin

Thanks Browntoa!

What a relief!

I'd been trying to have a (well deserved) hol from work this week, and I've spent a day and a half of it fighting a trojan!

I can relax for the rest of the week now, thanks to all the helpful techies on MSE! I don't know what I'd have done without you!
Big thanks all! :T

redmandarin

vanmorrison wrote: »

You might want to consider using some good, powerful anti-virus software like Norton or Kaspersky. They are available free on the internet and will protect your computer(s) efficiently.

Thanks vm! So Norton and Kaspersky offer better protection - interesting. As far as I'm aware, they're not free, though - you have to purchase them.

meher

I seem to have a similar problem

AVG picks up Trojan horse Generic_c.IKY but before any scanning is complete my laptop switches off

how do I get this sorted - I'm not techi enough to follow many instructions given above, neither is my laptop running for long to follow all of it step by step

Could someone help me with simpler instructions please?

Reluctant_spender

Please follow the below instructions -

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Acan" option is selected.
  • Then click on the Scan button.
• The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

IF you are unable to run this programme in normal mode boot into safe mode and try again.

Instructions for safe mode;

Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.

Give that a try starters.

meher

Thankyou very much but I'm unable to perform anything completely I get switched off - anyway I ran this on what is called safe mode and it picked up nothing. My AVG doesn't pick up unless it runs a long time and it keeps getting switched off. On safe mode my internet connection doesn't work by the looks of it so I had to return to the normal mode to ask what my next step would be - so sorry for asking of your time

on AVG I get shell32.dll and ntskrnl.exe change results - am unsure what I'm supposed to do with those

Reluctant_spender

can you run avg in safe mode?

Can you download programmes to another computer and transfer then to yours?

Does your computer switch off when in safe mode?

meher

Reluctant_spender wrote: »

can you run avg in safe mode?

Can you download programmes to another computer and transfer then to yours?

Does your computer switch off when in safe mode?

Yes I could run on safe mode but since it was taking a long time and since I had to login to see what your instructions were I had to logoff safe mode - I don't know if I'd get switched off safemode. I'll return here on that. I might get switched off anytime now so thought might as well stay tuned and run AVG. But the trojan seems to have disappeared or that it turns up after some time later during the scan.

meher

Reluctant_spender wrote: »

Please go to Eset Onlinescan (NOD32)
(You need to use InternetExplorer or enable IEView in Firefox)

• You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
• Now click Start
• Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
• Click Start (the Onlinescanner will now prepare itself for running on your pc)
• To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
• Press Scan
  The Onlinescan will now start and scan your pc (please let it run to completion)
• When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
• Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  The Scan results will now open in Notepad
• Click into the text area, right-click and chose "select all"
• Right-click again and chose "copy"
• Close Notepad

Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

I've run this scan as well and there seemed to have no Trojan appearing - I did it before running AVG.