We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Please help! I've got a Trojan Gen infection!
redmandarin
Posts: 832 Forumite
in Techie Stuff
Hi Guys, Please can you give me the benefit of your vast knowledge? I'm reluctant to use the infected machine at the mo so I'm currently using a friend's laptop!
On my desktop, I clicked on a site marked as safe by McAfee! A screen popped up that said IVR.Hack (not sure of details - I switched off pc fast)! Upon re-start there had been a Windows Defender system change. I connected to the web and updated Avast and Spybot. I disconnected and ran ATF cleaner, which ran ok, but it usually misses a few kb/mb, so I ran CCleaner, but it said corrupted. I then tried to run Spybot, but it said corrupted, too.
Avast showed there is a Virus Worm infection called Win.32Trojan-gen{other}. When I right clicked on the results box it showed a list of options - Delete, Repair, Move, Chest, but they were all in grey and un-clickable.
Not sure what to do next. Please can you help?
On my desktop, I clicked on a site marked as safe by McAfee! A screen popped up that said IVR.Hack (not sure of details - I switched off pc fast)! Upon re-start there had been a Windows Defender system change. I connected to the web and updated Avast and Spybot. I disconnected and ran ATF cleaner, which ran ok, but it usually misses a few kb/mb, so I ran CCleaner, but it said corrupted. I then tried to run Spybot, but it said corrupted, too.
Avast showed there is a Virus Worm infection called Win.32Trojan-gen{other}. When I right clicked on the results box it showed a list of options - Delete, Repair, Move, Chest, but they were all in grey and un-clickable.
Not sure what to do next. Please can you help?
0
Comments
-
Download MALWAREBYTES (Make sure you click 'DOWNLOAD NOW')
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
UPDATE and FULL SCAN
Post the log here AFTER youve deleted everything it finds
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click DO A SCAN AND SAVE A LOGFILE (Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)
If you cant run malwarebytes then run hijack first
Then reboot and keep pressing F8 to get the 'safe mode selection screen' up
Select SAFE MODE WITH NETWORKING and run Malwarebytes from that:idea:0 -
Nice one from McAfee..You can't keep a good man down...0
-
People fail to realise its cr*p at stopping script based viruses. I always suggest using Firefox with the NOSCRIPT plugin no matter what av you have (or a sandboxie)
Though im thinking the OP has Mcafee AND Avast on??:idea:0 -
are you running 2 anti-virus solutions? mcafee + avira?
for future reference (when fixed) if your antivirus software starts screaming at you DO NOT turn off the PC, instead, take a breath and read what the scanner is saying...in this case you almost certainly had the option to remove the infection, which you chose..in your understandable panic..to ignore
Utinam logica falsa tuam philosophiam totam suffodiant.0 -
Thanks aliEnRIK, I'll do as you suggest. I've had one or two probs in the past and I took your advice and installed HijackThis and MalwareBytes. Is it ok to just click on your links to get the latest versions/updates (will it just re-write over the old ones)?
I'm running one anti-virus - Avast, but I installed McAfee site checker recently for checking sites only.0 -
Open Malwarebytes and goto UPDATE to get the latest updates
Hijack will probably be the same version anyways:idea:0 -
In the middle of the MalwareBytes scan an Avast screen popped up, and MalwareBytes has stopped running. The screen says a virus/worm was found: win32:trogan-gen{other} Available actions: move/rename; delete; repair; move to chest; no action.
What should I do now?0 -
Temporarily Disable Avast A/V
Right click the A icon in the system tray (bottom right of screen) then click 'Stop on-access protection'
then start the scan againEx forum ambassador
Long term forum member0 -
Re McAfee Site Advisor, have a read of this article.
http://windowssecrets.com/2009/02/12/01-SiteAdvisor-ratings-may-be-1-year-out-of-date/?n=story1Move along, nothing to see.0 -
Thanks for your advice, Browntoa.
In answer to DatabaseError's post, above, when I did the original Avast scan, halfway through it, the virus was found and I was offered the option to move and/or rename the virus (with no 'move to chest' option) and at the end of the scan, on the results page, the 4 options were all in grey and none would respond to my repeated efforts to click/double click on them!
Last night, in the middle of the MalwareBytes scan, a different Avast screen popped up, which was nothing like the previous one and it gave all 4 options with buttons next to them, this time, so as MalwareBytes had stopped running anyway, I thought I'd click on 'move to chest' to see what happened. It moved the virus to its virus chest!
I then ran a MalwreBytes scan. The result was 'no virus found'.
Do you think that the virus has been successfully removed, or could it still be hiding somewhere?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.8K Banking & Borrowing
- 254.3K Reduce Debt & Boost Income
- 455.2K Spending & Discounts
- 246.9K Work, Benefits & Business
- 603.4K Mortgages, Homes & Bills
- 178.2K Life & Family
- 261K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards