We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Trojan Horse(s)
Comments
-
The direct link to Housecall is here .....newcastle532 wrote:http://uk.trendmicro-europe.com/ go for free virus scan it will tell you what virus are on our computer
http://uk.trendmicro-europe.com/consumer/housecall/housecall_launch.php
Yes it's good/excellent but, no, it doesn't necessarily show ALL viruses. Only what TM classify as a virus. That's why you should use a variey of scanners as they each seem to pick up things missed by others.
Furthermore, most free scanners will tell you what you have on your system but won't remove them all. However, if you use a scanner to ID a baddie at least you know what you are dealing with adn where it is located. We can tell you how to fix things if the scanner(s) won't do it.0 -
thanks for the info re zone alarm configuring, I will do that later.
There is a ? involved here, pleasebare with me while I explain the history....
However: as you know I suddenly began getting a proliferation of ZA about 10 days ago. I had had the programme a long time and the new activity seemed a bit odd.
The last couple of days they levelled out into one every 10 minutes. I felt something was not right so I went to the web page intending to update but instead went for a wipe clean and re-install. Since when the alerts (except for the ones I expect) have stopped. Which is all good.
Then I went back to ebay and immediately the page froze again after which I couldn't use any programmes or software (this has also been happening repeatedly and is what tipped me off to run a scan and fine the Trojan horses that began this thread.
So this time, instead of AVGI ran a ZA scan. That unearthed a virus linked called Java.ByteVerify!exploit. That was healed.
Question(at last!)
So, the ? is couldit have been the JavaBite virus that was causing the problems all along and AVG missed it?
Or, is it likely that I keep getting"re-infected" when I log on to eBAY (as that is the site that crashes first?)??
If yes to the latter eBay ?, what shall I do?
sorry to be so long-winded.....
thanksStop looking for answers....
The most you can hope for are clues.....:)0 -
I suggest you go to https://www.windowsupdate.com. and manually patch your PC (do you have a security center icon in control panel, if not, your patches are well out of date).
http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx
install some antispyware software
http://www.microsoft.com/athome/security/spyware/software/default.mspx
http://www.lavasoft.de/software/adaware/
etc.
clean out your IE cache
https://www.ccleaner.com
and run an independent scan
http://safety.live.com/Ever get the feeling you are wasting your time? :rolleyes:0 -
thanks Albert. I have got Adaware and all my MSN patches are up to date. Am independent scan last Friday revealed no problems ( but I can try it again). I haven't dones the clean thing tho so will try that.No idea what my IE cache is tho.....Stop looking for answers....
The most you can hope for are clues.....:)0 -
your ie cache holds a copy of the pages that you have downloaded from the internet.
When you say your MSN patches are upto date, have you done a manual windows update?
No one AV or spyware scanner catches everything, which is why I suggest running an independent scan.
I would suggest running an anti spyware scanner all the time (e.g. defender), as ad-aware is a manual scanner, and won't pick things up at the time of infection.
The firewall blocking something every 10 minutes, is normal, unless you have a broadband router, which would block everything before it ever got near to zonealarm. Worth the £30-40 in my opinion, if you have broadband... (software firewalls can be turned off my malware, as can windows update, and A/V scanners.)
It is possible that your a/v scanner has been disabled, if it didn't pick anything up... you can test it by downloading an eicar file.
http://www.eicar.org/anti_virus_test_file.htm
click on the eicar.com link, this is safe, it is a test file, to test that A/V software is working.., if you don't get a warning, then AVG isn't working.
you may also want to check that you don't have a rootkit infection
http://forums.moneysavingexpert.com/showthread.html?t=161992Ever get the feeling you are wasting your time? :rolleyes:0 -
try running pandssoftware.com
usually detects all hidden viruses0 -
How many more times must we say this. NO IT DOES NOT. Anyway ksh123 is complaining of Trojans not viruses so chances are Activescan won't pick them up or ID them.streetscholar wrote:...pandssoftware.com usually detects all hidden viruses
That said, I will agree with you that Panda Activescan is indeed another good online scanner - here....
http://www.pandasoftware.com/products/activescan.htm - but remember it doesn't find or fix everything.
ksh123 > Try all scanners recommended in this thread (including Activescan). If you are still experiencing trojans try Trojanhunter.
It's specifically for Trojan detection and has a free fully working trial offer period.
http://www.misec.net/
[Please make a note of any/all malware the scanners can't (or won't) fix. We can do something about those to fix them manually.]
If still not fixed I'm going to guess you have an executible file hidden somewhere. Maye a file designed to act only when you go to eBay. You need to do two things.
1. Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option*.
Now navigate to this location .....
C > Documents & Settings > Owner > Application Data > Sun > Java > Deployment > Cache
Clear out the "Cache" folder. This is one place the JavaBytever malware hides.
By the way this is not your "temporary internet files" referred to earlier in this thread; they are in a different place depending on which browser you use.
Reverse this* procedure to "unhide" Hidden Files & folders.
2. Download HijackThis ["HJT"] from here ....
http://www.spywareinfo.com/~merijn/downloads.html
(5th blue box down; centre column)
Install it in a permanant place on your hard drive so you have the address C:\HJT.
Now scan your system with HJT. At the end of the scanning process (takes a few seconds) a notepad log report will appear. Copy & paste that report to this thread. We'll look at it to see if it shows anything bad.0 -
thanks PChelpman for this long list of help steps. I will carry them out later when I have a bit more time. (My brain hurts just reading it!) But seriously I DO thank you and Albert and others for their helpful suggestions which I have tried to follow.....
Since I re-installed ZA and Albert showed me how to stop the pop-ups and ZA found the JavaByte thingy things have been much improved. I think also doindg the manual check of updates also helped.
I have been on eBay this AM and it didn't crash!! Whoppeee
I am assuming tho that I should follow your suggestions now Pchelpman because they may also be preventative.
I donwloaded CCleaner, but haven't used it yet. Because when I told it to clean it said it would "permanently delete" files. Which areas can I ask it to clean in safety?Stop looking for answers....
The most you can hope for are clues.....:)0 -
Glad it's appatrently fixed. Let's hope it stays that way!
You should, nevertheless, clean out your java deployment cache - as indicated above - from time to time. It's just a little added help to keep the system clear of rubbish.
Trojanhunter ... you don't need to do that is all is OK and your Trojans are gone.
Housecall and Activescan are both good free online scanners. I recommend you use them both on a regular basis. They take a fair old time to scan your system fully so have a cup of tea or a beer while they are working.
As to Ccleaner ... after installing, go to Start > programs > CCleaner
Make sure the "windows" tab is selected
Under "internet explorer" tick...
Temporary internet files
Cookies
History
Recently typed URL's (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
under "Windows explorer"
Other explorer MRU's (leave this unticked if you DON'T want to clear lists such as the start\run list)
under "System"
Empty recycle bin
Temporary files
Memory Dumps
Chkdsk File Fragments
Old prefetch data
If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.
I personally do not have any of the others ticked ... but be it on your head if you want to tick any of the others.
If it offers you the option of installing a yahoo toolbar .... don't accept that option.
Also make sure your antivirus and firewall are reliable and up to date. ZA is fine in both areas.
If any scanning processes finds something it can't (or won't) fix then note down the problem and ask for help again here.
Don't forget .... if albertross or anyone else has recommended something that works please hit the "thank you" button so we know what worked well for you.
Safe surfing!0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.9K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 242.9K Work, Benefits & Business
- 619.8K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards