Trojan / Virus Help Needed Please

speedy_gonzales

Hi

I appear to have managed to get my first ever virus. When i boot up the laptop i get a dummy Windows Security Center Pop up and then messages supposedly from the security center advising of Viruses. The viruses it has so far advised are

backdoor.win32.kbot.al
trojan-downloader.js.multi.ca
chin09.win
rootkit.win32.agent.pp

i have looked at a few sites via google and all seem to recommend downloading spyware doctor or malware bytes. The problem is i have malwarebytes already and got as far as downloading spyware doc in Firefox (but cannot install) but the virus appears to be preventing them from actually running. When i click on Malware the eggtimer appears for 30 seconds and then nothing happens.

Any ideas how i can get them to run?

thanks in advance

davb

Use MalwareBytes, possibly in safe mode with networking (F8 on boot). You may need to rename install file to something like qwerty.exe to allow it to install.

stuartk

OK

Here are some preliminary steps that will remove MOST viruses / malware / trojans / spyware / pop ups etc

Follow these in the correct order and if you get stuck ASK BEFORE you proceed

Looks complex but it is really quite easy

Step 1

Get rid of any temp files from your system by using a temp file cleaner such as:

* TFC

This tool will make the steps of virus / malware scanning quicker and remove any malware residing in your temp files.

Just download TFC to desktop
Double click to run
Click Start then wait for it to finish
If reboot required then please do so

Step 2

Create a system restore point. Should anything go wrong with the cleaning process then you always have a safe point to return to. There is a freeware tool that makes this task simple. Get SysRestorePoint here.

Step 3

Backup your registry with ERUNT. As removing viruses / malware etc requires changes to the Windows Registry then it is very advised to back this BEFORE any changes are made. Then, like the system restore method above, should anything go wrong you can always revert back to a working copy of the registry. Failure to do this could leave your system unbootable / usable. Download and install ERUNT accepting all the defaults.

* Download ERUNT
* Double click erunt_setup.exe and select Run
* Choose English as the language
* At the ERUNT setup wizard click Next, install in C:\Program Files\ERUNT (the default), click Next and Next and Next again then Install
* Choose NO to create an ERUNT entry in the Startup Folder
* Untick Show Documentation and leave Launch ERUNT checked
* ERUNT will launch with the following screen:



ERUNT settings:

* Choose the same settings as shown above
* ERUNT will prompt you to create the folder if it doesn't exist (mostly likely won't)
* ERUNT will start backing up the registry to the desired location as shown:



ERUNT backing up registry

* Once this has been done you should get the following output:



ERUNT backup registry complete

* This output screen tells you that the registry backup was successful and how / where to restore it in future.


Step 4

Spyware / malware removal

Download and install Malware Bytes Anti Malware (MBAM).

Update MBAM definitions to latest and do a QUICK SCAN in Windows Normal Mode

DO NOT scan in Safe Mode or do a full scan

Once finished click OK then Show Results

Make sure everything is check then select Remove Selected

Save the log for later

Reboot if requested

Step 5

Scan for viruses with a decent updated anti-virus program, if you dont have one then here are some FREE ones:

* Avast Free Edition - FREE FOR HOME / PERSONAL USE
* Avira Free Edition - FREE FOR HOME / PERSONAL USE
* Scan suspicious / unknown files with VirusTotal
* Use an online anti-virus scanner such as: TrendMicro HouseCall or Bit Defender or Panda etc
* Scan in Safe Mode for viruses / rootkits with Kaspersky Anti Viral Toolkit Pro (AVP)

Remember only ever install ONE real time AV product as more than one will slow you system down and cause conflicts

Step 6

Restart your system and see how the performance is doing.

Most if not all of the malware should now be gone

Post your MBAM log and results of any AV scans

Regards

viv0147

Step 7 buy an Apple Mac Computer no problems then

enigma52

stuartk, so how is this going to help speedy_gonzales run malwarebytes if the virus is preventing him from doing so? cos he will still have the problem when he tries to do your step 4

stuartk

Well spotted never noticed that

Rename MBAM to something else usually works

Regards

stuartk

davb wrote: »

Use MalwareBytes, possibly in safe mode with networking (F8 on boot). You may need to rename install file to something like qwerty.exe to allow it to install.

MBAM is ineffective in Safe Mode

It has to run in Normal Mode to do its job

Regards

davb

stuartk wrote: »

MBAM is ineffective in Safe Mode

It has to run in Normal Mode to do its job

Regards

I have used it in safe mode to get around infections like this, and it has cleaned them well - I would run another full scan later in a normal boot, but for something aggressive it gives a good start before it becomes fully active

stuartk

http://www.malwarebytes.org/forums/index.php?showtopic=5421

I wasted a lot of time etc with full scans etc before I seen this

Regards

Browntoa

rename the mbam.exe file to something else like cleanuppc.exe and try to run it again

if not then try combofix

:ComboFix.exe 3MB( From bleepingcomputer.com ) Right- Click , Save As

again you may need to rename combofix.exe to something else to get it to run

if you get either of them to run then post the log file it produces

enigma52

does combofix work on all op systems then, I thought it was only for certain ones like xp and 32 bit ones