We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Help!!! Trojan attack
ziggles50
Posts: 714 Forumite
in Techie Stuff
Hi
I left my laptop on sleep yesterday and on turning it on i found a message saying there was a password-stealing trojan that had infected it.
On trying to open avg it said it could not open it as it was infected- it is refusing to open everything and just comes up with this message. When trying to go onlne it says this website is potentially dangerous and goes to an antivirus site https://www.antivircat.com/shop and scans then trys to make me buy one of the packages.
I have logged on in safe mode and run avg which found nothing then i tried the portable superspyscanner thing and that found cookies and something about a switched off security centre. It did it's thing then on restarting in normal mode it still is infected.
I'm sorry i'm not very technical so don't have much proper info for you.
I'm not sure what to try next.
Any help would be gratefully received
I left my laptop on sleep yesterday and on turning it on i found a message saying there was a password-stealing trojan that had infected it.
On trying to open avg it said it could not open it as it was infected- it is refusing to open everything and just comes up with this message. When trying to go onlne it says this website is potentially dangerous and goes to an antivirus site https://www.antivircat.com/shop and scans then trys to make me buy one of the packages.
I have logged on in safe mode and run avg which found nothing then i tried the portable superspyscanner thing and that found cookies and something about a switched off security centre. It did it's thing then on restarting in normal mode it still is infected.
I'm sorry i'm not very technical so don't have much proper info for you.
I'm not sure what to try next.
Any help would be gratefully received
Blessed are the poor in spirit: for theirs is the kingdom of heaven
Matthew 5:3
0
Comments
-
Download malwarebyted: Download Malwarebytes Anti-Malware 1.46 - FileHippo.com
Install, UPDATE tab, CLICK FOR UPDATES, then run a quick scan for now. Post log produced here.
Then run Download HijackThis 2.0.2 - FileHippo.com
Install, DO A SYSTEM SCAN AND SAVE LOG. Post log here.
Also remove the link above please if it is an infected site.
After all this is done and your computer is clean from infections, we will change your antivirus to something better than AVG (but free) but please don't do that now.0 -
Do i need to put it on a usb and do it in safe mode?
Not sure what to do now as i only have the one stick and i'm scared it's infected too now?Blessed are the poor in spirit: for theirs is the kingdom of heavenMatthew 5:30 -
Can you access the link on the infected computer?
I think start in safe mode with networking and download malwarebytes.0 -
turn off the proxy in internet explorer, tools, internet options connections, lan settings before trying safe mode with networking!!
> . !!!! ----> .0 -
Hi here's the first log.
I've not removed done anything yet
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4601
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
12/09/2010 19:00:37
mbam-log-2010-09-12 (19-00-37).txt
Scan type: Quick scan
Objects scanned: 152403
Time elapsed: 16 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wkoxhdgu (Rogue.SecuritySuite) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Ibm\Local Settings\Application Data\tvspeupka\itosytouqiw.exe (Rogue.SecuritySuite) -> No action taken.
C:\Documents and Settings\Ibm\Local Settings\Temp\0.031856099379158676.exe (Rogue.SecuritySuite) -> No action taken.
C:\Documents and Settings\Ibm\Local Settings\Temp\8.022605209987557E8.exe (Rogue.SecuritySuite) -> No action taken.Blessed are the poor in spirit: for theirs is the kingdom of heavenMatthew 5:30 -
I guess rerun the scan and when it refinds these, I can't remember what the option will say but get malwarebytes to remove these bad things. I should have said to remove what it finds - sorry!0
-
sorry closed too late for proxy settings i've already done it.
I cannot download hijack this- it says system admin blockedBlessed are the poor in spirit: for theirs is the kingdom of heavenMatthew 5:30 -
Please rerun malwarebytes first.0
-
It removed the bits and then it restarted. i've logged on in safe mode again. i cannot get hijack to work. Should i be clicking on executables and not installer.Blessed are the poor in spirit: for theirs is the kingdom of heavenMatthew 5:30
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards