Trojan /spyware

Discussion in 'Computer Security' started by zxspectrum, Aug 29, 2008.

  1. zxspectrum

    zxspectrum Terabyte Poster Forum Leader Gold Member

    2,092
    216
    244
    Right guys im having trouble with my computer. Ive got either a virus or trojan that i need to sort out my AV etc. I changed from Kaspersky, as it couldnt get rid of it, and put drive sentry on which is pants. I also put spybot search and destroy on but im still struggling with the bleeding thing.

    Ive even taken system restore off, and ran windows defender but i cant seem to get rid still. Does any one know of an online scanner that i can use. Ive tried panda mcaffee and trend micro


    Ed
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  2. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    Avast! + Malwarebytes' Anti-Malware = Clean computer.

    Download both, update both. Get avast! to do a bootscan (prior to entering windows) and do a full sweep with malwarebytes. Should clear most things right up.

    Else do my favourite - reformat. :p

    If you can give us some more information we'll be able to help more. :)

    Qs

    EDIT - Oh, and Windows Defender is a horrible, horrible piece of software.
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  3. UCHEEKYMONKEY
    Honorary Member

    UCHEEKYMONKEY R.I.P - gone but never forgotten. Gold Member

    4,140
    58
    214
    I concur:thumbleft there's some good links from Q's there!:biggrin

    Anychance you can tell us what the name of this spyware is? the latest one that seems to be doing the rounds is Antivirus 2008 xp. It's a real pain to remove!!:(
     
    Certifications: Comptia A+
    WIP: Comptia N+
  4. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    Haha funny you mention Antivirus 2008 xp matey. I cleaned up work colleauge's laptop which had that on. She apparantly took it into her local PC repair shop and they were going to charge her £50 to remove it.

    I told her to bring it in and cleaned it up in less than an hour. :)

    The next day I come to start work and there's a bottle of Southern Comfort on my desk with a thank you card.

    Morale of the story - fix random people's computers - get free booze. :p
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  5. UCHEEKYMONKEY
    Honorary Member

    UCHEEKYMONKEY R.I.P - gone but never forgotten. Gold Member

    4,140
    58
    214
    1/2 hour to do the following:-

    Unregister XP Antivirus 2008 DLL Files:
    (Learn how to do this)
    shlwapi.dll
    wininet.dll

    Stop XP Antivirus 2008 Processes:
    (Learn how to do this)
    XPAntivirus.exe
    XPAntivirusUpdate.exe
    xpa.exe
    xpa2008.exe

    Find and Delete these XP Antivirus 2008:
    (Learn how to do this)
    xpa.exe
    xpa2008.exe
    XPAntivirus.exe
    XPAntivirusUpdate.exe
    shlwapi.dll
    wininet.dll
    XP antivirus
    XPAntivirus.lnk
    Uninstall XPAntivirus.lnk
    XPAntivirus on the Web.lnk
    XPAntivirus.url
    XP Antivirus 2008.lnk
    Uninstall XP Antivirus 2008.lnk

    Remove XP Antivirus 2008 Registry Values:
    (Learn how to do this)
    HKEY_USERS\Software\XP antivirus

    Source


    blimey:ohmy you must a fast on the keyboard!:biggrin
     
    Certifications: Comptia A+
    WIP: Comptia N+
  6. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    Lol I said less than an hour but I was approximating.

    Regardless you don't need to manually edit out the registry entries in all cases, it depends how deep the installation is. In my case Malwarebytes and Avast! removed the lot, no manual intervention required.

    Source - here

    And I quote - "Automated Removal Instructions for Antivirus XP 2008 using Malwarebytes' Anti-Malware:"

    Why perform extra painstaking work when you can get a program to do it for you? :p
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  7. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    Because most of them do an abysmal job at automatically removing them. Although the apps you recommended are decent apps, *nothing* seems to be able to remove even HALF of what's there. Never rely on *any* anti-malware app to do the job automatically, because it *will* miss stuff, I promise you.

    Said more plainly... you might *think* it's clean... but it's usually not.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  8. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    I checked manually once the program had finished its work and I couldn't find anything at all. I'm not one to be ignorant and assume that such programs would work flawlessly - in this case it did though. :)
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  9. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    It might have, in this case... all I'm saying is that one cannot simply assume:

    Assuming so is a recipe for continued infection.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  10. UCHEEKYMONKEY
    Honorary Member

    UCHEEKYMONKEY R.I.P - gone but never forgotten. Gold Member

    4,140
    58
    214
    BM - does have an interesting point!:biggrin

    Although you can use a program to remove or quarantine Antivirus 2008. It's not always gone!

    At work it's caught a lot of people out and although the antivirus symantec detect it, it did not remove it and even spy doctor, which stated it detected and remove it. well it came back after another signed onto the network client PC. I'm not convinced you can have a clean system unless you either re-format or run the neccessary checks in the manual removal instructions!8)
     
    Certifications: Comptia A+
    WIP: Comptia N+
  11. zxspectrum

    zxspectrum Terabyte Poster Forum Leader Gold Member

    2,092
    216
    244
    Well guys i have tried everything, every tye of online scanner you can think of and several sets of antivirus. Nothing has got it , its always coming back . So i think ill just reformat the computer as that would be the most surefire way of getting rid of the thing.

    One question though,im going to put all my music on a network stirage drive, will they become infected at all or will they be ok .

    Ed
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  12. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,373
    89
    190
    copy the data across, and then do a through scan on the network drive
     
  13. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    It looks like it is reinstalling itself when connected to the internet. You could try the scans in safe mode and also remove the spyware from the notes above.

    You are probably looking a full reinstall tbh though.

    Going back to original post you might have wanted to try a system restore first before you remove all the system restore points.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  14. zxspectrum

    zxspectrum Terabyte Poster Forum Leader Gold Member

    2,092
    216
    244
    Well guys i managed to get rid of it and it was the virus below.



    I basically did an online virus scan in safe mode with networking so i had a net connection then i went to www.trendmicro.com and followed tthe instructions.

    So far so good, no thing has popped up telling me that i need to have my computer looked at. Also it was quite a sophisticated virus and i suppose to the normal everyday user they would quite easily have panicked.

    Ed
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  15. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    UCM, how does this happen? Where I am all the users are running with a normal user account and don't have the rights to install anything.
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.