Announcement

Collapse
No announcement yet.

Virus/Trojan - help!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Virus/Trojan - help!

    OK, stupid ol' me has managed to get some kind of virus/trojan, and I'm having very little luck getting rid of it.

    AVG pops up every time I open a browser to say it's found something. The file is some garbage DLL, and the "infection" is described as "Trojan horse injector.el" - which i'd guess is just something that tries to install a trojan judging by the name. Browser starts up fine, and AVG apparently deals with it.

    For a period any time I searched in google, following the links would take me to some spam sites, at least some of the time.
    Tried to run spybot SD but it wouldn't load. Found out that the exe had been renamed by the virus/trojan, so figured out how to get it running, and eventually managed a scan. It fixed something like ZlobDNSchanger which I guess changed my DNS settings, hence the google weirdness. Browser works fine now.

    AVG/spybot aren't finding the root though. I've tried to download & install hijackthis, but the installer BSODs, presumably the virus at work. I downloaded a zip, but the exe won't run, again I guess the virus.

    Bottom line - anyone have any ideas either:
    a) what the bloody thing is called so I can google for help
    a) what I can do to get rid of it
    b) how to get hijackthis running so I can give people more info as to how to help
    c) anywhere else sensible to ask. I know there's better places but I can't remember their names.

    Thanks!

    #2
    On a thread below. Spatial101, posted a link to this, which even though i thought i was 100% clean, even i found something on my computer. So see if this helps..

    Malwarebytes offers advanced antivirus, anti-malware, privacy and scam protection for all your devices. Protect your digital life today.




    Also, you could try. kaspersky online scanner, take a small while to run, but might help too...

    Download Kaspersky free or trial version products and protect yourself against latest cyber attacks and threats. Get ultimate virus protection with Kaspersky cyber security software.
    Last edited by wonderboy; 17-06-2009, 17:23.

    Comment


      #3
      Cheers, but same story as with spybot - won't start

      Comment


        #4
        Doesn't anything stand out as "bad" if you look in the running processes?

        Comment


          #5
          Did you try to start the computer in safe mode..?

          Comment


            #6
            run the computer in safemode, then run a virus scan.

            Failing that, http://trendmicro.housecall.com (gets around most viruses that disable scanners)

            Failing that, run hijack this and post the log here.

            Comment


              #7
              I'd run hijack this if I could! See first post...

              have run full scans in AVG in normal and safe mode. Normal it seems to either crash or just stall (10 hrs gone...) and safe mode it just didn't find anything.

              Tried housecall once and it didn't seem to work, but I'll give it another try...

              Process wise yeah, I've got 729117.tmp but that's not too helpful. If I close it it'll come back.

              Comment


                #8
                I think there's a good chance you've got a root kit that's been partially removed but not completely. It tries to link to a dll, doesn't find it and blue screens.

                If hijackthis won't run in safe mode, run regedit.

                Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\run

                and

                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\run

                Delete any keys with randomised, mispelled or suspicious names (has to be in safe mode). if that doesn't fix it, you'll likely need to use rootkit revealer.

                *edit*

                Aaaaand I've discovered I've been infected with something too. Pain in the arse.
                Last edited by abigsmurf; 17-06-2009, 18:14.

                Comment


                  #9
                  Thanks for all the suggestions so far!
                  Have got malwarebytes thingy running by changing the filename. That's scanning so we'll see how it does. then I'll try safe mode registry and rootkitremover. Keep the suggestions coming though - the more the merrier!

                  Comment


                    #10
                    You can try this site:

                    The online antivirus that allows you to scan and protect your Windows and Android devices for free

                    Comment


                      #11
                      Did you get any luck in the end Psyduck ?

                      Comment


                        #12
                        I've been finding MalwareBytes really effective recently. Download the most recent version (might be necessary to do so on another machine) and install it. If nothing happens when you run the mban-setup.exe then rename it to grgfyrg.exe (or anything).

                        When it's finished setting up - assuming it doesn't run - then go into the Start Menu, find the MalwareBytes icon, right-click on it and choose properties. In the new shortcut properties window that comes up click the "Find Target" button (might be on a different tab) and then this will open a window to "C:\Program Files\MalwareBytes\" or something, but an mbam.exe file (I think it's called) will be highlighted. Make a copy of this in the same folder, and rename it randomly to rfhuhko.exe or whatever. Now run that.


                        EDIT: should have read the whole thread.

                        But for anyone else: I'm pretty much seeing this to be successful at the moment.
                        Last edited by Strolls; 18-06-2009, 05:47.

                        Comment


                          #13
                          You should be able to run HijackThis by renaming the exe in the same way - I had to do this when I got caught by a virus attack recently.

                          Comment


                            #14
                            Cheers for all the help. Went for a reinstall of windows in the end, at least I could be sure that would work! Won't take too long to get everything back on.

                            Comment

                            Working...
                            X