Trojan! Help!

RS_MCP · May 2008

I was surfing the web and a pop up had appeared, accidentally I clicked the run butter rather than cancel!

Now there has been a Trojan detected on my laptop after I ran a virus scan with my installed Mcafee security software.

How do I get rid of it?

royal · May 2008

Format if you do any type of banking. It's too much of a risk imo. Other than that, update definitions, scan, pray. The Trend Micro free online virus scan is actually really good. Check it out here Also, 2 good anti-spyware utilities I like to use are Spybot and Ad-aware. Still though, if it were me, I'd format.

hetty · May 2008

Update your virus definitions.
Run a scan.
Quarantine it.
Reboot to safe mode.
Run another scan to be safe.
Reboot.
Fingers crossed.
Run an anti-sypware program too & repeat.

royal wrote:

Format

Id do that depending on the Trojan. But you need to get your settings off first though.

RS_MCP · May 2008

My Desktop is telling me to install a antispyware software.

The link is linking to this website.

[moderated]

I need to know if this is safe?

hetty · May 2008

Dont provide a link to it! Nobody wants to get your malware dude!

And no its not safe.

royal · May 2008

hetty wrote:

royal wrote:

Format

But you need to get your settings off first though.

Well of course. That's assumed.

hetty · May 2008

royal wrote:

hetty wrote:

royal wrote:

Format

But you need to get your settings off first though.

Well of course. That's assumed.

Sorry, I was like an overprotective daddy there! Dont you format before getting your settings!!

RS_MCP · May 2008

Shall I purchase the "PC Cleaner"???

I ran the free scan and its telling me my condition is critical & I should purchase the product in order to remove and delete the Trojan...

What shall I do? I am to confused...

royal · May 2008

Well speaking of overprotective, that's why I push formatting in case of any type of infestation. Virii can spread and infect other stuff. As soon as I think I am infected, I virus scan to try to clean before I save, I then save, and then format. I just do too much stuff in investing, banking, etc. to take a risk of leaving a virus on my computer and having people access my accounts and mess with my finances. I don't care what type of virus it is. Even in the corporate world, a business really should have an image of their desktops, so when a virus hits a system, shut that machine down immediately before it spreads and re-image it. I understand the whole, well, it can be fixed argument and I know people will disagree with me with format and forget scanning, but on the other hand, there are a lot of people who agree. It's more of a matter of opinion and preference than a right or wrong.

dynamik · May 2008

That stuff's a scam dude. Either use a legitimate product or format (which is preferable, as others have mentioned).

RS_MCP · May 2008

Ok, Forget the scam products!

How do I format? Then what do I do?

royal · May 2008

You passed 70-270 and 70-290. You don't know how to format and install an operating system?

RS_MCP · May 2008

royal wrote:

You passed 70-270 and 70-290. You don't know how to format and install an operating system?

I do know how to format when installing an opearting system, must I start these steps again due to a Trojan? I have never been in this situation, so its a learning experience.

hetty · May 2008

In agreement with you royal, its too risky to take a chance.

RS_MCP you are going to need to know this basic stuff for your new job. And like royal is saying if you passed those exams then you should know what to do. Trojan is a virus which will take over your machine, so you need to remove it. But some Trojans are really hard to get rid off so formatting is the safest route, even if anti-virus and anti-spyware says you are safe.

royal · May 2008

Not sure what you don't get about this.

Not format and doing a clean = higher risk of virus still being on system due to software not catching it properly
Format and re-install OS = Hard Drive being wiped to ensure virus will not be resident when you re-install the OS

So you have 2 choices depending on the comfort of your risk tolerance. Clean with software and taking the higher risk or format and being more comfortable knowing that you spent more time formatting and re-installing with the assurance that the virus is gone.

hypnotoad · May 2008

Like Royal said, you have 2 choices. Regardless of what you do, back up your stuff.

By stuff I mean favorites, documents, music, movies, photos, etc. Don't back up your programs, they'll need reinstalled. Don't back up anything that might be part of this trojan. Either put it on storage on a server or an external drive or burn it to DVD.

P.S. don't purchase that bogus antivirus software. Just close those windows or click cancel.

Also, don't take your computer to best buy.

RS_MCP · May 2008

Well, I downloaded 'Windows OneCare Antivirus & Spyware'

It had detected 5 Trojans & Cleaned them all bringing my laptop back to its normal state.

Currently running a complete scan of my computer...

If I have any problems in the future then I will have no choice but to format.

Thank you all for your help. It is my first time dealing with an event like this & have learnt hell of a lot from it.

"I have the necessary certifications in my back pocket but that does not make me a Technical Expert! I am at a beginning learning stage in my IT career so have hell of a lot to take in as of yet...This is why I post threads like this because not only am I recieving great help but learning at the same time. If I dont know how to carry out the most piss easy tasks like 'Open the CD/DVD drive' then I will ask..."

Thank you once again for your help! Enjoy the bank holiday!

royal · May 2008

RS_MCP wrote:

It had detected 5 Trojans & Cleaned them all bringing my laptop back to its normal state, hopefully.

Fixed.

Really though, I'd still do the free online Trend Micro scan and do an Ad-Aware and Spybot scan. You can never be too sure.

Tyrant1919 · May 2008

Viruscan
Ad-Aware
HijackThis

A step people overlook that I can frequently discover things that scans miss. Manually look through your Program Files, Windows, and System 32 folders. Arrange by date modified, Look through folders that have been recently changed. You'll most likely find something suspicious if you have something that shouldn't be there. Look at the files under said folders too. Most can be deleted manually if the process is killed. Others will have to be safe moded to be cleaned.

The only 99% sure way is to format.

shednik · May 2008

I'm also a fan of Spyware Terminator I use that on all of my systems now seems to do a great job of detecting anything. But also I'd honestly reformat if you had 5 trojans it doesn't take that long to do and if you've never done it then I definitely do it because when your doing desktop support level work like it sounds you new job will be. That's a very common task when there is some issue, hopefully there will be a standard syspreped image for the the workstations but at times you will still need to do a clean install. So honestly like others have said if you do anything banking related and such do a clean install and possibly change password to critical accounts.

Just my 2 cents.

Mishra · May 2008

You really need to format so you can go through that learning experience. You have an excuse to format now, use it.

sthomas · May 2008

Like the others have said I would recommend doing a format and reinstall the OS as well. Just put the Windows CD in and boot to it and follow the instructions from there. Make sure you do a regular format as opposed to a quick format. As a matter of fact, I would do a low level format because of rootkits. You would have to download software from the internet and burn it to a CD to do that. That probably is not necessary in your case but I am just paraniod sometimes. It is somthing to keep in mind though.

manny355 · May 2008

I will +1 on most the posts here, and as a side note I would also suggest investing in some imaging software like Ghost or Acronis. This way after you format you can build yourself an image so that if this ever happens again you can get up and running with less of a headache.

Just my 2 cents

RS_MCP · May 2008

Ok guys, I will have to format as it is best advised!

Thank you.

dynamik · May 2008

It's really a judgment call on your part. Some Trojans are fairly innocuous and just do things like try to sell you a removal tool while other Trojan problems are more serious and may result in things like foreign military invasions or unexpected pregnancies. A format and clean install is the safest route to take.

hugolucky · May 2008

RS_MCP wrote:

I was surfing the web and a pop up had appeared, accidentally I clicked the run butter rather than cancel!

just for future reference, dont click the "cancel" button either, or any other button in any popup, always right-click on the taskbar and close there, or use task manager to close, its safer, good luck

Sie · May 2008

Mishra wrote:

You really need to format so you can go through that learning experience. You have an excuse to format now, use it.

+1

Thou do bear in mind you want to do a full scan of the data you saving off the box you dont want to move the virus off and back on again.

blargoe · May 2008

Tyrant1919 wrote:

Viruscan
Ad-Aware
HijackThis

A step people overlook that I can frequently discover things that scans miss. Manually look through your Program Files, Windows, and System 32 folders. Arrange by date modified, Look through folders that have been recently changed. You'll most likely find something suspicious if you have something that shouldn't be there. Look at the files under said folders too. Most can be deleted manually if the process is killed. Others will have to be safe moded to be cleaned.

The only 99% sure way is to format.

+1,000

That's the approach I usually take if I have a strong need to not reformat. Because when it comes down to it, you really can't depend on automated scanners to clean EVERYTHING off your system anymore. I've also found some nasty stuff on the root of C: and in the All Users profile folder.

One other thing I use is the utilities from Microsoft's Sysinternals site. Particularly, TCPView and Process Explorer. TCPView will give you all programs that have attempted TCP connections and to which host the connection is being attempted (or successfully connected). A lot of these malware programs will execute a script that will download nasty stuff to your computer, and you can often catch it in action using this approach. Process Explorer can tell you all the dll files associated with a particular executable.

blargoe · May 2008

Of course, if you can format, do.

EdTheLad · May 2008

RS_MCP wrote:

"I have the necessary certifications in my back pocket but that does not make me a Technical Expert! I am at a beginning learning stage in my IT career so have hell of a lot to take in as of yet..."

I've lost all respect for those certifications if this is the case.
I thaught the xp exam was about installation and all that fluff, if you have the cert, i expect you to be able to do.Formatting a harddrive does not require any expertise.

undomiel · May 2008

It's possible to pass the exam without doing any installations. He could be a troubleshooting and administration wizard after all. So no reason to be too harsh on him, after all he has a brilliant learning experience right here in front of him! As I recall it took 4 tries to pass the exam? Or was that for the 290. I might be confusing the two.

Trojan! Help!

Comments