Travel Technology - Trojan removers

My fiancee's computer is infected with a Trojan, unfortunately.

I have mine pretty locked down, so mine was free of major trouble.

I ran Symantec Corporate, SpyBot, AdAware, CoolWeb Shredder, and X-Cleaner on it. Only the free online Kaspersky found the most recent problem.

Any suggestions for a (preferably freeware) program to remove them? The one it seems to have found is Win32.Apropo.v

Thanks. By the way, does anyone use the paid deluxe version of X-cleaner? I have been using the free one, which works well.

fuzz

Whew, when I first read the topic I thought "maybe acetone" but that would sure sting :)

Not sure, but have heard that http://www.ewido.net/en/download/ is effective against that Trojan. They have a few day freebie trial.

If you can go back to a system restore point before the infection it might be a bunch better.

Good luck.

I've never had a problem removing my own Trojans, but sometimes a bit of help putting them on can be nice.

(Sorry, couldn't resist the opportunity.)

Note to self-this is not omni
repeat as needed
This is not Omni

Are you cleaning it in safe mode? If you are not, you will never remove it, you need to boot in safe mode, the virus doesn't go into memory, clean it, then see if you got it all.

Microsoft antispyware is IMHO the current best.

If you apply a group of Longhorns, you will be able to defeat Trojans.

:D

ever tried www.pandasoftware.com/activescan ?
its free and IIRC is good on trojans, too

If you apply a group of Longhorns, you will be able to defeat Trojans.

:D
You can say that again

And this theory was proven this evening! :p

May I recommend www.housecall.antivirus.com. Don't forget to disable system restore.

Fuzz, if you still can't solve it, go this site, http://forums.spywareinfo.com/, and first search for the name of the virus, see what it used to clean it up, and, if that doesn't work, then create a Hijack This log, and post it there (following their rules about how to proceed), and someone will help you out.

"Hijack This" is a simple utility that lists a windows computer's startup programs, services, browser start pages, autoloading files, suspicious registry entrieds, etc., etc., etc. The people on that site are very good at resolving problems just based on looking at a HJT log.

If you apply a group of Longhorns, you will be able to defeat Trojans.

:D

Wow, it only took 6 replies.

:(

I've never had a problem removing my own Trojans, but sometimes a bit of help putting them on can be nice.

(Sorry, couldn't resist the opportunity.)

We think alike and was so glad that someone took the opportunity to provide an alternative answer to this challenging problem.

If you can go back to a system restore point before the infection it might be a bunch better.I was going to post a similar question today + found this thread (tho the answers are from last January)...

Situation: My Mom's barely used laptop has a trojan in the CMOS (I think that's what my husband said). Her virus software had expired and we were unaware.

One (last resort) option is to reinstall everything from scratch. While she doesn't have much on her PC, a) we have to get the program CDs from her house, b) it can all be time consuming and hoping we don't have to do all that, and c) I would have to try to reset everything so it looks like nothing happened (she'd probably use it even LESS if it seemed different :rolleyes: ).

So, does a system restore to a date before the infection help? Or just search around for some temporary/trial offers on programs that might help?

Thanks for any tips :)

NOD32 is a very powerful (and highly rated by AV-Comparatives) anti-malware program with a 30 day free trial that would probably solve your problem. It will find stuff in memory, archives and system restore, among other things.

Second choice would be AVG Anti-Spyware (formerly Ewido Anti-Spyware) also available on a 30 day free trial.

Download, install these programs, then update their respective malware database definitions, and then run scans with either or both of these.

I hate to suggest this...but...
can you ever trust an infected machine again?

What makes you think that the spyware hasn't affected the results of the scan?

I'd save my data and re-format and re-install....

This is coming from the guy who has a separate wireless subnet for guests b/c Im scared to let them on my lan :)

NOD32 is a very powerfulFunnily enough that is what we use and what had expired. So once we clear the virus, her pc will have that current + running again.

[/COLOR][COLOR="DarkSlateBlue"]I was going to post a similar question today + found this thread (tho the answers are from last January)...

Situation: My Mom's barely used laptop has a trojan in the CMOS (I think that's what my husband said). Her virus software had expired and we were unaware.Highly unlikely that the BIOS is infected. There are a number of anti-virus programs that have free trials, and some are free. I use a free one -- Grisoft AVG. A google search should get you a link.

Boot the computer in safe mode by pressing F8 when you see the initial POST screen (the one that reports your hard drives and other configuration specs). Select "Safe Mode - no networking." Run the anti-virus software. That should do it.

Alternatively, restoring the system to a date prior to the infection may solve the problem, but may not if the virus is in the master boot record or is some form of rootkit (the latter are the hardest to remove).

If you wind up re-installing the OS, make sure you re-partition the hard drive and don't just re-format it.

Highly unlikely that the BIOS is infected.Yes, it definitely is. My husband has been working on it yesterday and all morning today. Plus the keyboard map has been changed so you cannot type properly. Also system restore has been turned off -- so that isn't an option :( Also, cannot boot into safe mode....

Are you cleaning it in safe mode? If you are not, you will never remove it, you need to boot in safe mode, the virus doesn't go into memory, clean it, then see if you got it all.

And if there's a rootkit installed, even that isn't guaranteed. TI hate to say it, but these days, the only way to be absolutely certain that you have removed all infection is to start over with a clean install and restore your data files from backup.

Also, cannot boot into safe mode....
Thanks, but as I mentioned before, can't get into safe mode :(

Yes, it definitely is. My husband has been working on it yesterday and all morning today. Plus the keyboard map has been changed so you cannot type properly. Also system restore has been turned off -- so that isn't an option :( Also, cannot boot into safe mode....Everything you've described can be something other than BIOS. I've never heard of BIOS malware, but I suppose anything is possible. The only way to fix an infected BIOS is to reflash it, and that might not even be possible. You'll have to see if your manufacturer offers flashing software and a BIOS image (many do, but not all). If you can get the flashing program, boot the machine from a clean CD or floppy disk, run the flashing program, and then, to be on the safe side, I'd repartition and re-install the OS. However, what you're describing sounds a lot more like a rootkit or MBR infection than a BIOS infection.

Everything you've described can be something other than BIOS. I've never heard of BIOS malware, but I suppose anything is possible. The only way to fix an infected BIOS is to reflash it, and that might not even be possible. You'll have to see if your manufacturer offers flashing software and a BIOS image (many do, but not all). If you can get the flashing program, boot the machine from a clean CD or floppy disk, run the flashing program, and then, to be on the safe side, I'd repartition and re-install the OS. However, what you're describing sounds a lot more like a rootkit or MBR infection than a BIOS infection.
He's already reflashed the BIOS and also run rootkit detector -- nothing was spotted. FWIW, we think it happened sometime in late December, so it might be some new variety :(

He's already reflashed the BIOS and also run rootkit detector -- nothing was spotted. FWIW, we think it happened sometime in late December, so it might be some new variety :(
Anti-virus and anti-spyware programs have libraries that are updated daily and, in some cases, hourly. It's unlikely that you have a variant that hasn't been discovered yet.

If, in fact, the BIOS is infected, reflashing and then rebooting off the same hard drive will simply re-infect the machine. However, this thread sparked my curiosity, and I did some surfing -- I can find no credible reports of a BIOS virus. Viruses that wipe out the BIOS, preventing the machine from booting, yes, but a virus that actually re-programs the BIOS, no.

If you still think that's what you have, boot from a floppy or CD (or from the original system disks), reflash the BIOS from a floppy or CD, and follow the procedure below. Otherwise, you can skip the re-flashing step and just proceed as follows.

Notwithstanding the rootkit detector, a root kit or master boot record infection is what I'd suspect. These are extremely hard to detect, and no one program can detect all of them. I'd suggest backing up all data to a CD or DVD, re-partitioning the hard drive, and then re-installing the OS from the original system disks. Either do not leave the computer connected to the internet when you do this, or make sure you have it connected through a router that provides a hardware firewall (virtually all of them do). Once that's done, I'd immediately install a good virus program and spyware program (I'm aware of none that do both well). Then you can reconnect to the internet. Then scan the backed-up data on the CD or DVD to ensure that it's not infected. Then you can copy it back to the computer after you re-install your applications.

Highly unlikely that the BIOS is infected. There are a number of anti-virus programs that have free trials, and some are free. I use a free one -- Grisoft AVG. A google search should get you a link.


http://free.grisoft.com/

I second the recommendation for it; even taking cost out of the comparison the free version of AVG is better than Norton/Symantec in my experience, although the commercial AVG is worth considering (especially since the free anti-spyware from them, unlike the anti-virus, is not a full time monitor.)

I have had a few nasty things (>10) on my computers and a System Restore eliminated all but 2. Eliminating these took hours and hours of my (mostly forgotten) DOS knowledge.

MisterNice

This 'virus' disabled System Restore :( At this point, he is installing a new copy of the OS, then will flash update the BIOS, and hopefully it will be eradicated.

My husband (who has a degree in software engineering) has a relative in the IT Dept of a MAJOR corporation who told him today that BIOS viruses definitely exist, are created specifically for data mining, and that anti-spyware and anti-virus software does not necessarily catch them. Whereas he was fuming that some 14 y.o. was creating these evil things, turns out it is more likely to be commerically developed. Hope I have reiterated that properly...I do not have a degree or work in IT ;)

Hope I have reiterated that properly...I do not have a degree or work in IT ;)

You are right on the money...
BIOS viruses do exist and they are nasty but fortunately very rare. Typically you have 2 options. A) reflash the bios with a bootable CD from the manufacturer or B) pop the chip and replace it.

I also want to reiterate my previous statement- once you suspect infection, backup your files and format and re-install... you can never trust that system (OS Install) again. Once a virus or malware is in the system it can do anything, including cause your virus and malware scanners to report a clean system when they aren't clean.

Microsoft antispyware is IMHO the current best.

Which one

-Windows Defender

or

-Microsoft® Windows® Malicious Software Removal Tool

Thanks

Windows Defender, though I don't think that's the best on the market.

I recommend http://www.spybot.com/ which is also free.

I downloaded NOD32 as recommended in this thread as I am having problems with OE shutting down every time an email comes in but NOD32 couldn't continue the download and disappeared taking with it my Firefox and goodness only knows what else. I've done a system restore in order to try to rescue my bookmarks but to no avail.
Anyone got any ideas please?

bump


ANYONE?

bump


ANYONE?

Nope... I'm definitely here to stay ;)

Nope... I'm definitely here to stay ;)





Thank you for your reply!:( :td:

I downloaded NOD32 as recommended in this thread as I am having problems with OE shutting down every time an email comes in but NOD32 couldn't continue the download and disappeared taking with it my Firefox and goodness only knows what else. I've done a system restore in order to try to rescue my bookmarks but to no avail.
Anyone got any ideas please?

May not sound pretty, but this is what I'd do...

Go buy another (2nd) Hard Drive...something small and fast... an 60 raptor or something...
Install windows on it, treat it like a fresh install. When it boots you'll have your old drive as the D: (or whatever letter)...then search for your bookmarks file (bookmarks.html) and what ever other files you need to recover.

If you have space, move them to the new smaller system drive. Then format the old drive and move the files (and your "my docs" folder) to that drive.

You'll get several results and benifits. You get the result of having a known clean system. you get the result of a big performance increase from windows running on the faster drive...you then get a chance to recover files which are almost certinally there (unless destroyed by virus, in which case you can recover from backup)...then you have the protection of having files and the system on different drives.

Like I said, not pretty, but for me it would be easier, safer and cleaner and not without direct benefit.

Thank you so much SpaceBass. :)
Now that I know what is to be done I'll take my laptop to a computer shop and ask them to supply and instal a hardrive as youy recommend.
Margaret

Update of my issue(s). The original complaint my Mom had was that she got extra letters when she pressed keys to type her email. After analysis, we concluded she had a (nasty) virus. So to that end, the OS has been reinstalled, NOD32 updated (which had expired), flash updated the BIOS, run AdAware. So all the steps we can think of have been taken.

So now the laptop SEEMS to work fine....but none of this solved her original problem :( There are still 4 keys on the keypad that produce additional letters:
type T you get GT5
type Y you get HY6
type [ you get '[-
type ] you get ]=
Also, if you press the T several times, it will drop the '5', but if you start a new line you get GT5 :confused: Totally baffling :mad: Keyboard was totally cleaned, keys popped off and investigated, and no foreign matter found. Wanted to call Dell but the warranty expired. Hard to pin down to the remnant of a virus or a strange hardware issue. End result is she has a barely used laptop that has a problem and we can't seem to solve it :rolleyes:

All she knows is her laptop is still in the 'hospital' :(

What happned when you pluged in another keyboard?

What happned when you pluged in another keyboard?He did not plug in an external keyboard. But along those lines, the 'software keyboard' that you use onscreen works fine and doesn't produce extra characters.

For adware http://downloads.ewido.net/ewido_micro.exe is a good, safe, freeware one that often works. Free and easy so it is worth a try.

BTW if it is just a bad keyboard, they are fairly cheap and very easy to replace on Dell laptops. Look on EBay for a new one.

He did not plug in an external keyboard. But along those lines, the 'software keyboard' that you use onscreen works fine and doesn't produce extra characters.


sounds to me like its a defective keyboard...it doesn't take much... I've got an apple blue tooth keyboard doing the same thing
Occams Razor being what it is...

you should plug in a USB keyboard and see if you have the same problem. if not, then it is probably a bad keyboard. it happens...

A bit off-topic, but related to trojan removal...

Earlier this week, I was at the Four Seasons - Las Colinas in Dallas, for a company national sales meeting. Early Thursday morning I noticed an email on my BlackBerry from my company's CIO that a number of people who were attending our meeting, and had attached to the hotel's LAN, were reporting attacks on their notebook computers. Our CIO told anyone that had attached to the Four Season's network (hosted by Wayport), to immediately bring the notebooks in to a computer center we had set up in a conference room.

I had not attached to the Wayport network, but I caught up to the CIO about 8am Thursday morning and he, our helpdesk manager (who had been invited to the meeting), our training director, and I started looking at a couple of computers that had been brought in. It appears a trojan - "W32.Spybot" had been sent out, shortly after you agreed to the Wayport service. By about 9am, we had another dozen notebooks handed to us.

Apparently some hacker was monitoring Wayport's IP addresses at the hotel, and as soon as they saw a new connection, tried to get control of the user's machine, and take over by creating administrator rights on the client. There was no firewall in place on Wayport's network, or the Four Season's routers.

To make a long story short we ultimately found 22 machines with evidence of various levels of tampering. Cleaning the machines was time consuming (the four of us worked from 8:30am to 6:30pm non-stop), but not overly difficult. A combination of HijackThis, Spybot, Symantec virus protection suite, and McAfee's virus protection suite cured the outbreak.

Main lesson learned is to not assume that hotel networks have any security attached, always run your own client firewall (about half of the notebooks we got from our employees had no firewall enabled, despite being available on the machines - why they were turned off, we have no clue), and disconnect from the network when you are not going to be using the machine.

A note about the ISP - Wayport, who all of us road warriors see from time to time. They disown any liability, and if you have a problem, they run and hide. The Four Season's people I must say were as helpful as can be, and mightly embarrassed.

One other thing we learned. While Symantec is our company's virus protection suite, for this particular trojan, McAfee was far more effective. I suspect with other virus outbreaks, the reverse could be true. It's lucky that we still had an enterprise license with McAfee and could temporarily install their client, but maybe all companies should keep two solutions active for emergencies.

BTW if it is just a bad keyboard, they are fairly cheap and very easy to replace on Dell laptops. Look on EBay for a new one.Yes, this is now the route we are following... I was very happy (and surprised) to find out these keyboards are inexpensive. Ordered direct thru Dell (it was cheaper than some of the eBay ads) and it'll be here in a couple days. Hope that is the end of the traumas with this laptop!