Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32 TratBHO Trojan [RESOLVED]


  • This topic is locked This topic is locked

#16
IndiGenus

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Hi,

Again, we'll repeat here one more time. You should remove anything that has to do with a crack or keygen from your downloads folder. For the future too, if you continue to download this stuff off P2P or the Torrents you will be back here or one of the other forums again, looking for help to get cleaned. Some of the forums are now even refusing to help users if they are running P2P or any file sharing software. It is the source of such a high percentage of the infections we see here. I'll get off my soapbox now, you've been warned.

Let's finish the clean up and I'll give some other advice for staying clean.

You can delete the SDFix tool and any files/folders that were created, such as C:\SDFix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


  • Posted Image
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.

~~~~~~~~~~~~~~~~~~~~~~~~~

In addition to updating and running your current security tools you may want to consider the following:

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some free and evalutation versions that provide
better security than the Windows Firewall. Comodo
ZoneAlarm Firewall
Outpost Firewall
For a tutorial on Firewalls and a listing of some other available ones see the link below:
Understanding and Using Firewalls

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Ad-Aware - Ad-Aware SE You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Install SpywareGuard - SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
A tutorial on installing & using this product can be found here:
Using SpywareGuard to protect your computer from Spyware and Malware

Use IESpy-Ad -
IESpy-Ad will block access to malicious websites so you cannot be redirected to them from an infected site or email. Instructions for set up and use can be found at the website.

Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.

Here is a great link to a post here on securing your PC after an attack.
http://www.geekstogo...;page=How_did_I
  • 0

Advertisements


#17
welder572

welder572

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Deleted all of the files that have "keygen" and "crack" in the file names, but what about the ones that have "working key" or "key" in the names?

Should I also take off some of the other programs you have instructed me to download?
  • 0

#18
IndiGenus

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Hi,

It's ultimately up to you what programs to keep and what to remove. I believe all of those programs were downloaded or obtained in a "non-legit." manner. ie. P2P, Torrents, ect... in that case they should all be removed, but again, it's up to you. You take the risk if you run any of those keygens, "keys", cracks, ect... that you will be infected again real quick.

When you say remove "other programs" I assume you mean AVG and ATFCleaner. Again, up to you. I personally use the free version of AVG for one time scans and ATFCleaner about once a week for general cleaning. But you can remove them if you like.
  • 0

#19
welder572

welder572

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
O.K. all is deleted, spyware and malware stuff is installed, and a lesson has been learned. I would like to ask where the Boonty games thing came from. Is it on alot of game sites or just one certain place? Sorry to ask so many questions, but I am semi-technologically impaired.
  • 0

#20
IndiGenus

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Hi,

It's hard for us to know where the Boonty Games came from. You or someone else who uses the computer could have downloaded it directly from their website. It could have been bundled with another game or program. Most likely if we had to guess it was picked up with most of the other Malware you had through P2P/Torrents. So there is more evidence to avoid the use of cracks, keygens, ect...you asked. :)
  • 0

#21
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP