Trojan downloader found! [RESOLVED]
Posted 16 March 2008 - 02:10 AM
Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.
You will need to enter your name, e-mail address and location in order to access the download page.
- Once you have downloaded the file, double click the sarsfx icon
- Review the licence agreement and click on the Accept button
- The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
- Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
- Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
- Allow the program to scan your computer - please be patient as it may take some time
- Once the scan has completed a window will pop-up with the results of the scan - click OK to this
- In the main window, you will see each of the entries found by the scan (if any)
- If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
- Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
- If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
- To clean up these entries click on the Clean up checked items button
- If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
- Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
- When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now
Posted 19 March 2008 - 12:40 PM
Posted 21 March 2008 - 12:54 AM
Can you boot into safe mode and run a scan with the On Demand scanner as per its instructions to see what it finds.
Let me know what happens.
Edited by sarahw, 21 March 2008 - 12:54 AM.
Posted 23 March 2008 - 06:01 PM
Please download OTCleanIt from HERE to your desktop.
Double click to run it. It will clean up the assortment of tools used during malware removal. When it has finnished, it will ask you to reboot so it can remove itself.
A well protected computer should have at least an Anti Virus and Firewall, an Anti Spyware is also great addition to your computers security. Here is a list of tools I like to recommend to people that will help ensure safe surfing on the internet, and to help you from getting infected again.
Note: DO NOT install more than one antivirus or Firewall program. They will conflict, and provide less protection, not more. Uninstall any existing Anti Virus\Firewall programs if you're going to install a new one.
Free Online Scans:
Free Active X and Java based online scans. You can use these scans from other companies and it will not interfere with your current Anti Virus. If you find that you are infected, post a Hijack This log in the forums.
- Kapersky online scan
- Panda Online Scan
- F-Secure Online Scan
- TrendMicro HouseCall online scan
- Bit Defender online scan
Free Temp Cleaners:
Use these tools to clean temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. ATF cleaner recommended.
Free Firewall Downloads:
You must have a Firewall installed on your computer. This helps stop anything from leaving or entering your computer without your permission.
Free Anti Spyware Downloads:
An Antispyware is a great tool that can help remove infections along side your Anti Virus. Some include real time protection, scheduled scans and automatic definition updates.
- AVG Antispyware
- A-Squared Antispyware
- Spybot Search & Destroy
- Ad Aware
Free Anti Virus Downloads:
A must have for all computers. Avast! recommended.
- SpywareTerminator With ClamAV Enabled.
- Grisoft AVG
- Bit Defender Free
- a² Free
- Comodo BOClean
Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
This tool puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Great memory testing software.
This application gives detailed information about your system in a nice layout
Returns and monitors system temperatures.
- Windows Updates
It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read THIS article by Tony Klein.
If you have any other problems or questions be sure to ask.
Edited by sarahw, 24 March 2008 - 07:35 PM.
Posted 24 March 2008 - 05:55 PM
Posted 24 March 2008 - 07:35 PM
Sorry about that, the name and link has changed and I forgot to update my links. It should work now.
Posted 01 April 2008 - 04:08 AM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users