Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Do I have a trojan?


  • Please log in to reply

#1
Brad2

Brad2

    Member

  • Member
  • PipPip
  • 26 posts
Here I am at Geekstogo.com again :) *sigh* Still the best place to come to.

Anyway,

My situation:

1. I bought an HP Pavilion last year with Vista on it, and I downgraded it this year to XP (it took a year for 3rd Party programmers to get the drivers out, because HP was too STUPID to have even one driver/device for Pavilion compatible with XP)
So, I thought the major (I mean MAJOR) crash I experienced 2 weeks ago to be because of my spit-n-tape fixing of XP, and maybe it was just two drivers conflicting.
About the crash: I couldn't restart it at all. No Safe Mode, No Restart at Last Known Configuration, No Nothing.
I had to install XP on my second harddrive (D:), access C: from it and use NTFS Undelete to salvage my files.
Then formatted C: and re-installed XP, uploaded the drivers, etc. etc.
Now it works.
(for now)

2.Here's where things get interesting . .
My website was hijacked just after the crash. But all that was done to it was a <iframe line of code in the index and home pages was re-directing visitors to a malicious site (usaforwarding.cn).
Got my site blacklisted by Google.
That's all been sorted out. Other than there were no brute force attempts on our FTP.
Our only conclusion is they got my password from my FTP program on this PC?
It certainly wasn't a low-level security password, by any means.

3. Finally, today I had a 'DrWatson Post Mortem Debugger has encountered a problem and has to close' message. My PC froze and I had to turn it off manually.

So, here I am.
Not knowing what to do next :)

Grudgingly, I must confess and also mention I was downloading something from the pirates bay just as it crashed.
Any connection there? or just coincidence?
(no judgement, please :) )
I assumed a virus/trojan from torrent files wouldn't be able to run until you clicked on it (??)
My wife said the last time she even went to that website, her anti-virus went bananas and she had to 'clean stuff up'

Thank you for your time and consideration.
Brad
  • 0

Advertisements


#2
rshaffer61

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
Yep torrents can infect without being activated as you say. No lectures but only help.

I suggest you go to the Malware Removal and Spyware Removal Forum and run all the steps located in the START HERE. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post the reguested logs in THAT forum. If you are unable to run any of the tools then start a new topic in the malware forum and put this in the subject line...I am unable to run any malware tools

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).
  • 0

#3
Brad2

Brad2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Thank you very much.
And now I know about torrents . . . I will be sure to use a condom next time. :)

In the mean time,
Off to the 'Malware and Spyware Cleaning Guide'
  • 0

#4
rshaffer61

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
Good luck and let us know how everything goes. :)
  • 0

#5
Brad2

Brad2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Malwarebytes run on Quick Scan came up with nothing, but I was sceptical on that, so I ran a Full Scan and found 2 Trojan-downloaders in the /System Volume Information folder.

Deleted those and assume everything is fine.

Thank you again for your time.
It's most appreciated.

Brad
  • 0

#6
rshaffer61

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
Start a new topic in the malware forum. Post the requested logs and let a malware tech do some deeper scans.
Trojans have a habit of hiding and can disguise themselves as legitimate programs.
  • 0

#7
Brad2

Brad2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
ok.
Will do.
  • 0

#8
Brad2

Brad2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I tried to add a new topic in the Malware removal section and got an error :)
  • 0

#9
rshaffer61

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
What error?
It may just be a hiccup. Try again and maybe even refresh the page.
  • 0

#10
Brad2

Brad2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I'll have to try on Monday. My machine's backing up and I'm out the door.
Woot! Friday! Woot!

One more day to Katurday.

PCs go on the shelf this weekend, let me tell you :)

Thank you again for your help and follow up.
Brad
  • 0

#11
rshaffer61

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
No problem and we will be here on Monday :) .
  • 0

#12
Brad2

Brad2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Morning.
I went to Security>Malware Removal Guide but can't post there.

I'm assuming I should post the logs in Security>Virus, Spyware & Trojan Removal (?)

(had a great weekend. still recovering. hehe)
  • 0

#13
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,640 posts

I'm assuming I should post the logs in Security>Virus, Spyware & Trojan Removal (?)


that's correct.
  • 0

#14
Brad2

Brad2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
oki doki.
Thank you
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP