Help me battle this Trojan War?!?

Question

Okay, so I just barely started my winter break from college, only to have to deal with my parents very infected computer!

I need to get remove the following trojans:

Internet Security Add-On
Safety Alert 2006
Public Messenger ver. 2.03
Internet Explorer Security Plugin 2006

I don't know how they were loaded on; like I said, I just got home yesterday. I tried to remove them by simply using the Add/Remove Programs in System Tasks. When I try to remove them though, it asks me to restart my computer. I haven't, afraid that rebooting will only make the problem worse. Additionally, I've turned my computer into "Lockdown Mode", to prevent it from going online.

I've scanned the system with Spybot Search and Destroy, and McAfee Security Center, and neither found anything. I've deleted the Internet shortcuts it has created, but that's about it.

What do I do? Can anybody tell me a simple step by step solution to this problem?

And please, no junky download suggestions.

I can't get on the internet anymore! I tried rebooting the system, but that hasn't helped.

It seems like the virus has hijacked my Internet Explorer. I can't get onto any webpages except for virus'.

What do I do now?!

Answer 1

Audy,

You don't say if your parents have any antivirus or antispyware programs on their computer. If they do then follow the step below and use their programs when it is called for to run them.

If they do not have any and you cannot get to the internet to download some, then you have two choices.

You can use another computer, download the programs, save to a CD and then use them on your parents computer.

You can do a reformat of the computer. This will cause all data to be lost. Backing up the data will cause reinfection if it is infected when backed up.

The ewido (now AVG Antispyware) is the best Trojan remover available. Since most adware is installed by Trojans, I include the AdAware SE which is good at Trojans.

This procedure works for all Malware. Use any AntiVirus or AntiSpy program you choose.

Download and Update Ewido (now called the AVG Antispyware). Do not run:

http://www.ewido.net/en/download/...

Download AdAware SE and update. Do the setup. Do not run:

http://www.filehippo.com/download_ad-aware/

AdAware SE Setup:

1. Select "use custom scanning options" then select "customize". Make sure the following options are enabled: "scan within archives," "scan active processes," "scan registry," "deep scan registry," "scan my IE favorites for banned URLs," "scan my Hosts file."

2. Select the "tweak" option. Under "scanning engine," make sure "unload recognized processes and modules during scan" is enabled. Enable "scan registry for all users instead of current users."

3. Under "cleaning engine" turn on "always try to unload modules…," "during removal unload explorer and IE if necessary," "let windows remove files in use at next restart," and "delete quarantined items after restoring."

4. Use the "select drives and folders to scan" option to ensure that your entire hard drive is scanned (if you have more than one hard drive, scan all of them (of course, do not include floppy and CD/DVD).


TEMPORARILY SHOW HIDDEN FILES AND FOLDERS.

1. Click Start, and then click Control Panel.

2. Click Appearance and Themes, and then click Folder Options.

3. On the View tab, under Hidden files and folders, click "Show hidden files and folders", and clear(uncheck) the "Hide protected operating system files" check box.

IMPORTANT: Files are hidden by Windows for a very good reason. It is not wise to experiment with these files. Unfortunately, to successfully remove modern spyware we must turn this protection off temporarily. Please turn the protection back on when you have finished cleaning your system.


EMPTY INTERNET EXPLORER BROWSER CACHE:

1. On the Internet Explorer Tools menu, click Internet Options.

2. On the General tab, in the Temporary Internet Files section, click the Delete Files button. Select the Delete all offline content check box in the confirmation dialogue box that appears, click OK. Click OK again.

RESTART IN SAFE MODE:

To do this you need to hold down or repeatedly tap the F8 key while the computer is booting (when the computer is displaying a black screen with white text). When the boot menu appears, use your keyboard arrows to select "Safe Mode."

Safe Mode can look quite ugly. The color may look bad, and all of your desktop icons will be very large. This is normal.



START THE SCAN WITH YOUR ANTI-VIRUS OR ANTI-SPYWARE PROGRAM.


When the scan and removal are completed REBOOT COMPUTER. This will restart you in normal mode. DON'T FORGET TO RESET HIDDEN FILES AND FOLDERS.


NEW RESTORE POINT.

The RESTORE POINTS may be infected with the Malware and cannot be used.

HERE'S HOW:

1. Click Start, and then click Control Panel.

2. Click Performance and Maintenance, click System, and then click on the System Restore tab.

3. Select the Turn Off System Restore check box, click Apply, then restart your computer.

4. Return to the System Restore Tab and turn System Restore back on.


TO SET A NEW RESTORE POINT:

1. Click the Start button.

2. Point to Programs, then navigate to Accessories, then System Tools, then click System Restore.

3. Choose Create a restore point, and then click Next.

4. In the Restore point description box, type a name for your restore point, and then click Next.

5. Click OK.

NOTE: If you are using Windows XP Service Pack 2 (SP2) and are unable to access the Internet after removing Malware, there is a command that may fix the problem. It works by resetting the winsock catalogue. Click on Start, then Run and type CMD in the box. Click OK. Type "netsh winsock reset" (no quotes)into the DOS window that appears.


ADDITION INFORMATION ABOUT TROJANS:

There are Trojans that fall into the Smitfraud family. These require the use of a specialized program for removal. Here are two sites that specialize in removing these:

http://www.internetinspiration.co.uk/roguefix.htm

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

Answer 2

I understand you have run McAfee. I have is also. However a second option is in order for this one.

You can run a free online scan from Trendmicro. When I have tested it it takes some time to run it but it may be time well spent if it can fix any problems.

Download and run http://housecall.trendmicro.com/

If that can not fix it, try this powerful tool...

Download HijackThis---http://www.spywareinfo.com/~merijn/programs.php#hijackthis. Run and Save a Log. When you log comes up copy and paste the entire log at http://www.hijackthis.de/ . Analyze your results. You will then get a screen that will tell you if you have any nasty stuff in your computer. Follow instructions to deal with any nasties. CAUTION: This is a very powerful tool. Be careful.

Answer 3

Look for, install, and run ewido. You have to run it on safe mode though. Try restarting the machine, Sometimes when a program is installed or uninstalled it requires a windows reboot. Do not be afraid. But go ahead and try to download ewido into that machine and go on safe mode and run it. It gets rid of everything you have. I have used it on client computers and its an excellent tool to have,

Good Luck

Answer 4

You can try this antispyware which is said to be very good:

http://www.helpero.com/Questions-and-answers/Computers/Software/Are-there-any-good-FREE-spyware-programs_291.html

Helpero is a web site that helps every Internet user, from all over the world, solve any computer related problem. You can ask Helpero for free.

Answer 5

To remove them, you should try using AVG Free, it can be downloaded from http://www.grisoft.com. Please before you dismiss this answer as junky, Maximum PC magazine has rated it as the top free antivirus program. After you download it , Run it in safe mode.
Good luck with it.

Answer 6

the trojan war is myth and it think the battle of thermopylae isnt?(sorry not so sure) but the trojan war lasted for years and apperently the battle of thermopylae only lasted a few days

Answer 7

if u have a frnd in messenger tell them topass the firefox and then go online using firefox.. now go to add/remove and try to find it if u find it uninstall it otherwise get the asquared free or swatit free and remove the trojans

Answer 8

Have you try
Panda Anti-Virus? &
PC Cillin Internet security?

you can go on to their website and use 30 free trial, hope it helps

Answer 9

reboot ... then download hijack-this and run it to see wats going on ...