Tech Support banner

Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter #1
I have a laptop with Windows XP, and it was just recently infected with a Backdoor Trojan Horse over AIM. (This is all the information Norton gave me.)

I would've updated my antivirus software (since Norton says there is no trojan when I performed the full computer scan), but whenever I plug in my LAN connection, a box appears... The heading reads, "Powered by Freeprod.com," and inside the box, it reads, "Please wait, your content is loading." After a few seconds, a balloon appears and says that it is downloading, and the box will have a bar that reads how much has been downloaded. During this time, my browser (Firefox) will not open. The only way to stop the download is to unplug my LAN connection (since there is no cancel button).

My question is: Should I just let the virus download from "Freeprod.com" and see what happens so that I can access the internet? Or does my poor laptop need professional help to eliminate this pesky trojan?

Thanks for your help! :smile:
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
No, do not allow this to download it's payload.

If you can't access the internet without it trying to reach out, you'll need a friend's system to help you, and either a usb thumb drive, or a CDR so that you can carry a couple of programs to your infected system.

Please do this, either on your system (can you use IE without the trojan reaching out?) or on a friend's. If another system, download these programs, and copy them to USB drive or CDR, then follow the installation and scanning instructions on your infected system:

Please download Ad-aware at http://www.lavasoftusa.com/ and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go to http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml to download the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware at http://www.greyknight17.com/spyware.htm#adaware for better scan results. Run the scan and fix everything that it finds.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

Please download HijackThis http://www.greyknight17.com/spy/HijackThis.exe - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Do not run it yet.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Now open Ewido and do a scan on your system.

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Note: There is no need to purchase Ewido. It will remain as the freeware version after the trial period, which means the guard process will no longer work, but the scanner will be just as effective.

Restart your system in normal mode. Run HijackThis. Double click on the HijackThis.exe to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top