Very interesting Trojan on my computer.

stephenmadpotato · Apr 17, 2008

Hi all,
The otherday I downloaded a patch for photoshop off a non-adobe website, big mistake. It came with a wonderful trojan that is, with windows running impossible to delete. Internet explorer now has addons running that are clearly spyware, pornography now pops up everytime I change the website I'm on. My first reaction was damn I can get used to this, but now its a pain in the buttocks. Basically, I searched the name of the dll file and found it hidden away in my system32 folder. I tried to delete it, access denied, in use. Closed internet explorer. No go. Closed explorer.exe, deleted it through dos. Nope. I then downloaded Unlocker Assistant and figured out which proccesses it was using and it turns out it was lsass.exe, winlogin.exe and explorer.exe. Using the program I force ended lsass and explorer but when I got to winlogin, as soon as I ended the program my computer restarted. It didn't say logging off etc, it literally black screened and restarted. There would be no time to do a shutdown /a command on a dos prompt like with other programs. I tried making a batch file to do it for me but it is either not fast enough or winlogin.exe HAS to be running in order for windows to function. So now I have concluded I must make a boot disk of some sort so I can delete these files and restore peace back to my computer. Any ideas on what to use for a boot disk?

Anglepoise · Apr 17, 2008

I would recommend Bart PE.

http://www.nu2.nu/pebuilder/

You can make up a boot cd with your favorite anti virus software
and other tools on board and then delete the files required.

Good luck......

Norm · Apr 17, 2008

http://www2b.abc.net.au/science/techtalk/
A great site to ask this sort of question.
I'll post it for you otherwise it won't come up until the mods check it out.
You question is headed Trojan question.

Norm

gallagho · Apr 17, 2008

Hiya,

This program may allow you to delete it.

http://ccollomb.free.fr/unlocker/

Owen

orbital · Apr 17, 2008

+

Bite the bullet & cut your losses,...Reformat time.

A Reformatted computer will run faster with clean Registry ect..

NA8 · Apr 17, 2008

These CDs are handy for this kind of thing:

http://www.knopper.net/knoppix/index-en.html

Here's a couple of articles about it at Tom's Hardware.

http://www.tomshardware.com/reviews/fly,765.html

http://www.tomshardware.com/reviews/knoppix-linux-usb,1293.html

However, I'd try this free stinger.exe program from McAffee first. Might fix your problems in ten minutes.

Latest version 9/10/2007 is 3.8.0:

http://vil.nai.com/vil/stinger/

stephenmadpotato · Apr 17, 2008

gallagho said:
Hiya,

This program may allow you to delete it.

http://ccollomb.free.fr/unlocker/

Owen

Hi,
Thanks for the attempt, but I stated that I already have tried that.

stephenmadpotato · Apr 17, 2008

orbital said:
+

Bite the bullet & cut your losses,...Reformat time.

A Reformatted computer will run faster with clean Registry ect..

I don't really want to format my computer as I do not have any way to recover it because I installed XP borrowing a friends disk. I am not interesting in spending 100 bucks for vista

AlexGT · Apr 17, 2008

Try running the following

Spybot search and destroy
Adaware
Xcleaner (Online)

And some internet based virus cleaners

HTH
AlexGT

glockboy · Apr 17, 2008

Try system restore.

NeonLights · Apr 17, 2008

glockboy said:
Try system restore.

x2 Surprised no one mentioned this earlier. I've used this a number of times to delete trojans, viruses, etc that I couldn't remove by other means. Any more it is usually the first thing I try.

tygger · Apr 17, 2008

Don't know if this will help but it might be worth a try. Microsoft's Autoruns (free) is a great way to micromanage your startup.

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

matrixshaman · Apr 17, 2008

If you don't know your way around DOS well you can get this program (Move on boot) that lets you delete 'undeletable files' - which you mark and then upon reboot it gets rid of them before Windows takes over : Link Spyware Doctor and a lot of other utilities may also take care of it. You might want to consider running your browser in a Sandbox from now on also. Anvir task manager is also a great tool that lets you control programs and prevent anything from starting up that you don't want. It will also give a greater degree of control over tasks than Windows task manager.

matrixshaman · Apr 17, 2008

One other way I deal with 'sticky' files is to boot Linux from a flash drive or CD and then get on the Windows hard drive - you can delete things that way too but I'll assume if you were familiar with using Linux you would have already done that - and it's a whole new world if you haven't used it. But just a thought for the future possibly as another way to take control of Windoze...

mechBgon · Apr 18, 2008

Yeah, give System Restore a whirl for sure. It's on the Start > All Programs > Accessories > System Tools menu.

I'd also suggest removing whatever antivirus software you're using (if any) and installing a free 30-day trial of Kaspersky AntiVirus 7 as a removal tool.

After installing Kaspersky, right-click the red "K" icon in the system tray, choose "Settings," and go through all the Settings panels to max out all the detections and enable detection of Potentially Dangerous Software. Then run a full Scan My Computer. KAV7 has ways of dealing with undeletable malware at reboot, so if it finds stuff (which is likely), plan on rebooting when prompted.

To accompany that, also scan with the free version of SuperAntispyware. And since I'm betting your Trojan is a Vundo variant, also run the Malicious Software Removal Tool, which now targets Vundo along with Zlob and other junk.

When the 30-day Kaspersky trial expires, just right-click the red "K" icon in your system tray, choose "Exit," and then you can uninstall KAV using Add/Remove Programs. It uninstalls pretty cleanly, unlike some security software :thumbsup: If you need a free antivirus for the long haul, AntiVir PE Classic is a top performer.

How's it doing after those steps? By the way, I'd be interested in knowing the site that was the source of the Trojan, if you feel like sharing that info. I can infect my malware-testing system and see what works against the malware.

Lichtschalter · Apr 18, 2008

+1 on SuperAntiSpyware. IMHO the best anti-malware tool.

You could also try PrevXCSI

If these two won't help, re-formatting and setting up a clean system is the way to go.

And remember to change your passwords, as some of them may have been stolen / captured by the trojan!

B@rt · Apr 18, 2008

Do a search for Smitfraud.reg, that will get rid of the Trojan.

jezzyp · Apr 18, 2008

I used the smitfraud and it worked.
Then I installed firefox and no longer use IE
I got rid of norton internet security which let the damn thing through.
I now use the full AVG security package (as the free stuff doesn't provide as much cover)

e2x2e · Apr 18, 2008

I've never had anything that SuperAntiSpyware or Smitfraud fix couldn't remove. Just a heads up

ftumch33 · Apr 19, 2008

sometimes I had a trojan bad like this I would reboot in safe mode and then do a virus scan . Usually gets rid of it. System restore usually doesn`t work as it gives the virus a restore point at times. CW shredder was a good free one I used to use when I had problems with `coolweb search`

Very interesting Trojan on my computer.

Enlightened

Flashlight Enthusiast

Retired Administrator

Enlightened

Flashlight Enthusiast

Flashlight Enthusiast

Enlightened

Enlightened

Flashlight Enthusiast

Flashlight Enthusiast

Flashlight Enthusiast

Enlightened

Flashlight Enthusiast

Flashlight Enthusiast

Enlightened

Newly Enlightened

Flashaholic

Enlightened

Enlightened

Enlightened

Similar threads