Help!

help trojan attacked
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Problem Solvers RSS
Next:  Cuba seeks to buy US materials for Ike recovery  
Author Message
rovingcowboy



Joined: Jan 26, 2003
Posts: 1216
PostPosted: Thu Sep 11, 2008 3:04 pm    Post subject: help trojan attacked
okay heres the situation.

1. computer xp
2. hit by Trojan
3. Trojan was called "Trojan advanced " by the av company
4. it was found and put in quarantine and was said to be cleaned out of the system.
5. it won't allow to be deleted by the av program.
6. in save mode a av scan found several other errors and virus's. and they were cleaned out but did not give notice in log or anything that they had been fixed.
7. used program to clean out and repair the system that pcratail said to get in the other thread, about my music troubles.
8. still can not get this Trojan out of the system it says not allowed to remove.


is there any way to get this Trojan out of the system that anyone knows about. this is NOT my computers it is an older gentleman's computer he is up there in age as i said else where he makes the shadow look like a high school kid.
he did not even remember how to get in to safe mode.
so i had to tell him that.
but every direction should be given out in words to help him such as ( left click the start button ) instead of ( go to the start button.)

that way he has exact steps incase he has to stop in the middle of it and do something else and needs to restart at the same step again.
now i know you say he should have a computer tech, he did. but his computer tech died on him at the age of 70. so he is without computer tech help only by a few friends like me over the Internet. or in an emergency his great grand kids.

so i am asking for his behalf.
does anyone know how to get rid of this pesky trojan.

Shocked
Back to top
Baby_Tux



Joined: Mar 06, 2007
Posts: 785
PostPosted: Thu Sep 11, 2008 3:55 pm    Post subject:
My advice is as follows:

First turn off system restore as this will bring back any viruses that are lurking - turn it back on when clean.

Try spybot S&D - along with AVAST FREE - ONE AT A TIME, though...
I say AVAST because it will let you run a scan at boot, this will bypass the OS & allow it to do its thing, the virus can't lock it then. (I'D TRY THIS FIRST)
Then alternate between these until all reports clean - may take a few passes to get it all.

If you need any details on how to run these, let me know.
Back to top
zlim



Joined: Mar 11, 2005
Posts: 2403
PostPosted: Thu Sep 11, 2008 8:46 pm    Post subject:
Quote:
Trojan was called "Trojan advanced " by the av company
What AV is he using? each company gives a trojan a different name. If i find out what another AV calls it, I'll have more ammunition to try and remove it.
Back to top
Baby_Tux



Joined: Mar 06, 2007
Posts: 785
PostPosted: Thu Sep 11, 2008 11:16 pm    Post subject:
...OR see if there is a removal tool for the specific "virus".
Back to top
rovingcowboy



Joined: Jan 26, 2003
Posts: 1216
PostPosted: Fri Sep 12, 2008 5:04 am    Post subject:
he use to use norton. but he got mad at them so i think he's using pc mag.. av program or panda? not sure off hand i'll have to ask but those are the ones he has said in the past.

Cool
Back to top
rovingcowboy



Joined: Jan 26, 2003
Posts: 1216
PostPosted: Fri Sep 12, 2008 8:35 am    Post subject:
okay here is what he did.


He spent much of the day yesterday at the computer trying to get rid of the Trojan virus that is quarantined. He bought two new programs online hoping they would help and Easy Clean, Registry Easy and Spyware Doctor
found and deleted tons of errors including some of the quarantined files. But he still has a few in quarantine that he can neither clean or delete and a message says that he don't have the authority to clean or delete.
He also scanned with System Mechanic, Regcure and PC Cillin Anti virus program. He has found and deleted bad files in the Registry.
He's looked for a solution on PC Cillin's web site and printed out 5 pages of instructions that he's not sure he can do.
Now is a time when he really miss's his friend who solved these problems for him but he died.
He keeps getting pop ups trying to install Earthlink Accelerator and a large pop up looking for computers. Something is mentioned about a "Wireless Network" that allows others into a computer. He has searched and found wireless network in the computer and wonders if it would be safe to delete it.

Cool
Back to top
Baby_Tux



Joined: Mar 06, 2007
Posts: 785
PostPosted: Fri Sep 12, 2008 1:28 pm    Post subject:
THIS is why I say he HAS to run an A/V at BOOT to bypass all the "YOU CAN"T DO THAT - NO AUTHORITY" hoopla. I DO believe it is the ONLY WAY he will get it all. PLUS, all the stuff I mentioned is FREE for the download. He is wrapping up a lot of money in stuff & really doesn't need to be.

As for the "WIRELES", MAYBE but I really don't know what all he has going there so I will says get the "viruses" off there then go from there. Also, depending on how bad he got hit, it MAY be easier / faster to just rebuild "IF" he has the necessary backups & drivers.
Back to top
hooNos



Joined: Mar 22, 2004
Posts: 295
PostPosted: Fri Sep 12, 2008 4:00 pm    Post subject:
1 - LEFT click Start Button (lower left hand corner of computer screen)

2 - MOVE mouse to RUN, LEFT click once and type "MSCONFIG" (but leave off the quotation marks), then tap the ENTER key ONCE.

3 - When the MSCONFIG window opens, LEFT mouse click once on the BOOT.INI tab, move mouse cursor down to SAFE BOOT and LEFT click once to place a TICK MARK (SMALL DOT) in the empty circle next to the SAFE BOOT option.

4 - Move mouse cursor down to the APPLY button and LEFT mouse click one time. When the window shows asking for a RESTART, LEFT mouse click on the RESTART NOW button one time.

The computer should restart on it's own and go into SAFE MODE. If it shows a choice of USERS or ACCOUNTS to choose from, be sure to LEFT mouse click once on the one that says "Administrator" (Without the quotation marks).

You can scan the computer from safe mode using your antivirus as well as your spyware programs.

Once your scans are done, be sure to follow steps 1 through 4 to REMOVE the TICK MARK from the SAFE BOOT option, then apply and restart once more.

Keep in mind, if any virus, trojan, worm etc. is quarantined, it is or should be essentially disabled and will not pose a further threat.

Hope this helps some. If your friend can't follow this, then he really needs to take the computer elsewhere. Perhaps a local school, senior center or some other commuity places would be able to help him further. Good luck


PS - forgot to mention this is based on many assumptions as very little info is supplied regarding hardware, etc. Hopefully, just knowing he's running XP will be sufficient enough for him to follow the above instructions and help repair his system. Sorry for the long post guys.
Back to top
rovingcowboy



Joined: Jan 26, 2003
Posts: 1216
PostPosted: Sun Sep 14, 2008 8:30 am    Post subject:
he's already dont that safe boot thing but thanks for the different step by step instructions
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Problem Solvers All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum