Results 1 to 6 of 6

Thread: How to get rid of a trojan/backdoor virus?

  1. #1
    Join Date
    Dec 2011
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default How to get rid of a trojan/backdoor virus?

    I left my laptop on all night, so internet was not responding (hate windows 7.) AVG said I had a trojan/backdoor virus and that I should quarantine it for later decision. I clicked quarantine, but my entire computer was frozen, not just internet. I had to turn off my laptop manually, then back on. I clicked on AVG so I could run a full computer scan. It said, "You may not have appropriate permission..." What? How could it not be appropriate? My mom said to fully shut it down and turn it back on; I did, but I got the same results. The only things accessible are the little icons on the bottom right corner and the right click options. HELP!!!!
    P.S. I'm using my WII.

  2. #2
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,162
    Thanks
    263
    Thanked 690 Times in 678 Posts

    Default

    Reformat the computer. If you have files that you need, then you should try to find a way to safely get them off the computer. The best way might be to take the computer to a computer repair store where they can take the hard drive out and load it on a new computer for you. Then copy the files; then reformat the computer and the virus will be gone.

    My guess is that the virus has gotten deep enough into the computer that it has more control than you do. Unless you are a highly trained and very experienced expert, the only way to be sure the virus is gone is to reformat the computer at this point.

    Another option, if you can do this, would be to create a new user and delete the old user. I don't know if the virus has gotten deep enough that it would be a problem there too, but it might at least give you a chance to back up your files.

    Also, if you have your windows disk then you can book in safe mode and see if that helps. Press F7 or F2 or something during startup (you'll see a notification to do that for a few seconds). Then maybe you can get your files off.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  3. #3
    Join Date
    Jan 2009
    Location
    NH
    Posts
    356
    Thanks
    54
    Thanked 10 Times in 10 Posts

    Exclamation

    I can help you out with this if you don't want to reformat. Reboot the computer into Safe Mode by shutting it down and when it starts back up rapidly tap the F8 key. Choose Safe Mode with Networking option.

    Your screen will look very different when it has Windows loaded because in Safe Mode you only see 16 colors.

    Once you go past and OK the few warnings, then start your web browser. Download Malwarebytes Anti-Malware and Hijack This and save them both to the desktop! (those are both direct download links so you don't google and get the wrong thing).

    =======================

    Go to the Control Panel to Folders Options and then to the View tab. Put a check mark next to Show hidden files and folders.

    =======================

    Malwarebytes Anti-Malware directions:

    close all programs and Windows on your computer, including this one.

    Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
    When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button. If MalwareBytes' prompts you to reboot, please do not do so.

    MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main dialog box.
    On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for Antivirus .NET related files.
    When the scan is finished a message box will appear
    You should click on the OK button to close the message box and continue with the removal process.

    You will now be back at the main Scanner screen. At this point you should click on the Show Results button.

    A screen displaying all the malware that the program found will be shown.
    Make sure that all the things it found are selected (checked) and click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
    When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. or you can relaunch MBAM and go to the logs tab to find it.
    Please copy and paste that log back here.

    ================================

    Hijack This directions:

    Double-click on the HijackThis.exe file. You should now see a screen similar to the figure below:


    Figure 1. HijackThis Startup screen when run for the first time

    We suggest you put a checkmark in the checkbox labeled Do not show this windows when I start HijackThis, designated by the blue arrow above, as most instructions you will given will not account for this screen. After you have put a checkmark in that checkbox, click on the None of the above, just start the program button, designated by the red arrow in the figure above. You will then be presented with the main HijackThis screen as seen in Figure 2 below.


    Figure 2. Starting Screen of Hijack This

    You should first click on the Config button, which is designated by the blue arrow in Figure 2, and confirm that your settings match those found in Figure 3 below. The options that should be checked are designated by the red arrow.


    Figure 3. HijackThis Configuration Options

    When you are done setting these options, press the back key and continue with the rest of the tutorial.

    To have HijackThis scan your computer for possible Hijackers, click on the Scan button designated by the red arrow in Figure 2. You will then be presented with a screen listing all the items found by the program as seen in Figure 4.


    Figure 4. Scan Results

    At this point, you will have a listing of all items found by HijackThis.

    If what you see seems confusing and daunting to you, then click on the Save Log button, designated by the red arrow, and save the log to your desktop!

    Copy and past the entire log here in this thread.

    Make a separate reply for the Malwarebytes log and the Hijack This log, because it will probably be too much text for one reply.

  4. #4
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,162
    Thanks
    263
    Thanked 690 Times in 678 Posts

    Default

    Mlegg, the information you are presenting is very useful. It may also be helpful to save the data on the hard drive.

    I completely agree that everything possible should be done to save the data and that doing what you've described may do that.

    However, I want to add a strong warning (not to you personally) that attempting to "clean" an infected computer is very dangerous. It is so much safer to reformat the hard drive. Even if you do everything well and there is some tiny trace of the virus left, then it might come back and reinfect the computer. If you're confident in your abilities then I can understand that. But personally I would always reformat rather than risk the continued use of an infected computer. For one thing, even if nothing is actively wrong, there might be a silent threat on the computer, such as a keylogger for credit card information. There's no way to prove that viruses are not on a computer-- anti-virus software uses a list of known threats, and it might miss something. But reformatting guarantees there's nothing on the hard drive and you can start over and everything will be secure, at least until another virus installs itself.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  5. #5
    Join Date
    Jan 2009
    Location
    NH
    Posts
    356
    Thanks
    54
    Thanked 10 Times in 10 Posts

    Default

    You are correct. It is up to the original poster to see if he wants to try and save his data or just do a format. Hopefully all of his data is already backed up somewhere because doing a format can be a quicker fix than going through the malware cleanup.

  6. #6
    Join Date
    Dec 2011
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    you should use avast... it is the best kep it up-to-date.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •