Question:
Hi
I keep picking up Trojan horses. The first sign is when pc keeps crashing, I run a system test and AVG picks up the horse and chucks it out. But I've had 2 in the last 7 days and they are a pain!
The most likely suspects seem to eBay or the dating sites my daughter looks at.
I use AVG, zone alarm, Ad-aware and spyware blaster - but the little blighters keep charging under the radar.
Any ideas how I can shut the stable door?
thanks
Answers:
try reading this
are you running AVG etc in safe mode ??
Answers:
If the machine has been crashing there's a good chance AVG isn't dealing with the problem.
Can you tell us the filename and path of the detection?
ie: C:\Windows\System32\badfile.exe
Answers:
or stop visitng dodgy warez/porn sites
another thing, trojans are sometimes not classified as virus's, there is also a possibility that the trojans are new and the anti-virus software doesn't recognise them. Basically any anti-virus software will miss a virus/trojan if it is new and not been detected
Answers:
or stop visitng dodgy warez/porn sites
By the sounds of it this poster doesn't have teenage kids... not the younger realms of teens!
Bit moralistic isn't he/she?
When I was hit with a trojan, (was it my over 16 year old teen's porn or mine?), I invested in this :
Worked where other free anti-virus stuff, ad-aware, Spybot etc., didn't.
Answers:
Disable system restore then run a virus scan then re-enable sytem restore this will delete all the old system restore points, where sometimes the nastys hide.
Answers:
thanks for your replies folks (funny, I didn't get any email notification of replies??)
I will try a few things you have suggested and get back to you......
Answers:
Hi
well I followed your advice starting with Browntoa's link. It seemed my Windows updates etc had been disabled somehow so I set that right and the problem seemed to disappear. Good oh.
thanks everyone.
got another ? now, will post it seperately tho....
Answers:
I forgot to say however that, on logging on to eBay today I got about about 5 Zone Alarm messages saying that the firewall had blocked some intrusions so I guess there really is something attached to eBay??
Answers:
I forgot to say however that, on logging on to eBay today I got about about 5 Zone Alarm messages saying that the firewall had blocked some intrusions so I guess there really is something attached to eBay??
Not really. There are constant attempts to access your computer. Those ZA warnings are just that ... letting you know ZA is doing its job and stopping outsiders from getting through. Not necessarily from eBay. Like me you will get those warnings all the time unless you configure ZA not to pop up the little box each time it stops something.
My settings ...
I don't see those pop up boxes any more.
Answers:
go for free virus scan it will tell you what virus are on our computer
Answers:
go for free virus scan it will tell you what virus are on our computer
The direct link to Housecall is here .....
Yes it's good/excellent but, no, it doesn't necessarily show ALL viruses. Only what TM classify as a virus. That's why you should use a variey of scanners as they each seem to pick up things missed by others.
Furthermore, most free scanners will tell you what you have on your system but won't remove them all. However, if you use a scanner to ID a baddie at least you know what you are dealing with adn where it is located. We can tell you how to fix things if the scanner(s) won't do it.
Answers:
thanks for the info re zone alarm configuring, I will do that later.
There is a ? involved here, pleasebare with me while I explain the history....
However: as you know I suddenly began getting a proliferation of ZA about 10 days ago. I had had the programme a long time and the new activity seemed a bit odd.
The last couple of days they levelled out into one every 10 minutes. I felt something was not right so I went to the web page intending to update but instead went for a wipe clean and re-install. Since when the alerts (except for the ones I expect) have stopped. Which is all good.
Then I went back to ebay and immediately the page froze again after which I couldn't use any programmes or software (this has also been happening repeatedly and is what tipped me off to run a scan and fine the Trojan horses that began this thread.
So this time, instead of AVGI ran a ZA scan. That unearthed a virus linked called Java.ByteVerify!exploit. That was healed.
Question(at last!)
So, the ? is couldit have been the JavaBite virus that was causing the problems all along and AVG missed it?
Or, is it likely that I keep getting"re-infected" when I log on to eBAY (as that is the site that crashes first?)??
If yes to the latter eBay ?, what shall I do?
sorry to be so long-winded.....
thanks
Answers:
I suggest you go to . and manually patch your PC (do you have a security center icon in control panel, if not, your patches are well out of date).
install some antispyware software
etc.
clean out your IE cache
and run an independent scan
Answers:
thanks Albert. I have got Adaware and all my MSN patches are up to date. Am independent scan last Friday revealed no problems ( but I can try it again). I haven't dones the clean thing tho so will try that.No idea what my IE cache is tho.....
Answers:
your ie cache holds a copy of the pages that you have downloaded from the internet.
When you say your MSN patches are upto date, have you done a manual windows update?
No one AV or spyware scanner catches everything, which is why I suggest running an independent scan.
I would suggest running an anti spyware scanner all the time (e.g. defender), as ad-aware is a manual scanner, and won't pick things up at the time of infection.
The firewall blocking something every 10 minutes, is normal, unless you have a broadband router, which would block everything before it ever got near to zonealarm. Worth the £30-40 in my opinion, if you have broadband... (software firewalls can be turned off my malware, as can windows update, and A/V scanners.)
It is possible that your a/v scanner has been disabled, if it didn't pick anything up... you can test it by downloading an eicar file.
click on the eicar.com link, this is safe, it is a test file, to test that A/V software is working.., if you don't get a warning, then AVG isn't working.
you may also want to check that you don't have a rootkit infection
Answers:
try running pandssoftware.com
usually detects all hidden viruses
Answers:
...pandssoftware.com usually detects all hidden viruses
How many more times must we say this. NO IT DOES NOT. Anyway ksh123 is complaining of Trojans not viruses so chances are Activescan won't pick them up or ID them.
That said, I will agree with you that Panda Activescan is indeed another good online scanner - here....
- but remember it doesn't find or fix everything.
ksh123 > Try all scanners recommended in this thread (including Activescan). If you are still experiencing trojans try Trojanhunter.
It's specifically for Trojan detection and has a free fully working trial offer period.
[Please make a note of any/all malware the scanners can't (or won't) fix. We can do something about those to fix them manually.]
If still not fixed I'm going to guess you have an executible file hidden somewhere. Maye a file designed to act only when you go to eBay. You need to do two things.
1. Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option*.
Now navigate to this location .....
C > Documents & Settings > Owner > Application Data > Sun > Java > Deployment > Cache
Clear out the "Cache" folder. This is one place the JavaBytever malware hides.
By the way this is not your "temporary internet files" referred to earlier in this thread; they are in a different place depending on which browser you use.
Reverse this* procedure to "unhide" Hidden Files & folders.
2. Download HijackThis ["HJT"] from here ....
(5th blue box down; centre column)
Install it in a permanant place on your hard drive so you have the address C:\HJT.
Now scan your system with HJT. At the end of the scanning process (takes a few seconds) a notepad log report will appear. Copy & paste that report to this thread. We'll look at it to see if it shows anything bad.
Answers:
thanks PChelpman for this long list of help steps. I will carry them out later when I have a bit more time. (My brain hurts just reading it!) But seriously I DO thank you and Albert and others for their helpful suggestions which I have tried to follow.....
Since I re-installed ZA and Albert showed me how to stop the pop-ups and ZA found the JavaByte thingy things have been much improved. I think also doindg the manual check of updates also helped.
I have been on eBay this AM and it didn't crash!! Whoppeee
I am assuming tho that I should follow your suggestions now Pchelpman because they may also be preventative.
I donwloaded CCleaner, but haven't used it yet. Because when I told it to clean it said it would "permanently delete" files. Which areas can I ask it to clean in safety?
Answers:
Glad it's appatrently fixed. Let's hope it stays that way!
You should, nevertheless, clean out your java deployment cache - as indicated above - from time to time. It's just a little added help to keep the system clear of rubbish.
Trojanhunter ... you don't need to do that is all is OK and your Trojans are gone.
Housecall and Activescan are both good free online scanners. I recommend you use them both on a regular basis. They take a fair old time to scan your system fully so have a cup of tea or a beer while they are working.
As to Ccleaner ... after installing, go to Start > programs > CCleaner
Make sure the "windows" tab is selected
Under "internet explorer" tick...
Temporary internet files
Cookies
History
Recently typed URL's (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
under "Windows explorer"
Other explorer MRU's (leave this unticked if you DON'T want to clear lists such as the start\run list)
under "System"
Empty recycle bin
Temporary files
Memory Dumps
Chkdsk File Fragments
Old prefetch data
If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.
I personally do not have any of the others ticked ... but be it on your head if you want to tick any of the others.
If it offers you the option of installing a yahoo toolbar .... don't accept that option.
Also make sure your antivirus and firewall are reliable and up to date. ZA is fine in both areas.
If any scanning processes finds something it can't (or won't) fix then note down the problem and ask for help again here.
Don't forget .... if albertross or anyone else has recommended something that works please hit the "thank you" button so we know what worked well for you.
Safe surfing!