Trojan threat

shermans · ‎07-09-2007

Can anyone advise as to what action to take to stop a trojan attack ?
I have Avast ! installed, and every ten minutes I get an alert to say that Avast! has blocked an attempt to instal a trojan. There are two processes reported regularly :
c:windows32/services exe - Win 32 Malware gen
and
Win32. sirefef.btt trojan
I have done the obvious things, namely :
1. Executed a virus scan - no results, except the above two items in the Virus Chest
2. Re-booted the router to change the ip address.
3. Re-booted the computer for the same reason.
Is there anything else I can do because it is driving me bonkers !
Thanks.

w23 · ‎08-01-2008

I'd suggest dowloading and running Malwarebytes and running a full scan first of all: http://downloads.malwarebytes.org/mbam-download.php this can sometimes find things that other a/v scans miss.

Call me 'w23'
At any given moment in the universe many things happen. Coincidence is a matter of how close these events are in space, time and relationship.
Opinions expressed in forum posts are those of the poster, others may have different views.

7up · ‎01-08-2007

Yup, anti virus is pretty much dead in the water these days as it doesn't pick up much. Malwarebytes is pretty good but only works (fully) for 15 days. It's long enough to help you though.
MalwareBytes doesn't always get rid of them though if they're installed with a rootkit so you may need TDSSKiller or RogueKiller to finish it off and remove the rootkit.
After that download ComboFix which will reinstall original versions of the affected operating system files (eg services.exe, explorer.exe etc) and will reset your systems security permissions such as firewall and UAC. Note you'll get all the annoying popups asking for permission again etc.
Google will find you the download links.
Of course sometimes you can simply boot into safe mode, remove some registry keys and rename the actual files / folders but that tactic doesn't always work and you really have to know what you're looking for.

I need a new signature... i'm bored of the old one!

rongtw · ‎01-12-2010

Sprite

malwarebytes is totally free ! with no time limit , Free updates & upgrades
its the best one to use http://www.malwarebytes.org/products/malwarebytes_free/

Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .

7up · ‎01-08-2007

I must have downloaded the trial pro version then. Either way it didn't remove the trojan but did at least pick it up and identify it.

I need a new signature... i'm bored of the old one!

pcathomerepairs · ‎30-07-2007

if you identified it you should be able to find a remover on the net for it

7up · ‎01-08-2007

365webhost247.co.uk you know that dragging up old threads just to find something to post about for publicity is pretty lame don't you?
1 subdomain for £6.50 per month? - Seriously?
Yikes.

I need a new signature... i'm bored of the old one!

Thunderclap · ‎08-09-2008

You can also try hitting the problem with Microsoft's Malicious Software Removal Tool
It's not perfect, but it can work and is free.
http://www.microsoft.com/en-gb/security/pc-security/malware-removal.aspx
Be sure to scan every memory stick, flash card, SIM and external HDD that has touched the machine too, as these can be vectors for the Malware via the disasterously implemented Windows Autorun file.

jelv · ‎10-04-2007

Quote from: Sprite
365webhost247.co.uk you know that dragging up old threads just to find something to post about for publicity is pretty lame don't you?
1 subdomain for £6.50 per month? - Seriously?
Yikes.

His signature appears to me to be in contravention of the forums rules:
[quote=http://community.plus.net/forum/index.php/topic,218.0.html#post_avatar]Avatars and Signatures
The forum moderators reserve the right to ask any member to change their Avatar and/or Signature, should they feel that it is inappropriate, or does not comply with the following guidelines;
Avatar size should be limited to 80 x 80 pixels and a maximum file size of 40kB
Use of the Plusnet (Force9, Free-On-Line, Metronet) Logo as an Avatar is reserved for staff.
Signatures should use no more space than 5 lines of standard sized text would, this includes any blank lines and images you choose to use. Image based signatures should be limited to 100 x 560 pixels and a maximum total file size of 40kB.
The use of advertising links which confer a benefit to the poster are not acceptable.

jelv (a.k.a Spoon Whittler)
Why I have left Plusnet (warning: long post!)
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)

7up · ‎01-08-2007

That doesn't worry me much really - I have no objection to it BUT he is answering threads which are old with answers that aren't really relevant just to gain attention. If he were my host I'd be worried about the quality of his tech support.
jim:quote

I need a new signature... i'm bored of the old one!

pcathomerepairs · ‎30-07-2007

I would be worried why your server is down all the time
as for my tech support i'm a network manager 5000 + systems in the daytime and have been for 15 + years
"what do you do?"
In my experience you get what you pay for how many subdomain would like?
and i will keep the price!
dont take it personal i know i wont lol

7up · ‎01-08-2007

So if you're so super experienced, why did you only post a one liner instead of something more helpful?
You're running a very clever idea. You know PN is picked up by google every 5-10 minutes and you've decided to get your company domain in on the action.
Smart yes. Immoral definitely.

I need a new signature... i'm bored of the old one!

pcathomerepairs · ‎30-07-2007

No im not what you call super experienced any one who thinks they are is dreaming and delusional.
just 45 years
The reason it was a one liner is simply because the original poster had not replied or identified that the problem
was still ongoing. I was not go to waste time like i am now.
Why dont you go to ninite.com and install and update all the securiy tools
im sure one of them will find or identify the problem for you then post the results

Trojan threat

Trojan threat

Re: Trojan threat

Re: Trojan threat

Re: Trojan threat

Re: Trojan threat

Re: Trojan threat

Re: Trojan threat

Re: Trojan threat

Re: Trojan threat

Re: Trojan threat

Re: Trojan threat

Re: Trojan threat

Re: Trojan threat