Stubborn Trojan

[#HBC | Ryker]

I've got a Crypt trojan from an anime streaming site. I'm running Windows 7 with free AVG antivirus and I can't pick the damn thing up. It creates a new file every two minutes or so and I catch all of those, but I can't find the origin. AVG didn't find it on scan. Google isn't helping. I'm out of ideas.

 

[John2k4]

Ryker message me on Skype - I deal with these things all the time.

 

[asianaussie]

at the risk of a redundant post

malwarebytes it up

 

[John2k4]

at the risk of a redundant post

malwarebytes it up

That's exactly what I had him do; seems to have resolved it. =P

 

[#HBC | Ryker]

Didn't work. Unfortunately. It found two files and I thought it was done.

 

[Morin0]

Sounds like it's time to reinstall Windows. That's what I did after I had a similar problem.

 

[GwJ]

Sounds like it's time to reinstall Windows. That's what I did after I had a similar problem.

You sound like my 57 year old father.

>Virus?
>Reinstall Windows

>Can't find "My Pictures"?
>Reinstall Windows

 

[M@v]

Didn't work. Unfortunately. It found two files and I thought it was done.

Computer security major here.

This is starting to sound like a root kit to me, especially since malware bytes supposedly didnt remove it. Its a damn good piece of software. I just dealt with a rootkit last week and this situation has similarities to the one I ran into. The rootkit might be making these new files. Even if you keep killing the ones its making its no going to do you any good as long as the source is still there.

What is a rootkit? http://en.wikipedia.org/wiki/Rootkit
I doubt you'll need to reinstall windows, but sometimes you need to. Read below for more tips and questions I have:


What are the infected files names malware bytes picks up? Screen shot would be awesome.
Does malware bytes say you need to restart to remove the files, then it doesn't?
Have you tried a system restore to before when you think you got the malware? This can fix most problems. Try it if you haven't yet.
Does malware bytes keep saying its blocking access to a file trying to send an outgoing signal?

When I get home from classes (4pm) I'll put a link in this thread to a free rootkit scanner. It'll find and kill any rookits on your computer. If it finds one, there's your problem. If not, it at least rules it out.

 

[Morin0]

You sound like my 57 year old father.

>Virus?
>Reinstall Windows

>Can't find "My Pictures"?
>Reinstall Windows

LOL. It wasn't no ordinary virus, it was a rootkit! I wasn't gonna deal with that. Lol at the second one. That's certainly not me

 

[M@v]

LOL. It wasn't no ordinary virus, it was a rootkit! I wasn't gonna deal with that. Lol at the second one. That's certainly not me

As I just said, they have free rootkit scanners that can take care of most of them so you can avoid reformatting

 

[Morin0]

As I just said, they have free rootkit scanners that can take care of most of them so you can avoid reformatting

Can you link them? I wouldn't mind having them on my computer in case I get a rootkit again.

 

[M@v]

Yeah, forgot about this >_<. Here's where I found it. It was a help thread on malwarebyte's support forum. This was a staff member post mid thread. I edited out the stuff that isn't related to the scanner.

Download the file http://support.kaspersky.com/downloads/utils/tdsskiller.zip and extract it into a folder on the infected PC.
Execute the file TDSSKiller.exe by double-clicking on it.
Wait for the scan and disinfection process to be over.
When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.


Reboot. Update MBAM, run a Quick Scan.

MBAM=Malwarebyte's anti-malware.