Need help with a trojan infection

[sanjoa]

Hi, guys! How you doin? I've got a problem with a trojan (Trojan.FakeAlert.SA according to MBAM). Today my internet connection crashed twice, I had to restart the computer (twice too) because I couldn't even gather access to the router. So how can I get sure that it has been COMPLETELY removed? I don't like Google search results, they lead you to unreliable programs.

[circaal]

MBAM, Superantispyware and Combofix. Run those and you should be all set.

-BTY

[mikie]

Agree with circaal...

One that found some extra stuff I tried recently... shocked me with its finds on my own pc ... & I frequently use SAS & MBAM - The EmSisoft free stand alone scanner.

Finding alot of root kits lately.. with Kapersky TDSSKiller

[stringy]

full scan with mbam then hitmanpro by surfright (32 or 64 bit version reqd ) then dr web cureit on demand scanner. these will remove all traces. I would then run a programme i highly recommend called system repair engineer which repairs host files etc. all of which are free!!

[circaal]

Ahh yes TDSS killer is a great program as well. Thats a nasty rootkit to get rid of if you have it. As for hitman pro I have used it but I didn't favor it. Not saying its bad just saying I don't use it. But Dr Web Cureit is a great program as well.

-BTY

[Tweety.Abd]

If infection is severe, use Kaspersky Boot Disc, that'll wipe off all malwares for sure.

[stringy]

hi circaal, out of curiosity why dont you use hitmanpro,have you had a problem using it?

[sanjoa]

Thanks for your help men!

[Knightmare]

MBAM, Superantispyware and Combofix. Run those and you should be all set.

-BTY

I would advise against using Combofix at all cost for future reference. Here's the route I would take (moving to the next option if the problem is not fixed):

-Malwarebytes'

-TDSSKiller

-SuperAntispyware

-ESET Online Scanner

-Other options

-Combofix

I've never had to go past option two; TDSSKiller seems to do the job if MBAM can't. I've used ESET a few times as my first option just because the virus seemed pretty bad. However, if you can't get online, this option is useless, which is why it's low on my personal list.

[mrsmith]

This could help too

be very careful....g/l

[ALIEDHED]

Hi, recommend to use this free program DrWeb CureIt in option of complete scan with recommended settings;

http://download.geo.drweb.com/pub/drweb/cureit/cureit.exe

PD: Now it's fast and remove more variables of troyans... Great Program and this link updated all days to last version!! ;)

[SkyrimGuy]

A good approach would be use the a number of scanners. If you're having trouble logging onto your system, try a boot disc first. Kaspersky and Dr web make two great ones. After that I would recommend going into safe mode, disabling your recycle bin and then running a few scanners there. Just doing that will remove a large chunk of malware. Then go back into your main desktop and run MBAM, Kaspersky TDSS killer, Hitman pro and comodo kill switch. I wouldn't use combofix or gmer. They are for folks with a little more skill. You can really mess up your system using them if you don't know what your doing. Hope this helps.

[ande]

add this to your list:

rkill - tool that kills suspicious processes

CCE -Comodo Cleaning Essentials

also it is important that you know what runs in background, some tools check processes, I would suggest Emsisoft HiJackFree and Unlocker,

also it is recommended that you clean temp, appdata, programdata directories, disable system restore,

also visit Task Scheduler and msconfig and get rid of unknown stratup processes and delete them in Tash Scheduler,

also if u consider install/reinstall av on infected computer, i would suggested Kaspersky - one of few that can run in Safe Mode and best removal antivirus since 6.0 version!

You should know/learn how to use HJT, and knowing where malware destinations are is very important and that can be obtaind by google if they aren't 0-day!

Saving registry often is also importan !

Against zero-day threats best removal tehnique is skillful man that can inspect and create MBRs, check and delete in registry editor, check settings in BIOS and check if BIOS ROM might be infected, gaining root privilege and deleting threats, expirience that will allow him to adjust his removal tehnique to new/diferent threats!

If u lack this skills, things can be done by RAT software - TeamViewer free that will allow some skillful fellow to deal with your PC threats while you are connected on internet!

Anyway, even if you remove malware completely I would suggest that you backup you files and reinstall OS!

[circaal]

@stringy as far as hitmanpro goes It doesn't seem to remove a whole lot compared to the other programs. I just don't think its one of the best.

@Knightmare, I think combofix removes a lot of rootkits that others miss as well as installs repair console. It also removes a lot of false settings for your IP an DNS.

Also rKill is amazing like 6enii says. One thing to know though is if the infection is really bad it will try and kill the programs so click on it multiple times and one should catch.

-BTY

[emil47]

Once I had a nasty rootkit -MBAM showed it, but couldn't delete it- and the only tool I found to do the job was a free tool from Sophos - Sophos AntiRootkit. Maybe SAT can help you too.

[Knightmare]

@stringy as far as hitmanpro goes It doesn't seem to remove a whole lot compared to the other programs. I just don't think its one of the best.

@Knightmare, I think combofix removes a lot of rootkits that others miss as well as installs repair console. It also removes a lot of false settings for your IP an DNS.

Also rKill is amazing like 6enii says. One thing to know though is if the infection is really bad it will try and kill the programs so click on it multiple times and one should catch.

-BTY

I don't know about the rootkit thing, but the program caused my computer to unhide hidden files when they were clearly supposed to be hidden, according to their settings in folder options.

[lulz]

Try Trojan Remover. I remember a trojan slipped by on my PC. HitmanPro detected and deleted it but it always came back after reboot. So i used Trojan Remover and it fix the nagging trojan.

[celpas]

Use Norton Power Eraser and NIS 2012 .It will remove all traces for sure

[darko999]

Run full scan with MBAM, HitmanPro, SuperAntiSpyware and you should be fine.