Need help identifying invalid file names and removing a trojan-type file.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by AttackedbyMalware, Nov 10, 2008.

  1. AttackedbyMalware

    AttackedbyMalware Private E-2

    Hi,

    I unwittingly downloaded a program to my computer and ran it. It turns out the program owner was masquerading as a reputable service provider, but was really all about stealing as much from his customers as possible. Somewhere in my data files is a file that starts itself up, and then installs spyware on the computer or calls out for spyware downloads. It is hidden well. My Kaspersky 2009 can't spot it. (This is the trojan-like malware part of the problem). I could use some help spotting this file, or files, and removing it.

    One tactic this malware uses is that it installs unremovable files onto the computer system. I have struggled to remove some of these files with invalid file names, and it is un-do-able. This malicious software uses multiple methods to hide and corrupt the unremovable file. I have researched some of the different ways that a file can be made unremovable (invalid file names, strange file permissions, etc.), and this guy uses layered confusion to keep these files intact. A couple of months ago I backed up all my data, wiped the hard disk completely clean, reinstalled the operating system and AV, reinstalled the data, and repeatedly scanned the system with my AV and various online scanners. I found and deleted 4 or 5 viruses and I was satisfied that the system was clean.

    But even though I have been very careful, this spyware has slowly crept back in, and starting a few days ago my system started to crash repeatedly. Now the system is screwed up again.

    I was running "Karen's Power Tools/ Replicator", and it locked up trying to delete/over-write a file in my external storage. So I know I accidentally caught one of these infected files during that backup process, but Karen's replicator couldn't overcome all the screwed up permission issues relating to deleting the file.

    What I am thinking of doing is copying all of my data files to DVD except for any data file with an invalid name. But it seems the only way for me to spot these files is by trying to delete them. That's when I discover the various reasons why the file is undeleteable. Is there any way to discover these files with strange names/permissions on my computer besides trying to delete them?

    And ultimately, I need to find these files on my system that are secretly re-installing spyware on my computer, or else throw away many years worth of personal and business data files.

    Thanks for any help you can give me!

    Tim Rapp
     
    Last edited: Nov 10, 2008
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Welcome to Major Geeks!

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    READ & RUN ME FIRST. Malware Removal Guide

    Notes:
    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, You can try running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.


    Plus a guide on HOW TO: Attach Items To Your Post
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds