Help! My computer has something called TR/ATRAPS.gen2!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Sorenius, Jul 18, 2012.

  1. Sorenius

    Sorenius Private E-2

    Let me preface this by saying that I'm not the most computer savvy guy in the world. Answers in layman's terms would be appreciated. I also understand that there are many different processes regarding malware removal listed in sticky threads that you guys want me to follow before coming directly to you for help. I'm temporarily skipping that step because I have no idea what will and will not help or harm my computer at this point, so for that I apologize. I will gladly follow these once I can determine whether it is safe or not, but due to my situation and paranoia I figure it might be better to detail my problem first before I start blindly trying to follow instruction in those stickies.

    Anyways, now for the story. About 8:51 pm eastern tonight I was browsing the forum page of a nexon game called DFO. I visit this page very infrequently, and it has probably been about 2 months or so since my last visit. During this visit, comodo popped up with a red security alert of some program trying to do something. After denying it access, all hell broke loose, and in the ensuing confusion of system popups I have no idea what I did or did not click. I eventually had the presence of mind to manuallydisable my internet (I was on my labtop and am currently on a desktop) and ctrl, alt, dlt'ed my way to a computer shutdown.

    When I booted it back up, I immediately tried to load avira and comodo, but something seems different about the progams. All history of scans and defense updates seems to be gone (although this may be due to my not being connected to the internet), and when I initially booted up avira it said something about it being inactive. Malwarbytes seems to be working fine, so I'm in the process of a full system scan with that, but one thing I noticed on comodo is that it seems to have blocked malwarebytes from doing something when I started up the scan. Within its defense+ history are cryptic (to me) records of my user app data trying to access memory, modify key, create process, and install hook. All of these happened at 8:51.

    Avira has also just popped up a notification saying that the same app data I mentioned above is infected with TR/ATRAPS.gen2.

    At this point I don't really know which progams might be infected and are trustable or whether I should do a system restore or something like that. I'm unsure whether it is safe to connect to the internet and I am also unsure if using a flash drive to backup my files will cause the virus to transfer itself to the flash drive (and thus any other computers it comes in contact with).

    On other cause for concern is that I have a word file on my computer containing many passwords and other such data... A horrible idea, I know. But this is the main reason I am currently afraid of connecting to the internet. I fear that the virus might locate this and send it to other, malicious, sources.

    What steps should I take to resolve this without further screwing things up?

    Thanks for your time,

    Sorenius


    Also, for the record, my computer is running windows 7 64bit and is using avira antivirus, comodo firewall, superantispyware, malwarebytes, and ccleaner. Not all of the programs are updated with the lates updates.
     
    Sorenius, Jul 18, 2012
    #1
  2. Sorenius

    Sorenius Private E-2

    Alright, so after sleeping on it and calming down a bit I think the best idea would be to download the farbar tool mentioned in this thread to a flash drive and use it to run a scan on my labtop. My only concern is that in transferring the flash drive log file back to my desktop I would run the risk of infecting my desktop computer. Can anyone advise me on this? Is this a good first step to take?
     
    Sorenius, Jul 19, 2012
    #2
  3. Sorenius

    Sorenius Private E-2

    Hmm, looks like I'm unable to edit my posts, so I'll provide some additional info and updates here. The malwarebytes scan found something called expoit.drop.9 within the AppData/Local/Temp/etc. During that scan avira had popped up about the trap virus and I had quarantined/removed it.

    After the malwarebytes scan I tried scanning the computer with avira, but it completed without finding anything. However, at several points during the scan the percentage seemed to make large jumps as if skipping over something (straight from 89% to 100%, for example). There were also several error messages within the log making it seem as if avira had been denied access to something during the scan.

    Finally, I also used ccleaner to delete the temporary internet files (but not the temporary system files yet) from my computer.

    Hopefully none of the above will cause any issues and someone can get back to me soon.

    Cheers,

    Sorenius
     
    Sorenius, Jul 19, 2012
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Welcome to the Malware Removal Forum.

    Please read ALL of this message including the notes before doing anything.

    Pleases follow the instructions in the below link:

    READ & RUN ME FIRST. Malware Removal Guide


    and attach the requested logs when you finish these instructions.
    • **** If something does not run, write down the info to explain to us later but keep on going. ****
    • Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    Kestrel13!, Jul 20, 2012
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds