A n00b and her Trojan Virus..

nestea27 · Mar 28, 2009

I think I picked this Trojan up via facebook when it sent a link to all my friends....click the link, prompt for an add-on, and presto you get infected. I didn't do it myself but I did notice after people (who were dumb enough) to click on that link reported this to me, my own system started acting funny. By thi I mean as a symptom of infection, something (a Trojan?) is blocking my IE from opening any site other than my homepage. I switched over to the Guest Account and have downloaded every Torjan remover and antivirus program said to help but my IE is still being blocked. I do have HIjak this but am afraid of using it as I hear it's quite complicated.

On a good note, I just ran Torjan Remover for the very first time and it gobbled up Triojan BHO (very scary - even a n00b like me knows what this one does!). Yikes.

nestea27 · Mar 29, 2009

Wow, sorry for all the typos below. I guess I was in frantic mode.

Anyway, I have an update of sorts. A friend said my problem might be a Trojan that has something to do with dll32.exe? I know that function has something to do with Control Panel so I want to be careful here. Is this in fact the case?

chaslang · Mar 31, 2009

Welcome to Major Geeks!

You need to run the below on YOUR user account. You can download tools if necesssary using another account but you must run the scans while logged into your account or they will be of no use to us. Also you MUST NOT surf the internet using the real user account named Guest! This account should be disabled. Make a new user account and make sure it is password protected.

What do you mean IE is blocked?? Are you sure that your settings were not changed to use a proxy when perhaps you don't use one (or vice versa)?

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:

Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.

nestea27 · Apr 1, 2009

I actually got the problem resolved through a tech-savvy friend. Thank you for the reply!

chaslang · Apr 4, 2009

You're welcome. Surf safely!

Log in or Sign up

A n00b and her Trojan Virus..

nestea27 Private E-2

nestea27 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

nestea27 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member