some sort of trojan or malware took over computer

Discussion in 'Malware Help (A Specialist Will Reply)' started by larryccf2, Jan 11, 2010.

  1. larryccf2

    larryccf2 Private E-2

    I'm new to these forums and maybe a half notch above "fred flintstone" level of computer literacy. I'm running Windows XP Pro with SP2

    had something take over my computer - computer is left on 24/7, DSL connection to web.

    first off, kept getting these windows opening from "Anti-Virus XXX" and i'd close - they'd open right back up with a warning that something was attacking, a "Bankerfox" and with instructions to clik to purchase for the anti-virus software to defeat it

    i'd close and it would keep popping up. Noticed the AVG 8.5 icon in the tray at bottom right of screen had changed & replaced by a blue shield identified as "Anti-Virus"

    when i'd try to open AVG from Program directory - i'd get a msg that "xxx file was infected" and it wouldn't open
    same with trying to open Malwarebytes and SuperAntiSpyware

    when i tried to do a restore to an earlier date - same "infected file" error msg

    finally did a reboot into safe mode, from safe mode to system restore to earlier date and got to do a malware scan (didn't save that log but it found two trojans - deleted them and all appeared fine. Did a scan with updated AVG and SuperAntiSpyWare (also didn't save those logs

    did a reboot when i tried to used malwarebytes to remove a file (described below)- the second it rebooted it came up with the same "Anti-Virus" pop-up msgs and not letting me open any of the virus/malware programs or do a system restore - so resorted to the same reboot to safe mode and then did a system restore

    a friend on another hobby board who is computer virus literate suggested i scearch for any "msas..." files . Found one that will not delete, "Msasn1.dll'. Even tried using Assassin killer from tools in malwarebyte program to remove it- it would not delete and that required a reboot and we're back at square one

    after the 3rd reboot/safe mode/system restore, i ran CCleaner and then i scanned with Malwarebytes and SuperAntispyware

    before posting i read and executed the instructions on the "READ ME First" page, including removing all prev Java versions and downloading the newest version. Have not done the ComboFix nor RootRepeal scans yet


    Malwarebytes scan showed zero threats
    i ran the HiJackThis scan, regrettably, with AVG 8.5 open, but it seemed to run fine with no hiccups

    attached is the SAS scan log in pdf and the HijackThis scan log (five pgs converted to jpeg files)
     
    Last edited by a moderator: Jan 13, 2010
    larryccf2, Jan 11, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Jan 13, 2010
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds