what can i do to identify trojan

bomob · Apr 22, 2007

it continuly tries to open new explorer windows. i've ran numerous kinds of scans but nothing finds it? tired of this and need help!!! infected near the first of feb.

DavidGP · Apr 22, 2007

Hi

You can try the below steps and attach the logs

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

CounterSpy

AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy

Bitdefender - from step 6

Panda Scan - from step 6

runkeys.txt - the log from GetRunKey.bat

newfiles.txt - the log from ShowNew.bat

HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

bomob · Apr 23, 2007

need help with read and run me

do i run all of the list on special removal procedures???? i'm trying to find/id the trojan on my cpu.

sence i cant id it do i run all of them?????:cry

chaslang · Apr 23, 2007

Re: need help with read and run me

Welcome to Major Geeks!

bomob said: ↑

sence i cant id it do i run all of them?????:cry
Click to expand...

No! Don't run any of them unless you get a message from another scanner indicating you have one of the problems mention in the Special Removal Procedures. Just run all steps in the READ & RUN ME and attach the 6 requested logs to this thread when you complete the steps. Also explain what problems you have!

Edit::: In fact I see you already started a thread! Please remain in one thread! This thread will be merged with your first thread.

bomob · Apr 25, 2007

Re: need help with read and run me

thanks for your help. i finally feel like i'm getting somewhere (even though it's still there). I'll finish running everything and post all details tomorow.

chaslang · Apr 25, 2007

Re: need help with read and run me

Okay! Remember to attach all 6 of the requested logs and be sure to properly install and rename HijackThis as requested in step 7. Doing these steps properly will help avoid further delays in getting any malware removed.

bomob · Apr 26, 2007

Re: need help with read and run me

while running the spybot sd it found 0 problems but i was unable to run the sd helper function. is this a problem? unable to run cause i couldn't find it!

bomob · Apr 26, 2007

Re: need help with read and run me

also after running counter spy i found no threats, but in the instructions to get the scan log i ran into another snag...

the instructions say to click VIEW< SPYWARE SCAN.....
when i click view my options are: summary; system scan; active protection; system tools; and settings.

i CAN get a report by clicking VIEW< SYSTEM SCAN< VIEW SYSTEM SCAN HISTORY then in the lower right i click VIEW FULL DETAILS OF SCAN. But all this shows is: start + end date; total time; and no risk were found.

sorry if i'm an idiot please bear with me though. I SURE DO APPRIECIATE THE HELP!!!!!!!!!!!!!!!!!!!!!!!!

chaslang · Apr 27, 2007

Re: need help with read and run me

bomob said: ↑

while running the spybot sd it found 0 problems but i was unable to run the sd helper function. is this a problem? unable to run cause i couldn't find it!
Click to expand...

It's part of the default installaton options. As long as you don't change anything during install, it will be running. To find it afterwards you have to configure the program for Advanced mode (by clicking the menu option named Mode) and then select Tools and then Resident. You should see Resident "SDHelper" (Internet Explorer bad download blocker) active with a check mark next to it. Below this you shoud see the Resident "Teatimer" option unchecked as we requested in the READ ME.

Just continue thru with all steps and report back when you finish. If the scans are not finding anything then there just may be nothing to find. Or it just could be that particular scanner cannot find any problem. Once you give us all the results at the end, we will know better. The procedure should be followed from beginning to end with out interruption and without going back online accept while running the online scans. But even then, you should only run the online scans and nothing else.

bomob · Apr 27, 2007

Re: need help with read and run me

ok i found it and it was correct. i'll start over from begining so i can update and run everything w/out interuption ( except for the ones from my 4 kids lol)

chaslang · Apr 27, 2007

Re: need help with read and run me

Yes....kids can be a major interruption. They are also a very frequent cause of malware being on a PC. However some adults are even a greater cause of malware.

bomob · Apr 28, 2007

Re: need help with read and run me

i admit that i was the one who brought this mess upon us.

here's everything i know:

my laptop constantly opens new explorer windows; even in safe mode. i ran every free scanner i could find at it. mainly off dowload.com and google. One of these scans found some trojans and removed them. ican't remember which scan found them, but it said one hijacked my home page and another was some type of (dialer?). this was in feburary. main problem still remained.

i then wiped the hard drive and reloaded the OS. re-wiped and let it sit for 2 days then reloaded the OS again. then i ran an online hard drive wiper let sit then re-booted the OS again. still there

in my frustrations i lost ( wiped out in ignorance and anger) all my drivers eithernet connect etc etc etc...) finally got the right ones from gateway cause i don't have the drive disk. struggled thru the instalations but got it up and running again. to do this i rented a cheap dell that i'm on now.

went back thru every free scan hoping that with the passing time an update would catch it. nothing..

bought defender pro 15-1 2007 on a recomendation. ABSOLUTE CRAP IN MY OPINION!!!!!!!!!!!! then i dont know much...except it didn't work either.

a friend told me to come here so here i am with my MIGRANE!!!!!!

i've ran everything step by step in read and run me (twice) and only picked up one low level cookie. BUT here is my problem ....

because of this bug the infected pc has a very hard time maintaining any page other than my home page it resets to constantly. this post would be inpossible without my rental. i promise to do my best to get three logs attached to the threads, but i doubt i can do it. i'm going to have a battle to get one or two posted to each thread. if i can only get 1 on each you have my deepest apoligies for any headachs this creates for you. i am also very computer illiterate so if i mess up please tell me where and what to do to correct it.

so here goes

bomob · Apr 28, 2007

here's counter spy

bomob · Apr 28, 2007

bit defender

bomob · Apr 28, 2007

panda:

chaslang · Apr 28, 2007

Re: need help with read and run me

bomob said: ↑

i then wiped the hard drive and reloaded the OS. re-wiped and let it sit for 2 days then reloaded the OS again. then i ran an online hard drive wiper let sit then re-booted the OS again. still there
Click to expand...

What was still there? Do you mean the problem with Explorer windows constantly opening? And do you mean Windows Explorer or do you mean Internet Explorer?

Also if you have wiped the OS and reinstalled and still have problems, then your problem is not malware unless you are reinstalling from infected media. Or unless you are reinstalling an application that is the cause of your infection.

Please continue to attach the other requested logs. Thus far your CounterSpy, BitDefender, and Panda logs do not show any problems at all.

bomob · Apr 28, 2007

getrunkey

bomob · Apr 28, 2007

show new

bomob · Apr 28, 2007

hijack this

bomob · Apr 28, 2007

Re: need help with read and run me

i'm perty sure i messed up the hijack this log. i think it is the late hour and the days worth of stress adding up. i'll be back in the morning to reread the hijack this part to see if and where i errored

thanks again

bomob

seen your recent post i'll stick around to see if i can awnser any more questions

bomob · Apr 29, 2007

Re: need help with read and run me

chaslang said: ↑

What was still there? Do you mean the problem with Explorer windows constantly opening? And do you mean Windows Explorer or do you mean Internet Explorer?

Also if you have wiped the OS and reinstalled and still have problems, then your problem is not malware unless you are reinstalling from infected media. Or unless you are reinstalling an application that is the cause of your infection.

Please continue to attach the other requested logs. Thus far your CounterSpy, BitDefender, and Panda logs do not show any problems at all.
Click to expand...

it's the internet explorer windows constantly there opening new pages.

if it ain't malware what am i looking at??? it all started with a download

chaslang · Apr 29, 2007

You need to attach the logs from running GetRunKey and ShowNew. Not the ZIP files that you downloaded from us.

Also you need to follow the directions in step 7 of the READ ME and rename Hijackthis.exe as requested. Then attach a new log!

bomob · Apr 29, 2007

lol let me see if i can find the right ones

chaslang · Apr 29, 2007

Thus far you show no signs of malware. What you do show is no protection software running other than CounterSpy that you got from us. You need to do the below IMMEDIATELY.

Download, install, and update this: AVG Free Edition Then reboot and run a full scan. Tell me it it finds anything.

Download and installed this: PC Tools Firewall Plus then reboot.

At this point tell me what malware problems you believe you still have.

Log in or Sign up

what can i do to identify trojan

bomob Private E-2

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

bomob Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

bomob Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

bomob Private E-2

bomob Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

bomob Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

bomob Private E-2

bomob Private E-2

Attached Files:

counterspy.txt

bomob Private E-2

Attached Files:

bdscan.txt

bomob Private E-2

Attached Files:

Activescan.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

bomob Private E-2

Attached Files:

GetRunKey.zip

bomob Private E-2

Attached Files:

ShowNew.zip

bomob Private E-2

Attached Files:

hijackthis.log

bomob Private E-2

bomob Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

bomob Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member