Hi,

Recently I've discovered that my PC is infected with Trojans. Yes, plural.
I have no idea where they came from as I hadn't downloaded anything & hadn't
recieved an email with a link or attachment, and hadn't clicked on any link
in an IM either. The first sign was that my system ran slowly, then I had
quite alot of pop-ups that my pop-up blocker wasn't catching, and slowly but
surely I wasn't able to go to many websites, if any--and then came the
freezing, especially when attempting to use Trend Micro's free online virus
scan. (Due to the freezing up, I wasn't able to shut down my computer
properly as Ctrl Alt Del wouldn't even work.) After restarting I got a
message that my Automatic Updates were shut off, and after turning them back
on, they would switch off again within minutes.

I scanned my system using AVG, and found that I had multiple Trojans which
AVG deleted for me. A second scan (directly after the first) showed that I
had 5 more Trojans, all deleted. At this point I decided to try Trend Micro
again, and it froze again, but this time it wasn't my entire system that
froze, and I was able to shut down IE and scan with AVG again, which showed
that there were no Trojans left. I figured it was safe to restart at that
point, thinking that that was why Trend Micro wasn't working...

But on restarting my system I was once again informed that my automatic
updates were shut off, and I kept on getting some pretty crazy error
messages, so obviously there was still a virus somewhere! Scanning again
resulted in 3 more Trojans and another scan directly after the previous scan
told me there was nothing at all wrong with my system.

Long story short, I have scanned and scanned AND SCANNED using AVG, AVG
Anti-Spyware, and OneCare, and all of those programs found nothing!! And yet
I keep on getting pop-ups from AVG telling me that a threat has been detected
(They are able to be healed). How can this be if I'm not downloading
anything?? Each time a threat is detected I am able to heal it. HOWEVER, IE
STILL isn't working properly. I can get into SOME websites now, but am not
able to send email ANYWHERE and half the time links within trusted websites
won't work. For example, I had to click on 'new question' a good dozen times
before I even got to this page!

Very frustrating and I'm at a loss as to what I should do about this problem
as I am by no means a computer security expert!

I have been told that Trojans will reinstall themselves when the computer is
restarted. So how do I get rid of something that keeps on coming back?? Any
advice/help on this matter is appreciated!! Thank you so much for your time
and sorry for this super long message.

*ChocolateJunkie*

It is likely that you have an infection of SpySheriff or a similar fake
antispyware product. This will tell you that your system is infested with
malware, and suggest that you pay the authors for a removal program. Don't,
it's a scam.

You need to determine which fake antisypware 'product' you have, and obtain
the removal tool for it from an antispyware site. For success, the tool may
have to be run in safe mode.

Though, if you have multiple, resistant infections it might be better to
consider formatting the hard-disk (and fully zero-ing it out at sector-level
if possible, Ranish Partition Manager can do this, and it's my preferred
approach to a major infestation) -and then doing a clean install. This will
of course remove EVERYTHING from the computer.

--------------------------
"This is a wonderful computer. It''s 20yrs old and absolutely reliable.
And, in all that time it''s only had four mobos, six processors, two cases,
seven OS''s ...."


"ChocolateJunkie" wrote:

> Hi,
>
> Recently I've discovered that my PC is infected with Trojans. Yes, plural.
> I have no idea where they came from as I hadn't downloaded anything & hadn't
> recieved an email with a link or attachment, and hadn't clicked on any link
> in an IM either. The first sign was that my system ran slowly, then I had
> quite alot of pop-ups that my pop-up blocker wasn't catching, and slowly but
> surely I wasn't able to go to many websites, if any--and then came the
> freezing, especially when attempting to use Trend Micro's free online virus
> scan. (Due to the freezing up, I wasn't able to shut down my computer
> properly as Ctrl Alt Del wouldn't even work.) After restarting I got a
> message that my Automatic Updates were shut off, and after turning them back
> on, they would switch off again within minutes.
>
> I scanned my system using AVG, and found that I had multiple Trojans which
> AVG deleted for me. A second scan (directly after the first) showed that I
> had 5 more Trojans, all deleted. At this point I decided to try Trend Micro
> again, and it froze again, but this time it wasn't my entire system that
> froze, and I was able to shut down IE and scan with AVG again, which showed
> that there were no Trojans left. I figured it was safe to restart at that
> point, thinking that that was why Trend Micro wasn't working...
>
> But on restarting my system I was once again informed that my automatic
> updates were shut off, and I kept on getting some pretty crazy error
> messages, so obviously there was still a virus somewhere! Scanning again
> resulted in 3 more Trojans and another scan directly after the previous scan
> told me there was nothing at all wrong with my system.
>
> Long story short, I have scanned and scanned AND SCANNED using AVG, AVG
> Anti-Spyware, and OneCare, and all of those programs found nothing!! And yet
> I keep on getting pop-ups from AVG telling me that a threat has been detected
> (They are able to be healed). How can this be if I'm not downloading
> anything?? Each time a threat is detected I am able to heal it. HOWEVER, IE
> STILL isn't working properly. I can get into SOME websites now, but am not
> able to send email ANYWHERE and half the time links within trusted websites
> won't work. For example, I had to click on 'new question' a good dozen times
> before I even got to this page!
>
> Very frustrating and I'm at a loss as to what I should do about this problem
> as I am by no means a computer security expert!
>
> I have been told that Trojans will reinstall themselves when the computer is
> restarted. So how do I get rid of something that keeps on coming back?? Any
> advice/help on this matter is appreciated!! Thank you so much for your time
> and sorry for this super long message.
>
> *ChocolateJunkie*
>

ChocolateJunkie wrote:

> Hi,
>
> Recently I've discovered that my PC is infected with Trojans. Yes,
> plural. I have no idea where they came from as I hadn't downloaded
> anything & hadn't recieved an email with a link or attachment, and hadn't
> clicked on any link
> in an IM either. The first sign was that my system ran slowly, then I had
> quite alot of pop-ups that my pop-up blocker wasn't catching, and slowly
> but surely I wasn't able to go to many websites, if any--and then came the
> freezing, especially when attempting to use Trend Micro's free online
> virus
> scan. (Due to the freezing up, I wasn't able to shut down my computer
> properly as Ctrl Alt Del wouldn't even work.) After restarting I got a
> message that my Automatic Updates were shut off, and after turning them
> back on, they would switch off again within minutes.
>
> I scanned my system using AVG, and found that I had multiple Trojans which
> AVG deleted for me. A second scan (directly after the first) showed that
> I
> had 5 more Trojans, all deleted. At this point I decided to try Trend
> Micro again, and it froze again, but this time it wasn't my entire system
> that froze, and I was able to shut down IE and scan with AVG again, which
> showed
> that there were no Trojans left. I figured it was safe to restart at that
> point, thinking that that was why Trend Micro wasn't working...
>
> But on restarting my system I was once again informed that my automatic
> updates were shut off, and I kept on getting some pretty crazy error
> messages, so obviously there was still a virus somewhere! Scanning again
> resulted in 3 more Trojans and another scan directly after the previous
> scan told me there was nothing at all wrong with my system.
>
> Long story short, I have scanned and scanned AND SCANNED using AVG, AVG
> Anti-Spyware, and OneCare, and all of those programs found nothing!! And
> yet I keep on getting pop-ups from AVG telling me that a threat has been
> detected
> (They are able to be healed). How can this be if I'm not downloading
> anything?? Each time a threat is detected I am able to heal it. HOWEVER,
> IE
> STILL isn't working properly. I can get into SOME websites now, but am
> not able to send email ANYWHERE and half the time links within trusted
> websites
> won't work. For example, I had to click on 'new question' a good dozen
> times before I even got to this page!
>
> Very frustrating and I'm at a loss as to what I should do about this
> problem as I am by no means a computer security expert!
>
> I have been told that Trojans will reinstall themselves when the computer
> is
> restarted. So how do I get rid of something that keeps on coming back??
> Any
> advice/help on this matter is appreciated!! Thank you so much for your
> time and sorry for this super long message.

In cases like yours, the computer is usually infected infected with Zlob
and/or Vundo trojans and protected by a rootkit. These machines are
extremely difficult to clean.

Either get guided help at one of the specialty forums below OR back up your
data and do a clean install of Windows. It is your choice. If you are
unsure how to back up your data or how to do a clean install, you can take
your machine to a local computer professional. I don't recommend using
BigComputerStore/GeekSquad types of places.

PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://gladiator-antivirus.com/forum...?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

In article <24C70E7F-BDBB-4C0A-A8F0-E171C01E024B@microsoft.com>,
ChocolateJunkie@discussions.microsoft.com says...
> Very frustrating and I'm at a loss as to what I should do about this problem
> as I am by no means a computer security expert!

You MIGHT be able to clean your computer enough to backup data, but you
could also copy the infection with that backup.

The only 100% certain way to clean a compromised machine is to wipe it
in a clean environment with clean media and install it and patch it in
that clean environment.

If you've not learned why it was compromised you will compromise it
again.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Your AVG is the problem. It is not very good at combating Trojans. Some
Trojans Copy the antivirus program and then you have a real problem. Get rid
of the AVG. Get Trend Micro PC-Cillon. It will remove all trojans including
the AVG.

Hope this helps:
David ORourke
"ChocolateJunkie" wrote:

> Hi,
>
> Recently I've discovered that my PC is infected with Trojans. Yes, plural.
> I have no idea where they came from as I hadn't downloaded anything & hadn't
> recieved an email with a link or attachment, and hadn't clicked on any link
> in an IM either. The first sign was that my system ran slowly, then I had
> quite alot of pop-ups that my pop-up blocker wasn't catching, and slowly but
> surely I wasn't able to go to many websites, if any--and then came the
> freezing, especially when attempting to use Trend Micro's free online virus
> scan. (Due to the freezing up, I wasn't able to shut down my computer
> properly as Ctrl Alt Del wouldn't even work.) After restarting I got a
> message that my Automatic Updates were shut off, and after turning them back
> on, they would switch off again within minutes.
>
> I scanned my system using AVG, and found that I had multiple Trojans which
> AVG deleted for me. A second scan (directly after the first) showed that I
> had 5 more Trojans, all deleted. At this point I decided to try Trend Micro
> again, and it froze again, but this time it wasn't my entire system that
> froze, and I was able to shut down IE and scan with AVG again, which showed
> that there were no Trojans left. I figured it was safe to restart at that
> point, thinking that that was why Trend Micro wasn't working...
>
> But on restarting my system I was once again informed that my automatic
> updates were shut off, and I kept on getting some pretty crazy error
> messages, so obviously there was still a virus somewhere! Scanning again
> resulted in 3 more Trojans and another scan directly after the previous scan
> told me there was nothing at all wrong with my system.
>
> Long story short, I have scanned and scanned AND SCANNED using AVG, AVG
> Anti-Spyware, and OneCare, and all of those programs found nothing!! And yet
> I keep on getting pop-ups from AVG telling me that a threat has been detected
> (They are able to be healed). How can this be if I'm not downloading
> anything?? Each time a threat is detected I am able to heal it. HOWEVER, IE
> STILL isn't working properly. I can get into SOME websites now, but am not
> able to send email ANYWHERE and half the time links within trusted websites
> won't work. For example, I had to click on 'new question' a good dozen times
> before I even got to this page!
>
> Very frustrating and I'm at a loss as to what I should do about this problem
> as I am by no means a computer security expert!
>
> I have been told that Trojans will reinstall themselves when the computer is
> restarted. So how do I get rid of something that keeps on coming back?? Any
> advice/help on this matter is appreciated!! Thank you so much for your time
> and sorry for this super long message.
>
> *ChocolateJunkie*
>