Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Trojan Detected


  • This topic is locked This topic is locked
20 replies to this topic

#16 toyotomi

toyotomi

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 04 November 2009 - 06:47 PM

  • System restore:
    We will now clear your existing system restore points and establish a new clean restore point:

[indent=1] o Click on the Start button to open your Start Menu.
o Click on the Control Panel menu option.
o Click on the System and Maintenance menu option.
o Click on the System menu option.
o Click on System Protection in the left-hand task list.
o Create the manual restore point you should click on the Create button. When you press this button a prompt will appear asking you to provide a title for this manual restore point.
o Type in a title for the manual restore point and press the Create button.
o Close the System window after you have been advised that the procedure has been successfully completed.

o Next, go to Start > Run and type in cleanmgr
o Select the More options tab
o Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.
Make sure you do this now, as your System Restore currently has infected files in it.

This doesn't work for me. I don't get those menu's or options. When I click on System I get the same menu as I get when I right click "My Computer" and choose Properties. There's a system restore tab, but only has the option to enable, disable and change the amount of diskspace used by System Restore.

Edited by toyotomi, 04 November 2009 - 06:47 PM.

    Advertisements

Register to Remove


#17 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 04 November 2009 - 06:53 PM

Please try these instructions:

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points
We need to set a new system restore point:

Click Start > Run > copy and paste the following into the run box:


%SystemRoot%\System32\restore\rstrui.exe


Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create,
when the confirmation screen shows the restore point has been created click Close.

Now remove all previous Restore Points:

Click Start > Run > copy and paste the following into the run box:


cleanmgr


At the top, click on More Options tab. Click the Clean up button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#18 toyotomi

toyotomi

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 04 November 2009 - 07:03 PM

[Now remove all previous Restore Points:

Click Start > Run > copy and paste the following into the run box:


cleanmgr


At the top, click on More Options tab. Click the Clean up button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

cleanmgr gives me a window with just a dropdown box and an ok and exit button. There's no tabs nor any options pertaining to system restore.

#19 toyotomi

toyotomi

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 05 November 2009 - 12:28 PM

Assuming it still works like it used to, I turned off System Restore, rebooted, turned it back on, and then created a new restore point. Thanks for all the help SweetTech. I've just one more question for some final closure. The thing that started it all... the Yahoo email account that has been sending out spam emails unbeknownst to the owner. Is it most likely that they cracked their password (I know they weren't using a good one, but I since had them change it)? Or could they be spoofing their email address? They informed me the other day that prior to this they'd gotten the messages that sent messages couldn't be completed as though they bounced off their intended target even though they'd sent no email. So apparently it's been like that longer than I realized. I'm not sure if those messages would be generated if it were simply a case of spoofing, and doesn't solve how it was sent to their full list of contacts. I've been trying to convince them to switch to Gmail but they're rather unwilling because they've had their current account for so long. I'm quite unsure how to proceed on this front since I'm dealing with a rather stubborn person on such matters. Is there any way to ensure the security of that account? I'm sorry if this is outside the scope of this particular forum and will ask in one of the others if you are unsure of such matters. Thanks again for all the help.

#20 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 05 November 2009 - 04:01 PM

It is quite possible that their password was cracked. When someone chooses to use a weak password the chances of having their account compromised increases significantly. Another problem that users are presented with when having an account comprimised is that it can lead to accounts on other sites being compromised because the user used the same username and password at a different site.

I'm not too familiar with e-mail spoofing. Your best bet is to post a new topic in our Browsers, Internet and email. They will be able to answer some of these questions better than I can.

I will say this:
GMail has some nice security features that they have enabled for their service. One of the most useful and important features that they have is the ability to see the last time someone logged into that account and the IP address of the computer that was used to access that account.

Another nice feature that they have is the ability for a user to use a secure connection. What that means is that instead of it being http: it is https so the connection is secured.

But these are just my views on this issue.

The tech team here at WTT is an amazing group of individuals and they can provide you with a more in-depth answer to some of your questions.
As I mentioned above your best bet is to post a new topic in our Browsers, Internet and email.
You should make sure that you include a link to this topic in the thread.

I hope that I've provided you with some of the answers to a few of your questions and I'm sorry that I can't answer some of your other questions.

Good Luck!
SweetTech.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#21 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 07 November 2009 - 11:16 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users