Death to the Trojans

Trojan horse viruses, that is. Not the college teams.

:rant: My computer got the "Antivirus 2009" Trojan horse virus this weekend. My kid apparently clicked on something that resulted in a bogus phishing add that pretends to tell ya that your computer has a virus and you need "Antivirus 2009" to cure it. Then the stinking thing just keeps popping up as you try to navigate to other sites on the web, blocking them and pimping the "Antivirus 2009" site that wants your credit card number. It is NOT the real Microsoft Antivirus 2009, just looks like it so you'll screw up and send your card number out to some thieves in Russia, China or India or somewhere else.

Anyway, the point of all this is I used Malwarebyte's Anti-Malware (free) to cure the problem, and it worked great. So just be careful out there in the cyberspace....there are far too many scum on the 'net.

Thanks for the software tip Red. One of the machines here at work got that stupid virus. It was a real pain in the rear to get rid of. BIG NOTE for the rest of ya. You might want to download a fix for it now before it gets on your machine. Once it is there it is almost impossible to get anything on the infected machine from the NET. We had to download software onto a jumpdrive from another machine and boot in safemode to get it off the one here. It is a REAL nasty sucker.

You are sure right about too much SCUM on the NET too Red. I could spend the rest of my life beating those programers with a ball bat and die a happy man. :angry:

The link Red gave is not FREEWARE. It will scan for free but will not fix for free. Now I am working to remove it from my machine.

Clarification -

Hmmm, I didn't have to pay to download it. Malwarebyte does advertise a $ Anti-Malware full version that does a whole lot more - and I plan on looking into it soon - but I'm 90% sure I downloaded the software from Malwarebyte's own site, and 100% that it diagnosed and fixed the trouble for FREE.

Well crap. Guess I went to the wrong place or something maybe. Download/scan was free then they wanted $40 for the registration code so it would fix said problems.

Hello good peoples, school and work has me covered up so I apologize for not showing up on here in awhile. This may be late but a program called smitfraudfix can cure any ill your computer may have. It is a registry cleaner and will find hidden infected files and will allow you to remove them. it's great for spyware, adware , hijacking software and viruses. I have the instructions somewhere and if anyone is interested, I will try to find and post.

I will look for and post. I found out about this program on a spyware forum. don't remember the name tho.

I ran Macafee Pro, Symantec and AVG on my network with mixed results. I now run Kapersky and it doesn't let anything through. Kapersky is one of those gems you learn about from those that clean PC's for $$$. It is one the tools they use.

Let the Avatar Wars begin....I miss them too

I am interested in both the Kapersky or the smitfraudfix. I will google both for info.

On my personal laptop which is an old Dell, I've been using Norton Antivirus and scanner/cleaner whatever it is. The problem is that Norton runs constantly, scanning and live updating and this just absolutly kills the speed of this laptop. I am sick of Norton and am interested in something else.

Thanks for the good info guys, please send more

We ran dual firewalls, Norton Corporate, Adaware pro and still could get hit occaisonally. When you have 10-12 nodes and people with any free time it is gonna happen. After shutting down I kept Norton going until the license ran out and switched to MaCafee for all of two weeks. It's knickname is Macrappy for a reason. Ran AVG free for a while and then bought the AVG pro for multiple nodes. AVG is a bit cludgy and takes way to much CPU time and the firewall can be a PITA. They tend to be a little slow on catching new bugs relying on other sources. After getting zapped with a Trojan back door loader on one of the gaming machines I went to their support... Nope, no new bugs!! Then, AVG updated the DB a couple of days later....Was recommended Kapersky free to try and clean the Trojan and it worked. Switched to Kapersky Internet secutity suite and it updates multiple times a day, is a smaller app and it's CPU time is low.
A 3 node license ran me $89.00 for the suite Antivirus Software & Internet Security - Kaspersky Lab

So now I have a Netgear firewall for brute force attacks and Kapersky Suite.
BTW, Adaware Pro always worked great.

As promised, smitfraudfix instructions:
* Search:
o Double-click smitfraudfix.exe
o Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt


* Clean:
o Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
o Double-click smitfraudfix.exe
o Select 2 and hit Enter to delete infect files.
o You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
o The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
o A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

* Optional:
o To restore Trusted and Restricted site zone, select 3 and hit Enter.
o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.

Note:
process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
I had Norton and don't anymore(it sucks). Used AVG Free for awhile. Now have my ISP's security suite. Sometimes things can get through, this program is really gooood for homepage hijackers.
Still searching for some good avatars, don't want to battle with an empty arsenal.:roflmao: