[scerab]

My subscription with Kraspersky ran out and ever since my PC was started dying….. Now I have this Trojan virus in my machine and I tried every thing to get it out of my system, including spy ware doctor, Trojan remover and some other soft ware I could get my hands on. I can't renew my Kraspersky at the moment; can any one please save me from formatting my machine? Please help me get ride of this Trojan virus with out losing my data.
Thanks in advance.

[golferbob]

you should get a working antivirus program on your computer. i use avg7.5 free. here is a site to get it.

http://www.majorgeeks.com/AVG_Free_Edition_d886.html

[BobJam]

You can start to get more specfic help by posting a HiJackThis log on the Malware Removal forum on this site. But you have to be specific too.

In addition to the HJT log, you should post the name of the Trojan you think you have, where you think you got it (if you have any idea), the symptoms you have (such as pop ups, what they say, warning windows, what they say, slowness in running programs, etc.), and anything else you think may be pertinent to your situation. The idea is to give your helper (a gold shield person, which will be your helper and is also a skilled removal specialist) all the information you can think of that may give them clues about the infection you think you have. And, your HJT log may give them more clues (but not always)

To Download HijackThis go to the following link below:

http://www.trendsecure.com/portal/en..._n=home_footer

1. Click on the "Download" button at the top of the page, then click on the "HijackThis Executable" link that will appear.
2. Save the file to your desktop.
3. Double click on the HJT icon on your desktop.
4. Click on the "Do a system scan and save a log file" button. It will scan and then save the log to Notepad.
5. Close HJT by clicking on the "X".
6. At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy (doing that copies the text to the clipboard, you won't see it yet....)
7. Come back here to the Malware Removal forum and Paste the log in a new thread. (To paste - if you use IE as your browser - just click on the "Edit" menu selection, and then "Paste" in the drop down menu)

DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required. And later on the security expert may have you move HJT to it's own folder so that it can make and store backups of what it changes. But for now you can just run HJT from your desktop and post the log.

A security expert with a gold shield to the right of their screen name should take a look at your log - please be patient. They are skilled and pretty busy folks.

[Byteman]

Hi, Not picking on anyone here....just clarifying!

Quote:

In addition to the HJT log, you should post the name of the Trojan you think you have, where you think you got it (if you have any idea),

While this is nice to have, it is not required, so you should post the Hijackthis log in our Malware Removal forum

http://forums.techguy.org/54-malware...jackthis-logs/

Start your New Thread there please. I will take care of this one for you.

and someone will help you just as soon as possible, there may be some waiting time, as there are only a few helpers.

[BobJam]

I guess I shouldn't have said "you have to". Didn't mean to imply that it was necessary.

So, Ill echo Byteman and say, "this is nice to have". Good clarification, Byteman. Thanks . . . seriously . . . (not being sarcastic here).

[CHAD27]

You can get spy bot search and destroy www.spybot.com and download and run it in safe mode.This helped me

[Byteman]

Hi BobJam,

Quote:

I guess I shouldn't have said "you have to". Didn't mean to imply that it was necessary

Actually, you didn't! I just did not want the person, or anyone else, to even remotely think that they needed to post that information...it's beyond the scope of many of our newer posters, to remember to record a trojan name, exactly the way it appears in a scan .... and, as for where they got it, well, take your pick- a lot of times, they are bundled with a download of something else, we see this a lot with cracks, hacks, filesharing....and of course, phishing emails, fake popups.... it really doesn't matter where it came from, but it might be nice to know...

What happens then, is we end up with bad links posted, that some folks will click on, and you know the rest of the story!

None of the better malware help forums will allow you to post links to infected websites, bad downloads....

No criticism meant, just being educational...I like to share.

[BobJam]

Hi Byteman,

Quote:

Originally Posted by Byteman

I just did not want the person, or anyone else, to even remotely think that they needed to post that information...

I really don't mean to belabor the issue, especially since you've been so kind about it, and I'm certainly not disputing the statements you've made (after all, you ARE a moderator, and you certainly know more about these things than I do), BUT . . .

Consider me confused, rather than arguing with you.

What's confused me, and what I was essentially repeating, was the sticky post made in the Malware Removal forum by dvk01, another Mod, titled "Posting for help". It's closed, obviously, and is at:

http://forums.techguy.org/malware-re...ml#post5102218

An excerpt from it:

"Please do not just post a Hijackthis log with NO other information or a general request asking "Is my log clear?"

Such requests are unlikely to be answered and waste everybody's time

If you need help please give Full details of what is wrong along with a HJT log

The more details you give in your initial post, the more likely you will get quick and efficient help"

and another excerpt:

"We need to know what is wrong, such as: pop ups, diverts, strange messages or warnings etc."

That's essentially the part I was trying to convey.

Quote:

Originally Posted by Byteman

it's beyond the scope of many of our newer posters, to remember to record a trojan name, exactly the way it appears in a scan

Yes, I certainly agree.

Quote:

Originally Posted by Byteman

it might be nice to know...

And I agree with this also. Indeed, that's what I was trying to get across.

Quote:

Originally Posted by Byteman

No criticism meant, just being educational...I like to share.

Again, you have been very civil and kind about this, so I don't mean to try your patience.

But also again, I'm confused . . . so please 'splain it to me (sorry for being so dense about this, but I'm honestly confused by what appears to be mixed messages).

TIA

[Byteman]

Hi, I can see why you may feel slightly "confused". Hope this helps explain. Some of this is just general information, that does not apply to anything you posted BobJam, so please do not feel that all this is just about you> it's for anyone reading, too.

All I am referring to, as what you should NOT ask to see, is only this part::::

Quote:

In addition to the HJT log, you should post the name of the Trojan you think you have, where you think you got it (if you have any idea)

We don't need any links posted that could be misused if you get my drift....

Asking that, will result in users posting links that take you to bad sites, links to bad downloads, links to infected websites....that others reading will click on and get infected They may not realize just what they can end up with by trying the links..... we do not need to know where these infections come from, we are well aware of that..... and, we would like to avoid the mistakes that inevitably will happen, when someone posts a legitimate program, site, link, or something by mistake as a malware-related item, do you see? There are many experts who keep track of bad sites, hacked sites, sites with tons of malware in downloads, etc. We don't do that here.



Occaisionally, we get actual requests, like>>> "Do you guys know a site that I can get infected from, I want to play around with some viruses or trojans...." We've had people respond with actual links!

We have to constantly be on alert, and hunt for things like this, which we edit out of posts, delete posts....and so on.

And, nine times out of ten, a lot of new-to-the-game, nervous, upset, rushing posters will make typos/mistakes, GUESS, and post mistaken information, such as filenames that they THINK are right.....we would rather depend on logs, to verify exactly what is where, that's all! There's enough information nine times out of ten....

Besides that, I feel it's time to post this:


The first post in this thread, was obviously requesting help with removing trojans, and seems to me to contain some good details!

Quote:

My subscription with Kraspersky ran out and ever since my PC was started dying….. Now I have this Trojan virus in my machine and I tried every thing to get it out of my system, including spy ware doctor, Trojan remover and some other soft ware I could get my hands on. I can't renew my Kraspersky at the moment; can any one please save me from formatting my machine? Please help me get ride of this Trojan virus with out losing my data.
Thanks in advance.

This is an example of threads we want treated this way:

TSG Rules include this:

Quote:

Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name and authorized malware removal trainees have a blue shield next to their names. Anyone wishing to participate in a training program should contact a Moderator for more information.

True, scerab actually posted his question in the wrong forum... (they should have put it in Malware Removal/HJT Logs)...that alone, should not encourage anyone except a qualifed responder, to post in a thread where there is obviously going to be a Hijackthis log asked for, other scan tools used, or any other malware removal procedures.


We really would rather have you not post anything at all in this type of a thread. This is not to say, that you should not post anything after the thread has been responded to by a security helper should you have advice about a specific program, or procedure not related to the malware removal, then do so.

For example, if after a shield responder has been working the thread, and the original poster has problem, let's say with Copying and Pasting their HJT log....it is perfectly fine for you to pop in and give them the steps.... since, the thread is already being handled by a security person, and you are not providing help with fixing anything.... things of that nature are fine to post.

We have had to make restrictions just this past year--- because of so many incoherent, downright lousy, incorrect, and damaging advice that was being posted as responses!<< No, I am not referring to yours, BobJam.....

We realize there isn't much we can do, when people post threads in the unrestricted forums, they are going to get replies. We deal with it.

We have tried to get the new users with malware infections to post their requests in the Malware Removal forum as you are aware and posted about....but, they will continue to disregard that advice, and double post, etc. You might find it easier to PM the original poster, in situations like this., rather than post, since you posting makes others do the same. It's kind of blunt, but it's true....not everyone reads the rules, and is as careful and exact as you were.


Sometimes, it will be awhile before we can get to all the ones we want to Move there....just please, leave these threads NOT replied to, as security helpers look for zero reply threads... since they know that no other security helpers have responded to those, and know that if they Reply, that should help stop a lot of not so good advice.... not yours, the really BAD advice you may see posted.... and I am referring specifically to the threads where it is pretty obivous malware is strongly suspected or actually showing.

There are only a few of us responders, and hundreds upon hundreds of people asking for help. We try our best, but we do realize some threads will go unanswered, and we rely on the individual poster to either post into their thread to move it to the top of the boards....(also known as "bumping") and on the other Moderators who have the ability to Move Threads....in dealing with all the really bad infections, though they may not be security helpers themselves....

For those threads we feel are not as urgent, there is definitely going to be some time delay before someone can respond....

We also do not allow anyone to Private Message or email general help, or malware removal help to posters.... those posting questions here at TSG will have to be aware that this can happen, and be alert enough to realize they should not follow such advice!

As for what dvk01 posted and you quoted>>> He was intending for those who are asking for help with what they think is malware, to post as much as they can about the symptoms they have ((pop ups, diverts, strange messages or warnings etc."))

He meant>>> Let us know if you have a big slowdown in performance, cannot connect to the Internet, have had alerts from antimalware programs, firewalls.... or, results from any scans you did (that would contain correctly named malware items).


And, you did a very good job informing scerab of what to do!

Again, my only objection was only the part about trojan names, and where they picked it up.....
which, might keep some folks from actually following through and sending their log in.... thinking that they would not get help, without having that information posted

And as I said> we get enough bad links posted, that we have to scour through threads to remove.....which takes a lot of time...



I know you had no intention of anyone doing that, and that you are only seriously trying to help us out, that is very plain to see.

Basically, I am only trying to keep anyone else, reading your post, from copying that part into their replies, which would result in a greater chance of some bad URLs (links) being posted.

Sometimes, a security helper will ask for a suspected malware file to be zipped up and sent in for examination....and they may also want to know what site the user feels may have infected their computer....but, they will use a tool or ask for an email or PM, so the URL does not show as a clickable link.

Hope this gives a bit of insight, on exactly how we work here.

OK< back to work...... thanks, have a good weekend!

[BobJam]

OK, Byteman . . . now I understand. Your explanation was both comprehensive and informative. I'm no longer "confused", so no more questions.

Thanks for 'splainin it to me . . .

[Byteman]

Hi Scerab


Do you still need help with your computer? I have not seen any new thread started in the Malware Removal forum, no Hijackthis log from you. We'd like to help you if you are still around.