1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan Horse trouble

Discussion in 'Virus & Other Malware Removal' started by JeriRose, Feb 17, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. JeriRose

    JeriRose Thread Starter

    Joined:
    Feb 17, 2005
    Messages:
    13
    I am using WindowsXP, Home Edition.

    My Internet provider is ncplus.net.

    My anti-virus protection is AVG.

    I got the following "Virus detected!" message: While opening file:C\Windows\System32\neomonap23.exe\Trojan horse IRC/BackDoor.SidBot120.AU

    What IS neomonap? Is it adware or spyware? Is it the name of the Trojan horse virus? Or what? My Sister and I can't pin down exactly what it is, so trouble shooting is not great.

    My computer symptoms of being sick: Slow navigating my prayer site (took an hour to post from the time I hit the "Submit Reply" tab), slow disconnecting me from the ISP, slow logging off, have to go through a bunch of "Ending task....please wait," boxes, numerous pop up ads.... Also, the virus box kept popping up, at first, not allowing me to post or email anything.

    Current situation: the "Virus detected!" box no longer comes up, but I still get excessive ads and navigation is slow.

    Oh, yes, the short cut to the prayer site disappeared off my "Start" menu, which is VERY peculiar. And, the other oddity is that it started bringing up the "Yahoo!" web page each time I would click the prayer site tab. I do not use Yahoo! or have a Yahoo! account.

    I bought a new mouse from GE. Could installing a new mouse affect anything? It seems these problems hit, with the excessive ads being the first problem (and the Yahoo! page coming up) as soon as it was installed and I was back on the Internet.

    When, my mouse was down my AVG could not update regularly. Could that be why this took advantage of me (my AVG was not current)? Is AVG good anti-virus? It seems I ran an update file right off.

    I am confused by all the ideas and opinions. Some say I have to wipe the hard drive clean and reinstall the operating system. Some say SpyBot Search and Destroy works; some say it doesn't. Some say once this hits you, you can not find anything to REMOVE it, you have to wipe clean and reinstall, then put on security to keep viruses away in the future. Some say hijack this is a must; some say it gives you viruses. HELP!!!

    Can you tell me about something called Tauscan? This was on the CastleCops site (but I can't post there if I don't have hijackthis, which MacAfee questions). Being a novice, Tauscan sounded like just what I need, as it does all the work for me, and I thought it said it DOES remove viruses.

    Okay, I don't know WHERE to go for help, and I feel like all these different anti-virus folks are in competition, so they all want me to get their protection, so how do I find out what REALLY works? There are a ton of "Stop" and "Block" and "Boot" and "Destroy" tools out there. How to find the RIGHT one??? :confused:

    Please to advise. All help appreciated!

    ~JeriRose~
    Praying for a Solution!!!
     
  2. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    Welcome to TSG

    Spybot S & D and Hijackthis are not spyware period. And they both do a very good job.

    Also Macafee is getting a falsh reading about Hijackthis. There will be a fix coming out later to take care of that problem.



    Go to http://www.thespykiller.co.uk/downloads.htm and download 'Hijack This!'.

    First make a folder on your computer in my documents called Hijackthis and then Unzip it to that folder.
    Then doubleclick the Hijackthis.exe.

    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here
    in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.

    Someone here will be happy to help you analyze the results.
     
  3. JeriRose

    JeriRose Thread Starter

    Joined:
    Feb 17, 2005
    Messages:
    13
    My Sister is helping me with this, and she is my administrator, so I will have to call her and see when she can come and help me. emachines told her to call and they would help her do the hard drive cleaning and reinstalling of the operating system. I am looking for some other way.

    God is in this somewhere, too, because right now, my computer is working so GREAT I can not believe it. I had a pop up ad or two, but my prayer site is literally flying and whizzing. The posts are going RIGHT UP!!! We have a great group of people praying up there for my computer to get fixed, so I can be back with them.

    I am still wanting to know what neomonap is. Is that adware or spyware?

    I will download the Hijack This, and get the info you asked for to you as soon as possible. Thanks for the quick reply, and I was impressed that it came in my emails, and I could link right to it from there. (y)

    ~JeriRose~
    Praying for a Solution!!!
     
  4. JeriRose

    JeriRose Thread Starter

    Joined:
    Feb 17, 2005
    Messages:
    13
    A box from AVG just popped up saying a scan had been completed and that NO VIRUSES WERE FOUND!!! That is God, pure God! That is a miracle!

    I am not sure where to go to see that info again, as I closed out of the box.... that's how bad I am on computers. But God knows I need this computer for my prayer ministry, so He is on the job.

    I will let you know more after I talk to my Sister.

    Thanks for the free tech support.

    ~JeriRose~
    Receiving the answer to my prayers!!!
     
  5. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    As far as neomonap can not find anything on it sorry

    But you can try this just to be sure about any virus

    Run an online antivirus check from at least one and preferably 2 of the following sites

    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/
    http://www.ravantivirus.com/scan/
    http://www.anti-trojan.net/en/onlinecheck.aspx



    Be sure and put a check in the box by "Auto Clean" before you do the
    scan. If it finds anything that it cannot clean have it delete it or
    make a note of the exact file name and file location so you can delete it yourself.
     
  6. JeriRose

    JeriRose Thread Starter

    Joined:
    Feb 17, 2005
    Messages:
    13
    On a site called, "Acutual Research," NeoMonap was listed under spyware and neomonapexe.23 was listed under malware. This problem persisted after my answer to prayer post, and I even had two additional Trojan horse boxes come up (one related to a self installing tool bar).

    The situation now is, the hard drive was wiped clean, but when neomonap wanted to access the Internet, since we knew so little about it, my Sister clicked on "Allow." Now, I have bothe meomapexe.23 (malware) and NeoMonap (spyware) lurking in my files.

    It seems dormant for now, in that my interent is not so slow. Just the regular slowish dial up speed. Ads are not hounding me. Nothinng has tried to install itself on it's own yet. It told us that these are files that store information for my Win232 system. Well, what kind of info? Ads that will strike later? Programs that will install themselves? Hmmm....

    Question: What is malware? I could not find a definition.

    How does virusscan professional from MacAfee deal with spyware and malware? That is installed, but my Sister found NeoMonap and neomonapexe.23 in my files. I have done nothing to remove them from my files. I heard these will cause the Trojan horse.... So I feel like I'm racing time on this before this computer malfunctions. Or if a Trojan horse occurs, will virusscan professional take care of it?

    ZoneAlarm in reinstalled, too.

    What do you know about the RegFreeze that "Actual Research" promotes? supposedly it will clean this stuff from my files. It has many other features as well and sounded like a really comprehensive cleaner of junk from operating systems.

    ~JeriRose~
    Still praying!!!
     
  7. JeriRose

    JeriRose Thread Starter

    Joined:
    Feb 17, 2005
    Messages:
    13
    I was told on another site that neomonapexe.23 is malware. I was told on same site that NeoMonap is spyware. Both are in my files.

    I do not have HijackThis.

    What about virusscan professional from MacAfee? Just updated today. How can it help? Or do I need Hijack this? What are the particular advantages of HijackThis that virusscan professional does not have?

    I also posted on this in another thread, so I will go check my own thread.

    Today, Flamer from the "Acutal Reserach" site added to my thread on that site that neomonap is a Trojan horse, which is what came up in my AVG "Virus detected!" box before I wiped the hard drive clean and reinstalled.

    Just thought I would pass on this info.

    Trying to rid myself of this BEFORE my puter is freezing up, frequently crashing, too slow, ad pelted, etc. again.

    ~JeriRose~
    Still praying for the solution!!!
     
  8. JeriRose

    JeriRose Thread Starter

    Joined:
    Feb 17, 2005
    Messages:
    13
    I had that EXACT Trojan horse. Wiped hard drive clean and reinstalled operating system. Neomonap wanted to access the Internet, and my Sister said "allow." Hoo boy! Now I have two in my files.

    NeoMonap is spyware. neomonapexe.23 is malware. That's what I have found out in research so far.

    I was using AVG. Now I am on virusscan professional from MacAfee, since the reinstallation. I don't have HijackThis.

    This is a persistant one! Definitely need all info I can get on getting it out of my files. Just read to go into my files and delete it. How do I delete it?

    I feel your pain!

    Also, my ZoneAlarm disappeared or was disabled around the time all the trouble occured. ZoneAlarm Alert! is the one who informed me this morning that neomonap was trying to act as a server.... Of course, I said "Deny."

    For right now, my computer is working okay, but I am wondering how to get rid of this from my files BEFORE all the old problems, including the Trojan horse reoccur.

    If you are using AVG, there was advice on their site about this Trojan horse. They said something about changing the settings and some other things. I don't use AVG now, so I am hunting everywhere for a solution.

    ~JeriRose~
    Praying for a solution!!!
     
  9. JeriRose

    JeriRose Thread Starter

    Joined:
    Feb 17, 2005
    Messages:
    13
    Yes, I had it in a Tojan horse "Virus detected!" box from AVG. Trojan horses are non-replicating, meaning I can't send them on. When we had reinstalled the hard drive, NeoMonap or neopmonapexe.23 asked to access the Interent. My Sister said it might be an important part of my Windows System32. I had read enough info to know it WAS NOT! But she hit "Allow." So.... now, it's in my files. I am unsure how to clean it out.

    This morning, "Messanger Service," told me I have ten spyware programs running on this computer! Yeeks!

    It seems I have a hacker, as the original message said, "BackDoor." Hackers get in through the BackDoor.... Also, they keep cleaning this worm "SdBot.worm.... plus some other letters (I had two different ones) out of my files. And the worm info I read mentioned BackDoor. So, somehow Imy computer's compromised.

    Should a person wipe the hard drive clean, then get all new email address and password and the like? Or what? Could this hacker still find me, then? What if it's someone I know, who knows my real name? Or someone I unwhittingly shared such info with on line at some point? Some even know my mailing address.... What IS a person to do?

    Getting ready to quit computering for good!!!

    ~JeriRose~
    Still Praying for a Solution!!!
     
  10. JeriRose

    JeriRose Thread Starter

    Joined:
    Feb 17, 2005
    Messages:
    13
    How come the new password that I was given is not letting me log in? Is the hacker able to follow me and disable me somehow? I can only get here through the link in my email.

    A message just came up saying I have 15 infected files :eek: with bad programs (?). Can't remember exact wording. Said puter would crash or something like that, and when I clicked "OK" as in lets go look at free removal tools, message disappeared and it never redirected me to help.

    My dial up port had changed to WAY TOO FAST, so I couldn't get on for a while. That can be hacker related. :( I had to reset that.

    Is this some individual person following me around, messing with my computer? Or is it one or more of the spyware programs doing this?

    I have now identified five different proxy servers trying to access the Internet. I denied them all through the ZoneAlarm alert box. I went into ZoneAlarm and put X X X X straight across, to block the neomonap.

    SIGH..........!!!!!!!!!! :rolleyes:

    AURGHHHHHHH..........!!!!!!!!!! :mad:

    ~JeriRose~
    Still Praying for a Solution!!!
    Please, dear Lord....
     
  11. JeriRose

    JeriRose Thread Starter

    Joined:
    Feb 17, 2005
    Messages:
    13
    Well, in my original post, "Trojan horse trouble," the Tech Support Guy said he had never heard of neomonap. I was told by AVG that the Trojan horse hit me on February 7th, and another site said that's the day he first detected neomonap. So, it's a really new virus (well, spyware). Virusscan professional knows nothing about it. In fact, one of my posts on a prayer site ended up on the search page for "neomonap," because that's where I first posted about it.

    Just got a message saying I have fifteen infected files with.... not sure what. It's "Messenger Service," and these messages pop up randomly, so not sure how to find it again. It said I could go get free help for these files, but I was never redirected there. If I don't get help, computer is about to crash or some word similar.... SIGH!!! :rolleyes:

    Another message from "Messenger Service" told me I had TEN spyware programs running on my puter. :eek:

    I am so bad on puters. But I will start typing in the proxy servers (identified five hitting on me so far, all denied through ZoneAlarm alert box), in the search on the start menu, and see if I can track them down. I don't know WHAT files they are in, so how do I find that out? This all so confusing.

    Virusscan professional scanned for viruses, said I had none, but why doesn't it identify these spyware programs? :confused: It scans for that!

    Yiiiiiiiiiikes!!!!!!!!!! :eek:
     
  12. JeriRose

    JeriRose Thread Starter

    Joined:
    Feb 17, 2005
    Messages:
    13
    Well, I feel a little better. My sister scanned for spyware through ZoneAlarm, and they told her she had SIXTY-FIVE :eek: :eek: :eek: Spyware programs on her computer! This morning my nephew told her that MacAfee had just removed a Trojan that was roaming her computer. So, they ran the ZoneAlarm scan.

    Let's see. I searched files. Some mentions of the neomonap were in logs from ZoneAlarm. One was in it's own file; that was the name of the file. I deleted that file. Let's see what happens. I also, removed the program in ZoneAlarm, so it can't keep hitting on me as trying to access the Internet. Well, since blocking it with the Xs it wasn't, anyway.

    I removed some others that were trying to access the Internet, too, as proxy servers. And I will run a file scan on them as well.

    We are going to ask my brother for more info. He understands more about Spyware. He uses a MacIntosh, because he says they are better, etc. He uses SpyBot Search and Destroy. But, he may want to run a scan.

    On the "Actual Research" site he listed from A - Z every virus, spyware, adware, malware, Trojan, worm, etc. that he knows of. Neomonap, he detected on February 7th. The day I was hit with the Trojan horse.

    Well, if my sister has sixty-five spyware programs, I guess I will keep using my computer. She has been using hers, and they have four altogether, because of her kids using them for home schooling. She hasn't had any noticeable crashes, etc.

    Computers! Can't live with them; can't live without them.... :p

    ~JeriRose~
    Praying for a solution!!!
     
  13. JeriRose

    JeriRose Thread Starter

    Joined:
    Feb 17, 2005
    Messages:
    13
    Well, as far as the neomonap, I ran a search in my files. One was titled "neomonap" (I think it was the exe.23 one). So I deleted that file. I hope that takes care of it. I then, emptied my trash bin of it, too. I also removed it from ZoneAlarm "programs." Some program! Anyhow, let's see what happens now that I deleted that file.

    ZoneAlarm scan informed my Sister she has sixty-five :eek: :eek: :eek: spyware programs on her computer. Yeeks!

    So, I won't give up. I will just buy or download something that is supposed to help remove these babies.

    Hey, ZoneAlarm is advertising something to deal with spyware called the automizer. Not sure how it works. My Sister just informed me of it, but it cost money, so she didn't read all the details. I am going to check it out.

    Also there is something called RegFreeze on the "Acutal Research" site that is supposed to keep programs from messing with your registry. No hacker or whatever can go in there and change things. It costs around $40 for the most expensive version, I think. I am seriously considering that.

    ~JeriRose~
    Still praying
    Down but not out -- and getting up!
     
  14. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi JeriRose

    Welcome to TSG! :)

    I have split out the posts you made in someone elses thread and merged them with the other threads that you had.

    #1: In the future if you have a Question/Problem please start a "New Thread". It get's too confusing trying to address two different people's problem in the same thread and you may get overlooked.

    #2: Please do not start multiple threads for the same problem.

    #3: Please continue in this thread. Make all posts regarding this matter in this thread.
     
  15. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Please do this:

    First create a permanent folder somewhere like in My Documents and name it Hijack This.

    Now Click here to download Hijack This. Download it and click "Save". Save it to the Hijack This folder you just created.

    Click on Hijackthis.exe to launch the program. Click on the Do a system scan and save a logfile button. It will scan and then ask you to save the log. Click "Save" to save the log file and then the log will open in notepad.

    Click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/331642

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice