PDA

View Full Version : Computer guys, I need trojan virus help



Oldskool
02-21-2009, 11:11 AM
So randomly last night I get a message saying that my computer has a trojan virus called "Win32.Zafi.B" After this message pops up, I cant open internet explorer, (well it opens up, asks me if i wanna buy window's firewall, If i say yes, it brings me to a page which will close down in about 5 seconds, if I say no, the page closes immediatly, and if I try to change the web address, it closes immediatly.

I've run some virus scans, and they all come back clean (my anti-virus is McAfee). The only way I got onto the internet is by signing into the Guest account on my computer.

Can anyone give me some advice on how to correct this?

aypi
02-21-2009, 11:15 AM
try to download Malwarebytes' Anti-Malware its free, then try to do a full scan with it.

same thing happen to me few months ago and it works. hope that helps.

Genjuro
02-21-2009, 11:49 AM
^ I agree and also use CCleaner (crap cleaner) after.

GQBalla
02-21-2009, 11:57 AM
Try doin a full scan while in safe mode.

I haven't personally tried those tools but try it out. Download latest versionm and try to scan in safe mode

DarkDream
02-24-2009, 08:20 AM
MalwareBytes is good program to try out...

When it comes to virus or Trojans you can always search google...

There is almost ALWAYS someone with the exact same problem...

But don't download anything unless its from a credible source...

Barking_Spidre
02-24-2009, 08:56 AM
I had this the other day. Its the one that doesnt let you open up internet explorer or anti virus right? and if you click to buy firewall, it sends you to some program thats actually a virus.

Anyways,

Boot into safe mode, go to C:/Documents and settings/user profile/Application data <-- Have to have unhidden folders to see that one

There should be a folder called "google" and if you open it, there's 2 random named files. Delete those. Reboot. Win.

Thats what i did anyways and it has stopped ever since.

Good luck

alloroc
02-24-2009, 09:31 AM
download and run malwarebytes antimalware (MBAM) as above then reboot then download and run Superantispyware (SAS) and reboot then download and run the free copy of avira antivirus reboot.


Then uninstall all of those and install a program with hips or proactive detection either ..

if you are not behind a firewall - comodo internet security click on defense + advanced settings and ensure image scanning is in safe mode.

drive sentry if you are behind a firewall

alloroc
02-24-2009, 09:38 AM
oh ya ...


after you are done all that
go into internet explorer tools, internet options, programs, manage add ons ... then disable everything that is not by a known publisher.

now download and install firefox and never open explorer again.

alloroc
02-24-2009, 09:40 AM
8Ah3efRdWes

cityhunter2501
02-24-2009, 09:51 AM
I had success removing a trojan virus by running an AV, Malwarebytes, Spybot S&D on safe-mode

Barking_Spidre
02-24-2009, 08:03 PM
The thing about this virus, that all of you guys don't know about, is that it won't let you open up ANY form of internet explorer/firefox or anti virus program.

At least it didn't for me but it's probably the same for the OP as he had to sign into his guest account to be able to post.

Try what I posted and let us know how it worked out. :thumbsup:

Oldskool
02-24-2009, 08:23 PM
Hey Guys,

First of all, thank you all for your input.

The virus restricted me from opening my internet explorer, however I could open my anti-virus. I let my anti-virus run, and it didn't pick up anything. The only way to get on the internet was to log into the Guest account on my computer (I'm guessing it worked because I restricted the guest account, and gave it no access to any files on my admin account).

What I ended up doing, was downloading the Malwarebytes program on my guest account, switched over to my account and installed/ran the program. It picked up something like 15 virus', wow! Anyways, Malwarebytes really fixed up my computer good, not only could I surf the internet again, my computer wasn't getting program errors (not responding), which it used to get quite frequently. Another plus, my CD drive is functioning again! i thought I fried it but I guess maybe a virus was just screwing it over?

So now with internet working, I took allorocs advice, and downloaded Firefox. I know alot of people use Firefox and love it, but what are the major technical advantages of it? I do love this spell check though!

Once again, Thanks a lot for all the input and suggestion guys!

alloroc
02-24-2009, 11:29 PM
This video is kind of hokey but you can see how easily ie gets infected in comparison to firefox.

3qxg0z6YQy4

alloroc
02-24-2009, 11:38 PM
I would also dump whatever AV you have -which obviously doesn't work and download and install either a behavioral detection program (drive sentry or threat fire)

Or a hips program like defence wall - or an av solution with host intrusion prevention system (hips) like comodo

drive sentry and comodo are free for sure and I think threatfire is free as well.

check out the user mrizos youtube channel be pretty much reviews all the popular AV solutions in video format.


Originally posted by Oldskool
Hey Guys,

First of all, thank you all for your input.

The virus restricted me from opening my internet explorer, however I could open my anti-virus. I let my anti-virus run, and it didn't pick up anything. The only way to get on the internet was to log into the Guest account on my computer (I'm guessing it worked because I restricted the guest account, and gave it no access to any files on my admin account).

What I ended up doing, was downloading the Malwarebytes program on my guest account, switched over to my account and installed/ran the program. It picked up something like 15 virus', wow! Anyways, Malwarebytes really fixed up my computer good, not only could I surf the internet again, my computer wasn't getting program errors (not responding), which it used to get quite frequently. Another plus, my CD drive is functioning again! i thought I fried it but I guess maybe a virus was just screwing it over?

So now with internet working, I took allorocs advice, and downloaded Firefox. I know alot of people use Firefox and love it, but what are the major technical advantages of it? I do love this spell check though!

Once again, Thanks a lot for all the input and suggestion guys!

alloroc
02-25-2009, 12:32 AM
Originally posted by Barking_Spidre
The thing about this virus, that all of you guys don't know about, is that it won't let you open up ANY form of internet explorer/firefox or anti virus program.

At least it didn't for me but it's probably the same for the OP as he had to sign into his guest account to be able to post.

Try what I posted and let us know how it worked out. :thumbsup:

I forgot to tell him the install file for malwarebytes is less than 3mb and can be copied to a memory stick from another computer easily.

Sometimes you can load safe mode as well to install software.

IhateDomestic
02-25-2009, 01:34 AM
100% way to own your PC menace (if all hell breaks loose or if you do not want to spend 4-8 hours on a single pest).

It takes me about 2-2.5 hours to complete this process and I would do it rather than fixing individual virus/adaware/malware---etc. Best way not to get adware and malware is prevention...with trojans it's trickier since you can get it many many ways but here:

1. Back up your data/OS/whatever (Burn on DVD or put onto Ex. HDD)
2. Format (Full complete - format when your OS is off!)
3. Re-install OS
4. Install durable firewall/internet security/antivirus+malware protection pack
*4.5 - Update ALL definition files!!!!! *Important*
5. Put back the data and delete the old OS
6. Enjoy a problem free, fresh computer.

Oldskool
02-25-2009, 01:00 PM
Originally posted by alloroc
I would also dump whatever AV you have -which obviously doesn't work and download and install either a behavioral detection program (drive sentry or threat fire)

Or a hips program like defence wall - or an av solution with host intrusion prevention system (hips) like comodo

drive sentry and comodo are free for sure and I think threatfire is free as well.

check out the user mrizos youtube channel be pretty much reviews all the popular AV solutions in video format.



I'm not a big computer guy so I'm going to ask for some clarification here.

By dumping all the AV I have, are you speaking of Audio/Visual Material (downloaded songs and such)?
What does a behavior detection program do, and which one is a good one to get?

alloroc
02-25-2009, 02:33 PM
AV = AntiVirus.

free programs that guarantee 99.9% detection or better ...
hips - defence wall
behavioral detection - drive sentry, threatfire.

You really dont need much else but if you feel you must also have an antivirus program try comodo internet security, also free, I have been able to load it on 4 of 5 computers in my immediate family but it needs some tweaks to get set up properly.

On startup skip the scan and state you have a clean machine.
Once it is loaded. Find the scanning sections turn all of the scanning hueristics off. Then run a full scan without the heuristics module (the scanner is really good and all the heuristics do is detect false positives)

Then click the defense+ button and then the advanced button on the left hand side and change the image detection slider (or something like that) normal.

Now everytime a new program or dll is loaded it does not recognise it throws them into the 'files to review' section and you can easily white list the files or if you think they are bad block them and they become dead and unable to do anything on your machine. Comodo also has a list of running processes built in that you can access without running task manager, highlight a program, click terminate and the file stops running just as if you used cntl alt delete and end task. A nifty way to stop processes that are giving you greif such as rogue AV programs.

See Mrizos' videos he does a bang up job and cleans computers for a living.