# Removing a Trojan Virus?



## Archlute (Dec 5, 2008)

So, there has been a Trojan worm going around on Facebook. Google it, and you will see how it sets itself up. Anyway, my wife is not very "situationally aware" when it comes to computer safety, and it has now been downloaded onto our desktop PC (I'm writing this from my laptop).

How do you remove something like this? It only seems to be preventing her computer from accessing the Internet. It has been quarantined and removed several times by Windows Defender, but keeps on popping back up after it has supposedly been removed. 

Advice on getting rid of it, and assessing the damage?


----------



## turmeric (Dec 5, 2008)

You may have to remove everything and re-install programs. This is a very persistent worm from what I can understand (which ain't much when it comes to computers) I'm going to warn my Facebook friends. Thanks for the heads-up!


----------



## fredtgreco (Dec 5, 2008)

Ivan,

What are you trying to post? It is jibberish.

Adam, you may want to start with Hijack This.


----------



## Ivan (Dec 5, 2008)

Sorry, Fred. Experimenting.


----------



## Archlute (Dec 5, 2008)

I would, but it has shut down the ability of our browser to access the Internet.

We're going into safe mode, and searching through recent files, add ons, and currently running programs. I'm trying to figure out how to reveal the hidden ones though. I've also read that a system restore roll back might be able to disable it.


----------



## fredtgreco (Dec 5, 2008)

You should certainly do a System Restore. Can't really hurt.

You can download Hijack This and then either use a thumb drive (if so, use a old one) or burn to a CD. It can then be put onto the infected computer. Do not network the infected computer, and I would manually disconnect it from the internet until you think it is clean.

TrendSecure | TrendMicro™ HijackThis™ Overview

I believe that Hijack this allows you to delete files as it is rebooting, to avoid reimplanting of the trojan. Another good removal tool is Spybot, and also AdAware (both of which have a free version I believe)


----------



## Archlute (Dec 5, 2008)

That is a great idea, Fred. I hadn't thought of using the laptop as a go between for that program. We've already done a manual disconnect, and the system restore is in process.


----------



## fredtgreco (Dec 5, 2008)

OK. When the system restore is done, then run Windows Defender, your AntiVirus, and any other anti-malware programs. Hijack This is the best diagnostic tool there is.

As a last resort - you have a backup of your hard drive, right? (Hint, Hint: everyone should have backup software (Ghost, Acronis, etc.) running at least once a week) That way in a pinch, you can wipe the whole drive and restore to a point before the attack.


----------



## Honor (Dec 5, 2008)

hey... ummm I think I read this a little too late.. I opened a werid message from a guy I vaguely know on facebook... it was a video that was sent to a lot of people... I clicked the link and then closed it before the video could play... do you think I got infected? and if so when do you think I'll see signs?


----------



## Archlute (Dec 5, 2008)

That is the way the virus works, but it also asks you to download a "necessary update" in order to watch the video. I believe that the virus connects with your computer when you accept the update. If you didn't do that, you may be safe.


----------



## Honor (Dec 5, 2008)

Praise GOD!!!!! thank you so much


----------



## Archlute (Dec 6, 2008)

fredtgreco said:


> OK. When the system restore is done, then run Windows Defender, your AntiVirus, and any other anti-malware programs. Hijack This is the best diagnostic tool there is.
> 
> As a last resort - you have a backup of your hard drive, right? (Hint, Hint: everyone should have backup software (Ghost, Acronis, etc.) running at least once a week) That way in a pinch, you can wipe the whole drive and restore to a point before the attack.



Thanks for the help, Fred. I think that the combo of the rollback and the "Hijack This" analysis/fix did the job. Our system returned to normal afterward. We ran several scans, and everything came up clean, so I hope that does it.

And, yes, I know that I should have an external hard drive running weekly - I had a good seminary friend give our class a lecture on this after he lost everything to a crash - but still have not gotten around to it. I keep a document/audio file backup on the D drive, and a thumb drive as well, but would have to reinstall everything else manually.


----------



## Galatians220 (Dec 6, 2008)

There's another virus out there that's killing laptops. It's called "Antivirus 2009." If it gets so far at all that you even see it on the screen, it has installed itself - and started rewriting all of your programs.

My husband's 6-year-old laptop got this virus on Thanksgiving Day and we couldn't do anything with it (it does not even allow you to get to your "Start" menu), so we took it to Best Buy. At the Geek Squad station there, they showed us a line there of 25 other laptops that had gotten infected, and for $200, they were cleaning them out. Ours, they said, was too old and we would be better off just getting a new one. This was on Thursday of this week. My husband is going to pick up his new laptop today. The Geek Squad told us that "all" the laptops are getting this virus... Our son, a chemical engineer who's extremely computer-savvy, has a laptop that also got infected, but as his is a relatively new one, he's going to get it cleaned. 

*There are some horribly vicious viruses out there!* 

Margaret


----------



## fredtgreco (Dec 6, 2008)

Margaret,

I _never _trust the Geek squad. Here are a couple of links that show how to remove Antivirus 2009. Your husband may want to try it, if only to make it easier to get his files:

Antivirus2009 (Antivirus 2009) Removal Instructions - MS Windows Vista Compatible Software

Is antivirus 2009 a threat? - Yahoo! Answers

Bleeping Computer and MajorGeeks are good sites with forums that usually have advice about this.

Here is another post that I have not had time to peruse yet, but seems to have a working (if more complex) solution:
How to remove the family of rouge anti-malware programs with names similar to “Antivirus 2008 XP” (Update: works on a wide variety of other types of malware as well) « The Technosopher


----------



## Galatians220 (Dec 6, 2008)

fredtgreco said:


> Margaret,
> 
> I _never _trust the Geek squad. Here are a couple of links that show how to remove Antivirus 2009. Your husband may want to try it, if only to make it easier to get his files:
> 
> ...


 
Thanks, Pastor -- but it's too late now...  He's over at Best Buy picking up the carcass of his Dell and the new Compaq with his data having been transferred. That 6-year-old laptop was on its last legs, anyhow, _maybe._

For future reference, as I have a 4-year-old desktop, and for others here, I would like to know what makes the Geek Squad not trustworthy. It was his decision (not mine - heh, heh) to go there...

Again, thanks!

Margaret


----------



## fredtgreco (Dec 6, 2008)

Galatians220 said:


> fredtgreco said:
> 
> 
> > Margaret,
> ...



I don't think not trustworthy is the word - and I realize that it was my "misspeaking" that caused that. I have just found that they are no smarter than instructions you can find online (or a good computer geek friend) and they are expensive. 

But then again, I pay people to do things around my house (like change out a ceiling fan) that I have no knowledge of absolutely no interest to learn how to do, and I am sure that many here can do! 

If the laptop was 6 years old, you really have not lost much. That is really old in computer years.


----------



## Galatians220 (Dec 6, 2008)

fredtgreco said:


> But then again, I pay people to do things around my house (like change out a ceiling fan) that I have no knowledge of absolutely no interest to learn how to do, and I am sure that many here can do!
> 
> If the laptop was 6 years old, you really have not lost much. That is really old in computer years.


 
Hey - change a ceiling fan??? That's definitely, without a doubt, a job for a professional! No way would I do that myself!    I am not being facetious; I'm serious. One needs that done right so that no annoying noises emanate from it during operation... 

Yeah, I think he did get as much as he could out of that laptop. I'm glad to see it gone; it was an irritant to me... (Just the way that it was acquired.) I'm going invoke the "don't diss your spouse" clause that's necessary to being a good Christian wife -- _and shut up now..._  

Thanks.

Margaret


----------



## the particular baptist (Dec 6, 2008)

The best piggy-back trojan remover that i know of is Hijack This. For everything else i use Spybot and Ad-Aware.

**Pastor Greco beat me to it, so I second his recommendations**


----------



## turmeric (Dec 6, 2008)

If you see this on a macbook, I read a forum that says to use Finder to find all the .exe files that go with it, drag them to the trashcan, and empty the trash.


----------

