Trojan horses on my machine. (help please)

Moto

Moto

Tank
Joined
Feb 2, 2004
Messages
1,559
Reaction score
0
Hello. I have some questions regarding a trojan horse virus that was installed on my computer last night.

Here's how it went down:

Ok, last night I was on the internet and my browser jumped to a page that I did not manually click on. It was like a browser re-direct. Well, when I got there, the page was a black website with nothing on it. My trusty Norton Antivirus got its first taste of combat right there. Norton instantly popped up and told me of a detected virus (it popped up 4 times.) So I closed my browser and opened up Norton antivirus 2004 and scanned my machine. It went through all of my files and found 4 infected ones. I got really worried and let the program complete. It told me that it had taken action by immediately deleting the virus files.

It turns out that 5 trojan horses were istalled on my computer. I posted an image of their names on the attachment below. I think it killed 4 of them, but the Bloodhound.exploit one denied access and failed to be fixed. I ran the scanner again today after school and it finished saying that there were no infected files.

I would like to know if these files could have a long-term or permanent effect on my computer. If they are cleared, it is still infected in some way? Is the Bloodhound.exploit still there? What can I do to ensure myself that there is absolutely no virus on this computer?

I worry about it because this is an expensive computer that I had custom built.

Thanks for any help or comforting,
Moto-x.
 
By the way, I have not had any problems with anything yet. It appears as though this Bloodhound.exploit is exploiting a hole in Microsoft Outlook. (OMG that's how Valve got H4xX0r3d.) Is there a problem with deleting/uninstalling MS outlook? I don't use it anyway...

I haven't played any games yet though.
 
1) run windows update!
2) run windows update!
3) scan again with norton and with housecall (its a free online scan)
4) if you still don't think its gone you can format and reinstall windows.
 
There are no critical updates available for Windows at this time. I'll try that housecall thing.
 
download a firewall. A firewall will let you know if any programs are accessing the internet without your knowledge/approval. That is one way to determine if there is a virus/trojan on your computer. I use Zone Alarm, there is a free version and a version that costs money. I know there are several free firewalls that are quite good, check in to those (sorry don't know any names).

Check out these links about the viruses you got. They tell some information about them and how to make sure you get rid of them.

http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.1.html

Next time, you might want to back up (to a CD-R) any important files so these virsuses/trojans don't do any irreversible damage.
 
Uh oh, house call found another one that it says isn't cleanable.

How do I reformat windows? Does it delete all my programs? Will it get rid of all viruses?
 
Okay, reformating should be a last step, because it deletes every file on your computer. If you reinstall windows, you want to reformat your harddrive, this will make sure you have all your viruses/trojans deleted.

But first, load up in to windows safe mode and run your virus scanner their and see if it picks up the rogue viruses. No need to spend hours reformating and reinstalling windows if you don't need to.
 
From what I've seen, you don't have anything INSTALLED on your computer (trojans, etc). They were imbedded in the .html files, they weren't executed. Notice that the temp internet files are infected. It's as simple as deleting those files.

If visiting a website could install things on your computer without you knowing, it would be exploited so bad that chaos would probably erupt.

It's a well known tactic for people trying to spread worms/trojans. That page probably just redirects you to an exe, with your choice to download it.
 
thanks, i'll do that.

IRT umop:

You mean got to tools ---> internet options ---> temporary interne files and delete those?
 
Housecall finds this trojan that Norton isn't finding. It says in can't clean it.
OMG what do i do?
 
might want to look into moosoft's "the cleaner" or Trojan Defense Suite.
 
dude jsut deleat your temp internet files.... tools > internet options . deleat files cookie ect... or just take the whole temp folder and deleat it
 
XenoSpirit said:
dude jsut deleat your temp internet files.... tools > internet options . deleat files cookie ect... or just take the whole temp folder and deleat it
Click to expand...

Please seriously, next time, think before you post, deleteing temp internet files does not get rid of trojans.....They could've spread on his pc already, so then it will just make itself back in system again....... :stare: :stare: :stare:
 
DiSTuRbEd said:
Please seriously, next time, think before you post, deleteing temp internet files does not get rid of trojans.....They could've spread on his pc already, so then it will just make itself back in system again....... :stare: :stare: :stare:
Click to expand...

You moron, why don't YOU think before you post? Deleting his temp inet files WOULD solve the problem in this case because the trojan isn't INSTALLED on his computer, it's simply embedded in an html file in his temp inet files (the site he visited). Just goto the folder where the detected files are and manually delete them. Of course clearing inet cache doesn't remove trojans that are already installed, but if you had half a brain you'd realize that in his screenshots the files are .html files in his temp inet files, and that method of infection is highly overused and common. All it does it redirect you to an infected file which you must MANUALLY download (clicking save or open). :stare: :stare: :stare:
 
umop said:
You moron, why don't YOU think before you post? Deleting his temp inet files WOULD solve the problem in this case because the trojan isn't INSTALLED on his computer, it's simply embedded in an html file in his temp inet files (the site he visited). Just goto the folder where the detected files are and manually delete them. Of course clearing inet cache doesn't remove trojans that are already installed, but if you had half a brain you'd realize that in his screenshots the files are .html files in his temp inet files, and that method of infection is highly overused and common. All it does it redirect you to an infected file which you must MANUALLY download (clicking save or open). :stare: :stare: :stare:
Click to expand...

Yeah ok sure....
 
DiSTuRbEd said:
Yeah ok sure....
Click to expand...

Actually, disturbed, he's right. IE is full of holes, and I used to get many a virus from viewing sites.. they don't do anything if you don't access the associated files, though
 
DiSTuRbEd said:
Yeah ok sure....
Click to expand...

What, you don't beleive me? I know what I'm talking about, I don't just sit here and make this stuff up :P
 
Thanks for all of your help guys. I am waiting to find out where my "troj istbar.i" virus exists. If you guys have any experience with this trojan, please let me know how to get rid of it. I do not think this one is in temp internet files.

Norton won't pick it up, even in safe mode, so I have to use this house call thing to find out where it is. I'll also try that "the cleaner thing.

Heres a pic of the trojan that won't go away:
 
Moto-x_Pat said:
Thanks for all of your help guys. I am waiting to find out where my "troj istbar.i" virus exists. If you guys have any experience with this trojan, please let me know how to get rid of it. I do not think this one is in temp internet files.

Norton won't pick it up, even in safe mode, so I have to use this house call thing to find out where it is. I'll also try that "the cleaner thing.

Heres a pic of the trojan that won't go away:
Click to expand...


see where it says "file" and c:\documen... etc below it? drag that so "file" is a larger area and then you can read the whole path and filename and should be able to manually delete the file in safe mode
 
Yeah, I got the file name and searched for it. I couldn't find it, but when the Housecall virus scanner was finished, it had a delete option where you could select the virus to be deleted and simply click the delete button. So it should be killed now. Yay. I hope this is the end of it all, it has been a stressful day.

Thanks for all of your help, I really appreciate it.

I'll run some other scanners as a precaution, and only when they come up empty will I be satisfied.

Thanks again guys! :cheers:
 
That was probably in your Temporary Internet Files folder. Welcome!
 
nah, I deleted everything in it and it still showed up in the scan. You might be right though.

Cheers mate :cheers:
 
You must log in or register to reply here.

Similar threads

Krynn72
You guys, what the **** is up.
Replies
11
Views
2K
Tollbooth Willie
Tollbooth Willie
bbson john
Hi everyone. I am new to this forum!
Replies
11
Views
6K
Tollbooth Willie
Tollbooth Willie
-smash-
ARG or Easter Egg found inside Danger Zone update
Replies
2
Views
20K
BabyHeadCrab
BabyHeadCrab
MFL
Fascinating look at the ongoing psychological evolution of flat hieirarchies.
Replies
2
Views
2K
Tollbooth Willie
Tollbooth Willie
ShinRa
Any way to save your posts?
Replies
8
Views
3K
GreenSpade
G
Back
Top