Mobile menu

Pages in topic:   [1 2] >
Trojan horse
Thread poster: Odette Grille

Odette Grille  Identity Verified
Canada
Local time: 08:31
English to French
+ ...
Sep 30, 2007

Hello friends,

Mu computer was recently infected with a trojan horse.
The kind that flashes a message in the toolbar warning you that your computer is not protected.
Unfortunaltely, I don't remember its name as I thought I had it killed after downloading a cleaner.
However, my computer remained slow (HP - WindowsXP)
so I downloaded the avast freeware. I had used this anti-virus before and it is good but it seemed to conflict with my regular McAfee, so I had deleted it.
This time Avast found 5 documents still infected, but sent a message that it could neither delete nor repair them. So I had them quarantined.
All of a sudden my desktop image appeared as a painted picture rather than a photography.
To make a story short. I deleted avast and restored my computer to yesterday's settings at 3pm.
Everything seems fine, but I am a little stressed because :
1) what happened to the infected files quarantined by Avast
Could they still be lurking in the dark ?
2) Am I putting other computers and sites at risk ?
3) I am tired of buying anti-virus software that is never efficient. I used to have Norton ; now McAfee VirusScan Plus 2007. What is the state of the art as far as virus control ?

Thank you


Direct link Reply with quote
 

ATIL KAYHAN
Turkey
Local time: 15:31
Member (2007)
Turkish to English
+ ...
AVG Anti-Virus Free Edition Sep 30, 2007

This is the one I can recommend as far as an anti-virus program that is both free and powerful. I used to pay until i discovered that you do not have to pay for an anti-virus program at any time.

Direct link Reply with quote
 

Odette Grille  Identity Verified
Canada
Local time: 08:31
English to French
+ ...
TOPIC STARTER
AVG Sep 30, 2007

Thanks Atil. It sounds familiar. Is it not related to Avast ?

Anyway, I found a French Forum about Trojan horse infection and if I understood correctly, the restoring point strategy I performed should have done the job.

I'll keep my fingers crossed.

I also put in my favorites the URL for Spyware doctor, which Olivier thinks is best and VirIT explorer lite (though McAfee warned me this last one 'contains programs considered spyware by some'.
I don't dare use them as everything seems fine, but at least I am ready for the next attack.

I feel so much less lonely. Thank you Proz forums !


[Edited at 2007-09-30 01:43]


Direct link Reply with quote
 

Anna Sylvia Villegas Carvallo
Mexico
Local time: 07:31
English to Spanish
Whenever I get a virus like that... Sep 30, 2007

I rather call my technician and ask him to reformat my entire PC, saving some files of interest for my job.

Then I reinstall my programs, and problem solved. I always feel like having a brand new computer.



Direct link Reply with quote
 

Shai Navé  Identity Verified
Israel
Local time: 15:31
Partial member
English to Hebrew
+ ...
Some saftey measures, and some cleaning and disinfecting solutions. Sep 30, 2007

Hi,
First of all i want to start by saying that I completely agree with the claim of ATIL KAYHAN, you can find a great virus protection softwares for free. I like AVG but I recommend you to use ANTIVIR free edition (www.free-av.com). In general, I don't recommend the use of Norton, Mcafee, Panda and others, the detection rate of these softwares is kind of low and they use alot of system resources. A better paid anti-virus solution will be NOD32, or Kaspersky, both of these have great detection rates and they use fairly small amount of system resources.
The second (actually first) and very important is the use of a well configured firewall. Odette, do you use any Firewall software, does you computer is "behind" a router?
The use of good AV software along with a Firewall/Router is the first line of defense. Unfortunately, there is never a 100% safe configuration that will defend completely against all variant of malware. Here is where the user's surfing habits are important, a safe user who surfs mainly in "good" trusted sites, taking cousins measure when dealing with emails and Instant messaging can live happily ever after with this configuration.

Some more security recommendations:
1) Don't use IE as your main browser, use Firefox or Opera instead.
2) Install an anti-spyware software such as, adaware, spyware terminator, and super anti spyware (all Free), espcially if you use IE as your main browser.
3)As mentioned before always use a firewall or router, there is nice good firewalls for free, and some not to expensive good routers.
4) Disable unnecessary windows services that are security risks.

These are general security recommendations.

If you have a single hard drive another recommendation is to split your hard drive into two or more partitions. the first and main partition will be used by the Operating system (I assume Windows) and installed softwares (such as MS office. Anti virus. Mail client, etc.). the other or others partition will contain all the documents, mails (the directory which contain the mails will be placed in this partition), downloaded files. Pictures, etc.
If you have two or more physical hard drives all of the above still applies , you can use on to store your OS and installed softwares and the other larger one for storage.
With this configuration all of your important data is isolated from the OS drive, in case you will ever need to reinstall the OS, none of your documents and etc. will be affected, as each partition is like a stand alone Hard drive. and formating one does not affect the other.
In this note. I would also like to recommend the use of partition imaging software (such as Symantec Ghost, or Acronis Trueimage), with these softwares you can create an exact image of your Hard drive partition. you can you use it for regular backups, but the more powerful feature of this technique is the ability to image your OS partition so in case of virus infection, or other problems, even serious ones when you can not boot into windows, it is possible in a matter of minutes to restore the computer to the state it was in when the image file was created. In order to use the most from this technique create the Image after all of the major softwares are installed, and after you set and tweaked the Start Menu, Desktop, and all the other "small" things just the way you like it, as the image captures everything, down to the smallest detail. Of course that the Image file itself should be kept in a removable media (might be a problem due to size) or partition other than the one that the OS is installed in.

Now let's try to verify that the trojan is no longer a threat:
1) First Disable system restore as some viruses Trojans ""hide" there and restores themselves.
2) I recommend you to uninstall Mcafee and install ANTIVIR (or AVG), you can always re-install Mcafee if you think you need to.
3) After scanning with Antivir or AVG, use this online scan housecall.trendmicro.com, enter this address and follow the on screen instructions.
4) last but not least, follow these instructions:
Download SDFix and save it to your Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.

* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

in this above mentioned report.txt file you can check and see if something was detected and deleted.

After all of that you can:
1) uninstall Antivir or AVG and reinstall Mcafee if you like (If you want my advice keep antivir or AVG).
2) Re-enable System Restore.

That's it' I hope this will be of some help to you. In case you need more details about something you (or anyone else) can contact me here or by email, and will try my best to help you.

I hope it wasn't too long
Shai (Fast-Text.com)




[Edited at 2007-09-30 02:34]


Direct link Reply with quote
 

KathyT  Identity Verified
Australia
Local time: 22:31
Japanese to English
Are you sure this isn't what really happened? Sep 30, 2007

Odette Grille wrote:
My computer was recently infected with a trojan horse.
The kind that flashes a message in the toolbar warning you that your computer is not protected.


Hi Odette,
It's possible that you may have unwittingly infected your own computer (or were made to think that it had become infected) when you responded to that alert.

Please see this link (scoll down almost halfway to the section titled "Operations: What You Need to Know - This Week's Top 10 Spyware Threats")
- - - - - - - - - - -
Operations: What You Need to Know
This Week's Top 10 Spyware Threats

There you are plugging along the Internet and up pops this window that says something like "hey you - is your computer slowing down?" You need to clean your registry just click here. Unknowingly you click and the fun begins. You are told to download the solution, aka, Registry Cleaner. Registry Cleaner is what is known as a Rogue Security Program. This is a type of software that pretends to scan and detect malware or other problems on the computer. But what it really does is dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results.

1. Trojan-Downloader.Zlob.Media-Codec: Trojan Downloader
2. Trojan.FakeAlert: Trojan
3. NewDotNet: Browser Plug-in
4. Begin2Search: Toolbar
5. Maxifiles: Adware (General)
6. Registry Cleaner: Rogue Security Program
7. Hotbar: Toolbar
8. IBIS.WebSearch Toolbar: Toolbar
9. BookedSpace: Browser Plug-in
10. WhenU.Save: Adware (General)

Although the risks for the product are considered to be moderate, it may also be hatching other programs that are more dangerous into your computer. These other programs are installed without adequate notice and consent, and may display unwanted advertising on your desktop. They may also track your online browsing habits and transmit non-personally identifying data back to a server in order to target advertising. These risks may be configured to start automatically with the operating system, use an auto-updater that the user cannot control, or install other functionally separate programs without adequate notice and consent. Remove the sucker... Better yet DO NOT install it in the first place!


Direct link Reply with quote
 

Odette Grille  Identity Verified
Canada
Local time: 08:31
English to French
+ ...
TOPIC STARTER
I'll check again Sep 30, 2007

[The second (actually first) and very important is the use of a well configured firewall]

Yes, my firewall was ON all this time.

[Don't use IE as your main browser, use Firefox or Opera instead.]

That is a very useful information. I"ll have to delete all my favorites, though and reinstall them under Firefox or Opera. (I have never heard of Opera and I thought Firefox was a Mac only browser. I do miss my Mac which never had a problem...)


[Some more security recommendations:]
1) 2) Install an anti-spyware software such as, adaware, spyware terminator, and super anti spyware (all Free), )

So you think these are better than Spyware Doctor ?

[Disable unnecessary windows services that are security risks.]

Not sure I know how to do that (recognize which services are useless), but I'll work on it.

[split your hard drive into two or more partitions. ]

This sounds very interesting (since it is the first time I am told it.)
I am just a little afraid that in the process I might awkwardly do something I should not...
But I'll try that too after I study the matter some more and feel ready.


[Now let's try to verify that the trojan is no longer a threat:]

This is the part I am interested in right now. Thank you very much for all these tips.
I am not particularly fond of McAfee and I won't cling to it just because I bought it. (I don't wear shoes that are too small if I happen to compulsively buy them!)


[First Disable system restore as some viruses Trojans ""hide" there and restores themselves. ]

This step scares me the most. What if the Trojan horse pops up again ? Why should I disable system restore ? Will SDFix not work ?

[That's it' I hope this will be of some help to you. ]
Definitely ! Thank you so much !



[Edited at 2007-09-30 02:34] [/quote] Oups, I did not use the quote markers properly...Grrr...and now I don't knw how to make your sentences stand out...Sorry if it makes reading a little uncomfortable.
O

[Edited at 2007-09-30 11:10]


Direct link Reply with quote
 

Odette Grille  Identity Verified
Canada
Local time: 08:31
English to French
+ ...
TOPIC STARTER
Rogue software Sep 30, 2007

: Yes Kathy, this is kind of what happened... Not with aka, but thanks for the link. I'll go there.

It was very impressive actually when my computer 'swallowed' this rogue spyware. Like it was taking a mouthful ! And then the flashing began !
Luckily it was not at a time I was working on some text with an already too short deadline...

Thank you



Oups again ! I'll master these quote markers some day ! Or will I ?

[Edited at 2007-09-30 11:20]


Direct link Reply with quote
 

Odette Grille  Identity Verified
Canada
Local time: 08:31
English to French
+ ...
TOPIC STARTER
It was lurking in the dark ! Sep 30, 2007

Wow, thanks to you all.
Spyware doctor cleaned 93 infected files !
Phew !


Direct link Reply with quote
 

Odette Grille  Identity Verified
Canada
Local time: 08:31
English to French
+ ...
TOPIC STARTER
Autofill Sep 30, 2007

Well, now that I replaced IE with firefox, I have to get used to the new toolbar appearance...
And
I cannot find the autofill (even after a searching its help registry)

Any idea where I could find it ?


Direct link Reply with quote
 

Graciela Guzman  Identity Verified
Argentina
Local time: 09:31
English to Spanish
+ ...
Hello, everybody! Sep 30, 2007

I also use AVG Free Edition and Lavasoft AdAware and everything works fine. I was always in trouble with Norton.

Have a great weekend!

Graciela


Direct link Reply with quote
 

Muriel Fuchs
Local time: 14:31
German to French
Talking about the AutoFill function in the IE Google Toolbar? Sep 30, 2007

Bonjour, Odette,

if it's the function you're looking for, maybe you should first read:

http://mozillalinks.org/wp/2007/03/strengthen-firefox-autofill-feature/

before going to:

autofill.mozdev.org/ ---> then search for "autofill"

You can also open the drop down menu "Tools" of your browser, click on "Add-ons" and then on "Get extensions" at the bottom right hand of the window. You'll be directed to the add-ons section of the Mozilla Website where you can search for "autofill" or open the Firefox Help section and enter "add-ons" as keyword and make your choice

Hope it will help.
Cordialement,


Muriel

[Bearbeitet am 2007-09-30 14:39]


Direct link Reply with quote
 

Heinrich Pesch  Identity Verified
Finland
Local time: 15:31
Member (2003)
Finnish to German
+ ...
Is it maybe fake? Sep 30, 2007

When I downloaded Spydoctor, the first scan was very fast and it announced having found 3 threads and more than 100 spyware thingies. But after buying the license and updating the scan is veery slow and nothing's to be found. I wonder what it means.
Cheers
Heinrich


Direct link Reply with quote
 

Odette Grille  Identity Verified
Canada
Local time: 08:31
English to French
+ ...
TOPIC STARTER
Spyware doctor Sep 30, 2007

Heinrich Pesch wrote:

When I downloaded Spydoctor, the first scan was very fast and it announced having found 3 threads and more than 100 spyware thingies.
Heinrich


My spyware doctor has a different name (ware) and it came in the firefox package. The scanning seemed thorough. I could see the files scanned and it apparently removed the infected files without encountering the problems avast seemed to have.
However, I am still going to follow my colleagues'advice and perform another scan with AVG and antivir.
But I do one thing at a time, firstly to remember, secondly to treat any problem as it appears and thirdly so I don't get confused and stressed...
Thanks Heinrich


Wow ! It looks as though I finally understood how the quote marks work...

[Edited at 2007-09-30 18:41]


Direct link Reply with quote
 

Odette Grille  Identity Verified
Canada
Local time: 08:31
English to French
+ ...
TOPIC STARTER
Autofill Sep 30, 2007

Muriel Fuchs wrote:

Bonjour, Odette,


You can also open the drop down menu "Tools" of your browser, click on "Add-ons" and then on "Get extensions" at the bottom right hand of the window. You'll be directed to the add-ons section of the Mozilla Website where you can search for "autofill" or open the Firefox Help section and enter "add-ons" as keyword and make your choice

Hope it will help.
Cordialement,


Muriel

[Bearbeitet am 2007-09-30 14:39]

Vielen Dank Muriel

I had tried the tools options but had missed the extensions button. Thanks to you I found it and I now have the firefox autofill! Hurrah !


Direct link Reply with quote
 
Pages in topic:   [1 2] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Trojan horse

Advanced search






LSP.expert
You’re a freelance translator? LSP.expert helps you manage your daily translation jobs. It’s easy, fast and secure.

How about you start tracking translation jobs and sending invoices in minutes? You can also manage your clients and generate reports about your business activities. So you always keep a clear view on your planning, AND you get a free 30 day trial period!

More info »
memoQ translator pro
Kilgray's memoQ is the world's fastest developing integrated localization & translation environment rendering you more productive and efficient.

With our advanced file filters, unlimited language and advanced file support, memoQ translator pro has been designed for translators and reviewers who work on their own, with other translators or in team-based translation projects.

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs