Mobile menu

Webrebates trojan - anybody knows how to get rid of it?
Thread poster: Katza
Katza
Local time: 18:32
English to Romanian
+ ...
Aug 17, 2004

Hi,


Yesterday, after downloading some screensavers from download.com, I started getting an error message on my computer, saying that this Webrebates0 "program" has performed an illegal operation and needs to close. I immediately started a scan with my Norton Professional, but, much to my surprise, it said that my computer is "clean". I tried deleting the program, but it doesn't work - it was installed in my program files directory and, every time I try deleting it, it just shows up again five seconds later, even if I use the "Wipe" function of Norton.

After searching the Net for some answers, I managed to discover that the so-called "program" was, in fact, a trojan. The solution recommended on some computer forums was Spybot. My only concern is that the download site for this Spybot (the English version) is the same site where I got infected in the first place and I'm a little reluctant to download anything else from them - ever again!!!

Anybody knows another method of getting rid of it? Anybody knows what exactly does this trojan do? For the moment, I can't say I've seen much activity from it, apart from the fact that my computer froze two times since last night. Then again, I'm running Windows 98, which is prone to freezing now and again.

Any help would be greatly appreciated,
TIA,
Narcisa


Direct link Reply with quote
 
Gavin Bruce  Identity Verified
United States
Local time: 17:32
German to English
SpyBot Aug 17, 2004

Hi there,

I really don't know anything about the trojan problem you have, but I really can recommend SpyBot. It is troubling that you say you picked up this little problem at the same place where you were going to get SpyBot. That's not good. However, I can tell you that this program is available from a number of different sites. So perhaps you could shop around a little bit and find one you think you can trust more.

Good luck,

Gavin


Direct link Reply with quote
 

Andrea Appel
Canada
Local time: 12:32
English to German
+ ...
Secure download !!! Aug 17, 2004

Hi there,

There are different ways to get rid of your trojan, first try the suggested method from Gavin, you can savely download that program from the address below. There is also a program called Ad-aware and Search&Destroy they are both free and great tools.
If everything failes to work there is a download called "hijack this" you also download it from the address below, BUT you have to be very careful using this tool, what it does it makes a list of everything what is installed in your computer. It takes somebody to know what to delete,it also shows the "way" how you got infected. Once you download Hijack this DO NOT OPEN IN AN UNPROTECTED FILE, you could erase everything, if you open Hijack this you should open it with winzip or a other suggested tool and save it to your C-Drive. There is also a forum in the address below where you savely can list your log file and experts than will take a look and tell you what to delete. Make sure you follow the instructions exactly with hijack this. Good luck!!
Kind Regards,
Andrea

You have to extract HijackThis to its own folder. DO NOT run it from within a zip mangager, as no back ups will be saved.



http://www.bleepingcomputer.com/forums/index.php?showtutorial=41

[Edited at 2004-08-17 10:45]

[Edited at 2004-08-17 11:37]


Direct link Reply with quote
 

Selçuk Budak  Identity Verified
Local time: 19:32
English to Turkish
+ ...
Ad-Aware is a good option Aug 17, 2004

Not so infrequently, the pages we visit (of course, if our java is on, and our browser accepts cookies automatically), the page owner installs applications, java scripts, etc. in our computer without ever asking our consent, or without ever noticing such malicious installations. They are called, depending on their type and purpose, Datamining, aggressive advertising, Parasites, Scumware, Keyloggers, selected traditional Trojans, Dialers, Malware, Browser hijackers, tracking, etc. components

They are not viruses, and as such, are not recognized by most scanners.
There are numerous utilities to detect and remove such trojans, keyloggers, malware, etc.

One of the best options is to have a free copy of Lavasoft's Ad-Aware. It has an option for updates with a mouse click, and recognizes most of such components.
The link is:

www.lavasoftusa.com/software/adaware/

h.i.h


Direct link Reply with quote
 

Dinny  Identity Verified
Greece
Local time: 18:32
Italian to Danish
+ ...
Try Hijackthis Aug 17, 2004

You can download it from www.hijackthis.com - the site doesn't contain spy programs or the like.
If you are not totally familiar with the contents of your PC you should have somebody help you delete the enemy file.

Good luck!
Dinny


Direct link Reply with quote
 

Fernando Toledo  Identity Verified
Germany
Local time: 17:32
Member (2005)
German to Spanish
go to Aug 17, 2004

Start/run
in the dialog write: msconfig

Search the file in the Systemstart windows.

deselect it

start the computer again

Start/run

write: regedit

search (Ctrl + F) for the file and delete it
search again and again (F3) till there is no more hits


Regards


Direct link Reply with quote
 
Katza
Local time: 18:32
English to Romanian
+ ...
TOPIC STARTER
Progress Update Aug 17, 2004

Hi again,


First of all, thank you so much for all your help. I have followed your suggestions and downloaded Spybot, but, upon installation, it completely froze my computer after giving me an error message that I wasn't able to read. So, being a little paranoid by nature I uninstalled it.

Toledo, I followed your advice and deleted the file from regedit. Upon the last search, it showed up as Name "e" - value "webrebates". Should I delete that too? Sorry if I sound stupid - I just want to make sure that I won't delete anything that I shouldn't.

Once again, thank you all for your assistance.

Narcisa


Direct link Reply with quote
 

Fernando Toledo  Identity Verified
Germany
Local time: 17:32
Member (2005)
German to Spanish
yes Aug 17, 2004

Katza wrote:

Hi again,


Toledo, I followed your advice and deleted the file from regedit. Upon the last search, it showed up as Name "e" - value "webrebates". Should I delete that too? Narcisa



Yes,

Now take a look at start/run/msconfig/systemstart

Is it still there?

[Edited at 2004-08-17 16:02]


Direct link Reply with quote
 
Katza
Local time: 18:32
English to Romanian
+ ...
TOPIC STARTER
Gone!!! Aug 17, 2004

Hi again,


It's gone completely!!! Thank you so much for all your help.

Have a great, virus-free day,
Narcisa


Direct link Reply with quote
 

lien
Netherlands
Local time: 17:32
English to French
+ ...
Great tip for your adware and malware Aug 17, 2004

I scan regulary with pestpatrol, they have a gratis scan on their site.

Just did it and it found 64 adware and spyware. It gives you the location on the registry, you have just to desable them manually.

http://www.pestscan.com


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Webrebates trojan - anybody knows how to get rid of it?

Advanced search






Déjà Vu X3
Try it, Love it

Find out why Déjà Vu is today the most flexible, customizable and user-friendly tool on the market. See the brand new features in action: *Completely redesigned user interface *Live Preview *Inline spell checking *Inline

More info »
Protemos translation business management system
Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!

The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs