Page 1 of 2 12 LastLast
Results 1 to 13 of 21

Thread: Darn trojan

  1. #1
    Join Date
    May 2000
    Location
    Indianapolis, IN, USA
    Posts
    34,048

    Darn trojan

    Got this sucker Malwarebytes finds but won't remove. Been suggested to use Combofix to get rid of it. Anybody used that program before?
    Attached Images Attached Images  

  2. #2
    Join Date
    Sep 2012
    Location
    Central Florida
    Posts
    880
    I would not touch combofix unless you have a rootkit installed on the system and you know what you are doing. It can nuke your system. I only touch it for really infected comps.

    I would just let malware remove it and see if it pops back up. Also you should check any system connected to your network. What OS you running win7 or xp??

  3. #3
    Join Date
    Sep 2005
    Location
    Atlanta GA area
    Posts
    21,021
    See if you can find the exact name of the malware in question... then google it. Usually there is a specific patch available to 'cure it'. Sometimes one needs to run two different malware programs to catch all the 'stuff' out there.

    Along with running Kaspersky and Nod32 (the latter is manually only--AV/malware programs tend to not mix well...need to shut one down before starting the other); I have my IT guy come by once a year and wipe/rebuild the entire software on my workstation. Takes around 3-4 hours to get all the apps and routines set up again on a fresh Windows install... and costs me around a C note... however it also rids me of 'build-up'. This time I will leave WinXP pro and go to Win7Pro64. Hardware will handle 64bit... I have some new photo-processing software that does not run on XP... and M$FT is not gonna support XP much longer.

    Try the google approach.

    You could also try CCcleaner... it is a registry tool... WARNING... one can delete most of the cookies and DLL's if they are not careful... and take hours to get all your apps and routines working again.
    GA-HVAC-Tech

    Quality work at a fair price with excellent customer service!

    Romans Ch's 5-6-7-8

    2 Chronicles 7:14

  4. #4
    Join Date
    Sep 2012
    Location
    Central Florida
    Posts
    880
    If you do decide to go ahead and try it, make sure you download it from bleeping computers. If I remember correctly someone has the domain for combofix and is hosting something different there.

  5. #5
    Join Date
    Sep 2012
    Location
    Central Florida
    Posts
    880
    If this is the type of Trojan that is coming back I would try this out. I have heard good things but have not had a chance to try it out yet. This is malwarebytes anti-root kit tool.

    http://www.malwarebytes.org/products/mbar/

    One last thing, you might want to check your router out if you keep getting this sorta infection back. I have seen viruss that will login to the router and set it up the DNS so everything goes through say Russa. This can also be done on your computer through the dns and proxy settings.

  6. #6
    Join Date
    Mar 2004
    Location
    Illinois
    Posts
    6,959
    The title of this thread could go many directions

    I'm thinking Dad would be the one to ask about it....he's a computer geek and a darn good one compared to me

  7. #7
    Join Date
    Nov 2006
    Location
    Southeastern Pa
    Posts
    18,251
    And here, I thought someone had just become a grandfather again.

    As for computer trojans, get the name and search Major Geeks. They have some top notch members.

    I use CCleaner, malwarebytes, registry mechanic, super anti-spyware, and Avira free edition.
    [Avatar photo from a Florida training accident. Everyone walked away.]
    2 Tim 3:16-17

    RSES CMS, HVAC Electrical Specialist

    AOP Forum Rules:







  8. #8
    Join Date
    May 2007
    Location
    Atlanta area
    Posts
    2,539
    I recently ran most of the scanners I found here:

    https://support.mozilla.org/en-US/questions/938759

    The one that found a trojan on my computer was the microsoft security scanner. It took 3 hours.
    Vacuum Technology:
    CRUD = Contamination Resulting in Undesirable Deposits.
    CRAPP = Contamination Resulting in Additional Partial Pressure.

    Change your vacuum pump oil now.

    Test. Testing, 1,2,3.

  9. #9
    Join Date
    Sep 2002
    Location
    I don't know
    Posts
    2,903
    svchost isn't the bad process itself - it's just an executable file which hosts some processes.

    You have to find and delete the infected files, then remove the registry keys associated with it.

    ccleaner only finds invalid registry references - it doesn't remove trojans.

  10. #10
    Join Date
    May 2000
    Location
    Rochester, NY, USA
    Posts
    14,287
    Quote Originally Posted by Senior Tech View Post
    The title of this thread could go many directions

    I'm thinking Dad would be the one to ask about it....he's a computer geek and a darn good one compared to me
    I thought the same thing, this thread is not what I was expecting
    The Last four letters


    American = I Can, Republican = I Can, Democrats = Rats


    any questions

  11. #11
    Join Date
    Jun 2006
    Location
    SW MO.
    Posts
    5,201
    I was thinking someones gonna be a daddy.

  12. #12
    Join Date
    Dec 2002
    Location
    Houston,Tx.
    Posts
    15,917
    Weird, I always thought svchost.exe was a normal windows program. I use Malwarebytes Pro, it actively does malicious website blocking and file system protection, so for all has been well. I would also try booting in "F8" safe mode and run Malwarebytes, might be better.
    __________________________________________________ _______________________
    “Experience is a hard teacher because she gives the test first, the lesson afterwards". - Vernon Law

    "Never let success go to your head, and never let failure go to your heart". - Unknown

  13. #13
    Join Date
    May 2000
    Location
    Indianapolis, IN, USA
    Posts
    34,048
    Sorry boys, not those kind of Trojans

    Regular Malwarebytes doesn't touch it. What is the MB anti-root tool thingie? Might it get what the regular one doesn't? I'll sure try Bill's suggestion of running it in safe mode.

    My IT friend who suggested combofix did say getting it from bleeping computer.

    This is at work with a crazy network and a crazy IT lady who keeps finding ways to blame me for it like using Firefox not IE, going on Facebook for 30 seconds to send a message to a customer or running Outlook with the preview pane open. I pointed out I do lots riskier things at home without a problem.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Comfortech Show Promo Image

Related Forums

Plumbing Talks | Contractor Magazine
Forums | Electrical Construction & Maintenance (EC&M) Magazine
Comfortech365 Virtual Event