Reaching out to the biggest group of people I know in hopes that someone here has had this same problem and can help me resolve it, because office tech support is zero help on this (their solution is a reformat, which I refuse to believe is necessary at this point).
About two weeks ago I picked up a Trojan. Although I managed to isolate it and keep it from locking me out of my programs (it's one of those scareware scams that tries to make you think it's a virus shield that costs $60 and blocks Windows from running anything), there are still traces of it showing up. MSE has flagged numerous processes this morning and claims to have "cleaned" them, but evidently it isn't completely removing the issue because alerts keep popping up.
I get two to three BSoDs a day as a result of this process, and I'm also getting tabs opening up in Firefox about every 30 minutes with "You Won Our Crappy Contest!" and "Work For Google From Home" ad scams targeted to my locale.
Additional weirdness: I can't update my definitions for MSE or MalwareBytes, and I suspect that the rogue process is deliberately blocking those updates being applied. Has anybody else had this issue? It seems to be tied to the Alureon trojan, if that helps.
I've also followed several Alureon removal guides on eHow and other sites that detail which processes to shut down and keys to remove via regedit, but none of those processes or keys appeared on my machine. >=[
My suggestion is to try the various free softwares out there to remove it. I am sure either AVG or Spybot Search and Destroy can help.
If not then a reformat may be your only option. It sux but sometimes it has to be done.
Boot into safe mode without internet.
Run your choice of anti-virus software, all of the ones Steve suggested are good.
After it's done reboot into normal Windows.
Set your computer back to the last restore point before it was corrupted. (sometimes this works by itself)
If that doesn't work, then I see a re-install in your future.
|
Reaching out to the biggest group of people I know in hopes that someone here has had this same problem and can help me resolve it, because office tech support is zero help on this (their solution is a reformat, which I refuse to believe is necessary at this point).
About two weeks ago I picked up a Trojan. Although I managed to isolate it and keep it from locking me out of my programs (it's one of those scareware scams that tries to make you think it's a virus shield that costs $60 and blocks Windows from running anything), there are still traces of it showing up. MSE has flagged numerous processes this morning and claims to have "cleaned" them, but evidently it isn't completely removing the issue because alerts keep popping up.
I get two to three BSoDs a day as a result of this process, and I'm also getting tabs opening up in Firefox about every 30 minutes with "You Won Our Crappy Contest!" and "Work For Google From Home" ad scams targeted to my locale.
Additional weirdness: I can't update my definitions for MSE or MalwareBytes, and I suspect that the rogue process is deliberately blocking those updates being applied. Has anybody else had this issue? It seems to be tied to the Alureon trojan, if that helps.
I've also followed several Alureon removal guides on eHow and other sites that detail which processes to shut down and keys to remove via regedit, but none of those processes or keys appeared on my machine. >=[
Also try using Trend Micro's House Call. Its free online and runs from their web site. It may help clear that up for you. Also try CCleaner to clean out reg files and missing reg links. That can also really help get rid of these kind of issues. I would also be careful with the restore points. Some viruses will put themselves into the restore points so that reloading them brings them back...
And of course Fdisk --> Format --> Re-Install will work, painful as it, is... Just make sure you check your backups fotr the virus before reloading them :)
Download the free version of Malwarebytes at Malwarebytes.org.
My sister-in-law got a trojan similar to yours (could even have been same trojan) and I downloaded and ran Malwarebytes on her machine and it fixed the issue.
Our university where I work used Malwarebytes and it really works well, even dealing with malware that our anti-virus software misses.
Thanks to all for the advice. I found a Kaspersky rootkit tool that seems to have resolved the problem, but I'll keep my eyes open for any remnants and try some of these apps if the problem persists.
I use CCleaner regularly, but it didn't help much on this issue, and neither did Ad Aware.
System restore was my first go at the problem, and it did exactly what Christopher said. =/
I'm still getting errors when I try to update MBAM, so I'm guessing there's a conflict between it and MSE. *shrug* Oh well, at least the pop up tabs are gone and I haven't had a slowdown or a BSoD yet today - so that's better than the last two weeks have been!
Thanks again, guys - you folks are awesome!
Just for future reference - majorgeeks.com has an extensive list of antivirus and antispyware programs, including targetted removal programs and "stingers" which target specific forms of malware. You can also make a boot disk with antivirus if things become truly dire link here
Also, there are linux boot based antivirus programs if windows just won't work at all:
f-secure
They boot from a linux live CD and can scan and clean your windows install, without the malware being able to protect itself.
In the past, I've used a free anti-virus/malware package called "SUPERAntiSpyware", which effectively killed that trojan (or one similar). I also run Malwarebytes, already mentioned above, as a backup, and occasionally that picks up one or two remaining items.
H.
Also as a side note from a tech. Check the date when you have an issue. It's truly amazing how many computers need to be fixed after the 11th of every month.(microsoft update day) if your problems are suspiciously timed you might want to rollback whatever drivers were updated or uninstall the update until the knowledge base catches up with the glitches...let those other people be the guinea pigs.