Page 1 of 2 12 LastLast
Results 1 to 15 of 25
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Denver, Colorado
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I ended up with an infection identified as TrojanASPX.JS.Win32. Google ID's it and shows pages of so called solutions. They are all suspect to me. Have had COMODO AV and even tried Microsoft Security Essentials but it doesn't seem to clean it up. AdAware, Malwarebytes and CyberDefender have no benefit either. Is there something, somewhere that is a valid source of a good removal tool? How about blocking it with a firewall in the future? I discovered it when icon for porn sites showed up on my desktop. Thanks, Bob

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Quote Originally Posted by Robt Blunt Jr. View Post
    I ended up with an infection identified as TrojanASPX.JS.Win32.
    Which program identified the infection?

    Here's some advice that appears to be from a legitimate source: McAfee Communities: TROJANASPX.JS.win32.

  3. #3
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Calif
    Posts
    182
    Thanks
    0
    Thanked 14 Times in 13 Posts
    Hi Robt :

    What One security program calls "TrojanASPX.JS.Win32", another would give a
    different "Name" .One possibility is to upload the malware to www.virustotal.com
    and see what their "Report" says . Today's malware is rarely simplistic and I
    suspect your "Trojan" is linked to a hidden rootkit, which MAY be discovered
    by using the FREE "GMER Rootkit Scanner" . You best bet would be to have
    your computer checked by an experienced, certified, Volunteer "Malware
    Removal Specialist" that help out on many advanced malware removal forums
    and the One I recommend is at http://www.geekstogo.com/forum/forums.html .
    IF you go there, read through their "Malware and Spyware Cleaning Guide"
    and be prepared to post a "Log" from their FREE "OTL" program .
    Some info about the OTL program is at
    http://www.geekstogo.com/forum/OTL-T...t-t277391.html .
    For the BEST in what counts in Life :

    http://www.ctftoronto.com

  4. #4
    New Lounger Corrine's Avatar
    Join Date
    Jun 2010
    Location
    Upstate, NY
    Posts
    18
    Thanks
    0
    Thanked 2 Times in 1 Post
    Hi, Bob.

    You may want to try Malwarebytes. Following are the standard instructions I give people when helping them with malware removal:

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, be sure Quick scan is selected, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
    • Click Remove Selected.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!
    Remember - A day without laughter is a day wasted. ~ ~ ~ May the wind sing to you and the sun rise in your heart.

  5. #5
    New Lounger Snoopy50's Avatar
    Join Date
    Jan 2010
    Location
    Tauranga, New Zealand
    Posts
    22
    Thanks
    0
    Thanked 1 Time in 1 Post
    Hi Bob,
    You can try VIPRE RESCUE SCANNER ( http://live.sunbeltsoftware.com/ ) When you first run it, the scan will take some time as it is a full thorough scan for Virus's/Malware and rootkits and checks every file on PC. At end of scan it will clean any infection and also give you a report of files found. Go to C:\VIPRE RESCUE for report file.

    If that fails then download Hijack This from ( http://download.cnet.com/Trend-Micro...-10227353.html ) Run it and save the log file. Then you can Post the log file on any good forum for the Techsperts to help you, or you can go to ( http://www.hijackthis.de/#anl ) and paste the log file in the box , hit enter and it will convert the result to HTLM and show with tick or cross all the bad files so you can delete them manually from your PC.

    Hope this may help.

  6. #6
    New Lounger
    Join Date
    Dec 2009
    Location
    virginia
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hello,
    I MUST reply to Corrine's post of failing to remove the items in System Restore that are found!!! I am sorry Corrine but you are dead wrong and you MUST also remove items found in system restore because you simply have not removed the virus unless you do so. Whenever you are trying to get rid of a virus or any malware from your system you MUST remove it from system restore as well. Failure to do so is a failure to rid your system of the virus as it can reinstate itself from this position. I STRONGLY recommend that you delete all restore points as well as any backups that contain the virus along with the virus removal. The makers of the virus also give it the tools to reinstate itself from these points. System restore points as well as backups are how many viruses remain in your system. It will not hurt to delete all restore points and backups from your system and set a new restore point as well as a new backup AFTER all traces of the malware are gone. Do this with all drives that are used or have been used with this system.
    I repeat...failure to remove the malware from ALL points on your system is a failure to remove it PERIOD!!

  7. #7
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Hartford, WI, USA
    Posts
    370
    Thanks
    153
    Thanked 62 Times in 37 Posts
    @Corrine:

    I totally agree with loco NUTT.

    @all:

    Why not give SuperAmtiSpyware a whirl? Here is it's download page.

    And in such nasty cases AutoRuns from Sysinternals has helped many times. One condition for using AutoRuns though: You've got to know the malicious entries when you see them; this is NOT for the casual user!
    Eike J Heinze
    What I am about
    SE Wisconsin

  8. #8
    New Lounger
    Join Date
    Jul 2010
    Location
    Beaver Darn KY
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Corrine View Post
    [*]Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:

    Agreeing with LocoNutt and others, but with this explanation: The line that you indicated in the screen shot does not refer to the factory restore image (if you have one), but the backups made by system restore.

    When you have a virus, BEFORE you begin cleanup, turn off system restore so that all restore points are erased. If you do not, you set yourself up for certain re-infection. Of course, if you like the feature, turn it back on once you are sure your machine is clean.

  9. #9
    New Lounger
    Join Date
    Jul 2010
    Location
    Terre Haute, IN
    Posts
    7
    Thanks
    0
    Thanked 2 Times in 2 Posts
    I have had a lot of success cleaning many different trojans, rootkits, and assorted malware using the following. First turn off System Restore, empty the Prefetch folder, and the temp files folders under windows and local settings. Then I grab Kaspersky Rescue disk from their website at http://devbuilds.kaspersky-labs.com/.../RescueDisk10/ and burn the iso to cd. After using this disk to boot, having it update and then scanning the system I reboot and run a program called combofix: http://www.forospyware.com/sUBs/ComboFix.exe. It downloads and installs the windows recovery console for its use and then scans and removes malware items and gives a log file of its activities. Then I reboot the system and run malwarebytes on it. Usually malwarebytes will find nothing on the system but I use it as a last check. I haven't run across anything that this wouldn't get rid of so far.

  10. #10
    New Lounger
    Join Date
    Dec 2009
    Location
    Hot Springs, Arkansas, USA
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I just finished cleaning up a rootkit that was identified as a trojan, After multiple scans when Malware Bytes did not find it and Symantec Endpoint did not find it I turned to AVIRA and Bitdefenders Rescue CDs, here are links: http://www.free-av.com/en/tools/12/a...ue_system.html http://download.bitdefender.com/rescue_cd/ . You basically download an ISO, burn a CD and boot up from it. It did not repair the problem but it identified the virus infected file so I could replace it.

  11. #11
    New Lounger Corrine's Avatar
    Join Date
    Jun 2010
    Location
    Upstate, NY
    Posts
    18
    Thanks
    0
    Thanked 2 Times in 1 Post
    Quote Originally Posted by loco NUTT View Post
    Hello,
    I MUST reply to Corrine's post of failing to remove the items in System Restore that are found!!! I am sorry Corrine but you are dead wrong and you MUST also remove items found in system restore because you simply have not removed the virus unless you do so. Whenever you are trying to get rid of a virus or any malware from your system you MUST remove it from system restore as well. Failure to do so is a failure to rid your system of the virus as it can reinstate itself from this position. I STRONGLY recommend that you delete all restore points as well as any backups that contain the virus along with the virus removal. The makers of the virus also give it the tools to reinstate itself from these points. System restore points as well as backups are how many viruses remain in your system. It will not hurt to delete all restore points and backups from your system and set a new restore point as well as a new backup AFTER all traces of the malware are gone. Do this with all drives that are used or have been used with this system.
    I repeat...failure to remove the malware from ALL points on your system is a failure to remove it PERIOD!!
    There is a reason why I do not recommend clearing System Restore before cleaning the computer. The primary danger to not clearing System Restore is restoring the computer to an infected restore point. Could this happen? Of course and then the clean-up would need to be started over. However, the likelihood of that occurring is slim. System Restore is not an endless receptacle. Old restore points are cycled out as new restore points are created.

    From MS KB831829 How antivirus software and System Restore work together:

    During a restoration, an active antivirus program scans for infected files. If the antivirus program detects any infected files, the antivirus program tries to modify, move, or delete the infected files. If the antivirus program successfully cleans the infected files, System Restore restores the cleaned files. However, if the antivirus software cannot clean a file, the antivirus software deletes or quarantines the file. As a result, the restoration does not work because these actions to the file cause an inconsistent restoration state. As a result, System Restore reverts to the state immediately before the restoration.{bold added}
    Although the above KB article refers to XP, it would apply to Windows Vista and Windows 7 as well.

    With regard to MBAM, in a full scan, MBAM scans SR. If the file is not completely clean, the user may not have a good restore point. Thus, if something goes wrong in the cleaning process, there is not a good restore point to return to. It would be better to have an infected restore point and begin again than none at all -- particularly since most people are not good about backups and may no longer have the installation media. Thus, even though I recommend a quick scan with MBAM, I include the recommendation about SR because I know from experience that people do not always follow instructions. The Symantec instructions (as well as so many others I've seen) do not recommend turning System Restore back on until after the cleanup. Thus, without a good backup or installation media, the person is left with no returning point -- other than an expensive trip to a local Tech Repair shop..

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Because I've been asked before why I recommend a quick scan with MBAM, I'll include that information here as well. MBAM developers recommend a quick scan. The above is a good reason to do the same. Just one example is what Marcin Kleczynski/RubbeR DuckY wrote in Posts 41 & 43 at Malwarebytes' Anti-Malware Program Suggestions - Malwarebytes Forum:

    The quick scan is meant to catch all malware that we know exists in the wild.
    Quick scan scans,

    1. Memory of the current user.
    2. Registry for all users.
    3. File system for all users (using a list of locations).
    For best scan results, it is also recommended to clean out temporary folders prior to scanning with MBAM.
    In another example, located at Malwarebytes' Anti-Malware Program Suggestions - Malwarebytes Forum, Bruce Harrison/nosirrah said:

    The MBAM quick scan option will catch every bit of live malware that the full scan will detect and 99% of the traces . I develop the definitions for MBAM and have never needed to use the full scan to test them out .
    As to clearing System Restore, after cleanup, create a new Restore point and then run Disk Cleanup:
    • Click start, type Disk Cleanup in the search box
    • Right-Click Disk Cleanup and select "Run as Administrator" and accept the UAC elevation prompt.
    • Select the drive where Windows is installed (if you have more than one drive) and click "OK".
    • When the scan completes, check/uncheck desired boxes.
    • Next, please click the More Options tab at the top.
    • Click the "Clean up..." button under the "System Restore and Shadow Copies" section at the bottom.
    • Click Delete in response to the question "Are you sure you want to delete all but the most recent restore point?", click OK and answer Yes again.
    • The disk clean up utility will remove the selected items. When it completes, please restart the computer to properly record the changes made to the hard disk.



    Quote Originally Posted by Dennis McKay View Post
    After using this disk to boot, having it update and then scanning the system I reboot and run a program called combofix: http://www.forospyware.com/sUBs/ComboFix.exe. It downloads and installs the windows recovery console for its use and then scans and removes malware items and gives a log file of its activities.
    ComboFix is not a free-for-all tool and should only be used with the guidance of a trained malware expert. There is much more involved than merely downloading and running ComboFix. Let's just say that to print the tutorial and other information from the developer and other security experts about this complex tool would take reams of paper.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!
    Remember - A day without laughter is a day wasted. ~ ~ ~ May the wind sing to you and the sun rise in your heart.

  12. #12
    New Lounger
    Join Date
    Jul 2010
    Location
    Fort Lauderdale,Florida, USA
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    This site has helped a lot.
    http://www.bleepingcomputer.com/virus-removal/
    pay attention to any instructions that require manual participation on your part...they're included for a reason
    My 2 cents... clean the system restore files... and then after you are sure your OS is clean... create new and wipe out the old

  13. #13
    Lounger
    Join Date
    Jun 2010
    Location
    A Texas State of Mind
    Posts
    44
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Totally agree with Corrine, her vast experience in cleaning infections on the many help forums she volunteers on is amazing. It is now being recommended in many places to not remove restore points until it is positive that the clean up is done, then you can go to system restore and clear the restore points if you choose to. It is always better to have any restore point to go to rather than none at all if something should go terribly wrong during a clean up. This article does a very good job in explanation.
    http://msmvps.com/blogs/spywaresucks.../17/66724.aspx

    from it a quote by Jim Eshelman, MVP of aumha.net
    "..it is also true that, in cleaning highly infected systems, sometimes you make mistakes that cripple Windows and it is better to be able to take a step back to a working version of Windows - even an infected one! - rather than have Windows trashed completely. To quote Mow Green, "a leaky lifeboat is better than no lifeboat in a storm."
    registered Linux user:476595

  14. #14
    New Lounger
    Join Date
    Dec 2009
    Location
    virginia
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thank you Corrine for your speedy reply,
    While I do agree with your reluctance to remove SR points,I still have to say that some (not all) viruses are able to restore themselves from anywhere on your system. This includes RS points, even if you do not restore to that point. You do not have to remove all RS points but the certain RS points that MBAM comes up with from a scan. I think that most ppl are unaware that there are some viruses that have been updated to enable themselves from ANY point on your system. Yes I'd say "knock on wood" lol, that none have encountered one of these and that viruses are not as common as they were in the past. Most malware is now built as spyware or hijackware these days rather than to kill your system,all in a bid to make money.
    I also have another great piece of freeware that I have used longer than MBAM and works even better. It is called Spybot-search and destroy and it runs on any system and even has mobile capabilities. Beware, there is a hijack bogus version on the net so click the link given to go to the correct site.

    from it a quote by Jim Eshelman, MVP of aumha.net
    "..it is also true that, in cleaning highly infected systems, sometimes you make mistakes that cripple Windows and it is better to be able to take a step back to a working version of Windows - even an infected one! - rather than have Windows trashed completely. To quote Mow Green, "a leaky lifeboat is better than no lifeboat in a storm."

    This will only happen if you remove a rootkit. That will never happen with MBAM or Spybot.



    Quote

    The MBAM quick scan option will catch every bit of live malware that the full scan will detect and 99% of the traces . I develop the definitions for MBAM and have never needed to use the full scan to test them out .


    The key word here is "live" malware. I will always recommend cleaning any RS points with a virus-or malware. While it will kill that certain RS point, It will not hurt any other RS point. After cleaning up the virus and seeing that your system is fine...THEN clean all RS points and backup and make new ones. (as I said before)

    Otherwise I see great posts in this thread. I suggest reading thru it all.

  15. #15
    New Lounger
    Join Date
    Jul 2010
    Location
    Sacramento
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Corrine's recommendation is sound, however, I always start a troubleshooting session by doing the following BEFORE running MalwareByte's AntiMalware:

    1.) Running "rkill" first to terminate any resident programs in memory.
    2.) Then run the most recent (updated) version of AntiMalware installer on the infected system. DO NOT PLUG IN A NETWORK CABLE TO UPDATE DEFINTIONS AT THIS TIME.
    3.) Run AntiMalware on the infected system to remove the obvious infections.
    4.) When all known infections are dealt with, and you get no indications of additional infections on subsequent scans, then plug in your network connection and update AntiMalware.
    5.) Now that AntiMalware has been updated with the most recent definitions, rescan the infected system again.

    This process will take care of all but the most stubborn viruses...

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •