Results 1 to 14 of 14
  1. #1
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Southwest USA
    Posts
    219
    Thanks
    46
    Thanked 6 Times in 3 Posts
    Am running XP Professional (Service Pack 3)

    I recently somehow almost instantly acquired a Trojan & could do nothing with my standalone computer.
    Although I could boot the sytem, it would not let me access anything (AVG Free AntiVirus software Version 9.0, etc, etc.)
    It continually tried to send me to antivirmore.net to "update" it by purchasing it.

    Out of desperation, I "ended" some processes in Task Manager that I did not recall as normally occurring.
    That allowed me to finally access my AVG software.
    I then did a complete scan of my system but it found only some tracking cookies that I deleted.

    But when I rebooted again, the problem reappeared.
    Again, I ended some processes.
    This time, I restored to a restore point just a day previous.
    That cured my problem.
    Only 1 time shortly thereafter my system successfully blocked another similar Trojan which was placed in the Virus vault.

    I then went online & created a bootable AVG Rescue CD (actually a bootable USB Flash Drive) to use if it is ever needed in the future.
    I then tested it. It again found some more tracking cookies that I again deleted.
    But, it also found another Trojan for which I told it to rename it by adding the suffix _infected.arl (as suggested by AVG)
    After, I rebooted the system normally, I did a search for any file with that suffix, but could not find any.


    FINALLY THE QUESTIONS:

    If I ever erroneously end a process, will it be added back when I reboot the system?

    Is it possible that the AVG scan (using the bootable USB Flash Drive) merely saw the Trojan that was already in the Virus Vault & just did not rename it?

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Quote Originally Posted by StephenXXXX View Post
    If I ever erroneously end a process, will it be added back when I reboot the system?
    This part I can answer: yes. The startup sequence is prescribed in the OS, in the registry, and in the startup folder, and consists of a large number of processes and programs. Nothing you do in terminating currently running processes will change that sequence. (For that reason, as part of your clean-up, you also need to examine what will (re)occur at startup.)

  3. #3
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Out of desperation, I "ended" some processes in Task Manager that I did not recall as normally occurring.
    What was the name of the process you "ended"?
    But when I rebooted again, the problem reappeared.
    The problem was never properly dealt with, you still have an infection, worse yet it's stealthed from your
    normal avenue of detection and eradication: AVG software.
    Ending a process in real time does nothing to remove it's underlying etiology.
    But, it also found another Trojan for which I told it to rename it by adding the suffix _infected.arl (as suggested by AVG)
    What was the name of the Trojan?

    It looks to me like you had inadvertently got stung with one of the pseudo AV malware threats that's been going around lately.
    They're potency can range from extremely irritating to potentially covertly dangerous, like in a rootkit.
    The above questions need answers.

    Use an accredited online AV scanner & use more than one tool, preferably in safe mode, if installed.

    If the use of several tools on your own fails to find or eradicate this problem, I would recommend seeking an antimalware and or anti-trojan trained experts advice;
    http://www.geekstogo.com/forum/forums.html
    http://www.bleepingcomputer.com/forums/forum22.html
    http://forums.malwarebytes.org/index.php?act=idx
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  4. #4
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Southwest USA
    Posts
    219
    Thanks
    46
    Thanked 6 Times in 3 Posts
    It was the Trojan horse Generic18AEKM
    It was in C:\Documents and Settings\My Full Name\Local Settings\Application Data\mmrtqxpbi\nytohuwtssd.exe

    I just did an Windows Update (before I posted here) & it included the July Malicious Software Removal Tool by Microsoft. Nothing was detected. Was that not sufficient?

    And since I read your reply, I ran the PC Pitstop Exterminate2 System Scan online. It also did not detect anything.

  5. #5
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Look through this site for a "Antivirmore.com Removal Guide" if you believe your system is still infected.
    Purge whatever you have in AVG's vault as well.
    You should not be experiencing any browser redirects to the site in question if it is indeed removed.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  6. #6
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Southwest USA
    Posts
    219
    Thanks
    46
    Thanked 6 Times in 3 Posts
    I was sure I was no longer infected until I read your replies. Now I am not so sure.

    I am not getting any browser redirects - so I guess that makes me lean a little more towards believing that I am no longer infected. So does the fact that the online scans that I did run also show no infection.

    But, I will keep my guard up!

  7. #7
    Lounger
    Join Date
    Jun 2010
    Location
    A Texas State of Mind
    Posts
    44
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I would at the very least run malwarebytes free asap, download, update, run scan let it clean what it finds. I also recommend going to one of the malware removal support forums to get guided assistance and use of some special tools.
    http://www.udel.edu/topics/spyware/i...warebytes.html directions on getting and installing and using malwarebytes you can use and keep malwarebytes on your pc it will not interfere with your antivirus program, update it and scan with it weekly.
    You can find many excellent malware removal forums listed on the ASAP site
    http://asap.maddoktor2.com/

    bleepingcomputer has some excellent removal guides on their site.

    doing a system restore did not clean your pc. The infection you mention quite often carries with it a rootkit you want to make certain you are not still infected with that.
    registered Linux user:476595

  8. #8
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    I may have interpreted your original post as an ongoing infection, when in fact you may have already
    dealt with the problem successfully. If this is the case, disregard some of my paranoid rantings.
    Downgrade to a strong dose of vigilance;
    You can keep up your guard by monitoring for unwarranted cpu, hard drive, and network activity for awhile.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  9. #9
    Lounger
    Join Date
    Jun 2010
    Location
    A Texas State of Mind
    Posts
    44
    Thanks
    0
    Thanked 0 Times in 0 Posts
    the site spywareremove link mentioned in an above post by Clint is coming up RED flagged in WOT so proceed with caution there. I personally steer clear of the RED listed sites. It has 43 comments stating malicious content on the site and states it contains rogue software.
    registered Linux user:476595

  10. #10
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Calif
    Posts
    182
    Thanks
    0
    Thanked 14 Times in 13 Posts
    At a minimum, you should be using Malwarebytes Anti-Malware
    ( www.malwarebytes.org/mbam.php ) AND "SUPERAntiSpyware"
    ( www.superantispyware.com ), BOTH of which come in a FREE
    version, on a regular basis .
    For the BEST in what counts in Life :

    http://www.ctftoronto.com

  11. #11
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Southwest USA
    Posts
    219
    Thanks
    46
    Thanked 6 Times in 3 Posts
    Quote Originally Posted by Clint Rossmere View Post
    I may have interpreted your original post as an ongoing infection, when in fact you may have already
    dealt with the problem successfully. If this is the case, disregard some of my paranoid rantings.
    Downgrade to a strong dose of vigilance;
    You can keep up your guard by monitoring for unwarranted cpu, hard drive, and network activity for awhile.
    Yes, I do think that you & others have needlessly caused me to overreact.

    The 7-16-10 reply by R-C & my discovery in the instructions of 1 of the malware removal software sites that stated how to proceed if after you used their software you were unable to use Windows have caused me to stop & do nothing more.

    Also, after re-reading my very lengthy but thorough 1st post, I have concluded (at least for the time being) that I did successfully deal with the problem & need to do nothing more.

  12. #12
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Yes, I do think that you & others have needlessly caused me to overreact.

    The 7-16-10 reply by R-C & my discovery in the instructions of 1 of the malware removal software sites that stated how to proceed if after you used their software you were unable to use Windows have caused me to stop & do nothing more.

    Also, after re-reading my very lengthy but thorough 1st post, I have concluded (at least for the time being) that I did successfully deal with the problem & need to do nothing more.
    Your original post is somewhat contradictory and difficult to read.
    Furthermore, it was difficult to ascertain, with any certainty, whether anything was actually resolved other than
    the symptom of being directed to a known fake AV program site (antivirmore.net).
    Quote Originally Posted by R-C View Post
    the site spywareremove link mentioned in an above post by Clint is coming up RED flagged in WOT so proceed with caution there. I personally steer clear of the RED listed sites. It has 43 comments stating malicious content on the site and states it contains rogue software.
    How does "SpyHunter's Malware Scanner", listed on the site mentioned, rate as rogue Software? I've downloaded and tested it myself.
    And what is your exact determination of the site http://www.spywareremove.com/removeAntivirmorecom.html as being "red flagged?
    Based solely on WOT??
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  13. #13
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Southwest USA
    Posts
    219
    Thanks
    46
    Thanked 6 Times in 3 Posts
    Quote Originally Posted by Clint Rossmere View Post
    Your original post is somewhat contradictory and difficult to read.
    Furthermore, it was difficult to ascertain, with any certainty, whether anything was actually resolved other than
    the symptom of being directed to a known fake AV program site (antivirmore.net).


    My original post was a step by step recap of what had occurred & what I had done.
    If you first read all of that & then look at my Questions, nothing is contradictory nor difficult to read.

    However, I will never write such a long post again because no one takes the time to read it all & replys based only on a couple of sentences or words that did catch their eye.

    THANKS for your & every one else's time.
    Unless I see some evidence to the contrary, I will assume that my problem has indeed been solved by the actions I already took.

  14. #14
    Lounger
    Join Date
    Jun 2010
    Location
    A Texas State of Mind
    Posts
    44
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I highly value WOT, as do many others, but what I value most is the actual user reviews and replies which are listed in the RED flagged report area, as I stated there were numerous, over 40, direct comments by individuals stating that the website mentioned included malicious rogue malware, when seeing that kind of rating and those numbers of direct reviews I steer clear, which is why the warning was provided. What any one chooses to do on their own is of course their business. On the forums I am on warning of RED listed WOT sites is the norm, to go with caution. It was given here by myself as just that a cautionary notice.

    http://www.mywot.com/en/scorecard/sp...ve.com#comment
    registered Linux user:476595

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •