Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    5 Star Lounger
    Join Date
    Jul 2012
    Posts
    966
    Thanks
    661
    Thanked 58 Times in 57 Posts

    Trojan & Web Attack attempts at startup

    Working on a Windows 7 Home Premium with Norton 360

    Starting about a week ago, within a few seconds after startup Norton 360 reports it blocks Trojan.powelik activity, Trojan AdClicker activity & Web Attack. Fake Scan
    --- I should have taken better notes but if I remember correctly the first item had a severity rating of Low and the last 2 had a severity rating of High

    Within the few seconds it takes Norton 360 to block them, the default security settings in Internet Options are changed to Custom Settings at least in the Internet Medium-High and Restricted sites High settings
    --- Also in each of those 2 cases Enable Protected mode is unchecked

    After blocking them Norton 360 then reports the system is protected
    I ran Disk Cleanup & AdwCleaner, which cleaned out a number of registry items
    Upon allowing the computer to restart, those 3 items did not show up immediately but did so about 30 minutes later

    For some background, the computer users play a lot of games, go on gambling sites and told me sometimes they get messages from some Facebook users that are questionable whatever that means.
    --- It wouldnít surprise me if those attempted Trojan infections were because they are running on the coattails of from somewhere in there.

    Iíll be going back there in a few days
    I plan to check Enable Protected mode in both the default Internet Medium-High and Restricted sites High settings, as thatís what I have on my Win7 desktop & laptop computers

    Checking Nortonís website, I found this
    Nortonô Power Eraser https://security.symantec.com/nbrt/npe.aspx?lcid=1033
    --- Does anyone have experience on using that?
    --- I donít recall the exact wording, but being careful of how to use it is mentioned

    I have recommendations to use AutoRuns I think it is to see what actually is running in the background. Should I look into that or Sysinternals or another program?

  2. #2
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,619
    Thanks
    147
    Thanked 875 Times in 837 Posts
    Yes, I have used NPE but from a Google on that Trojan and https://community.norton.com/forums/...al-help-please NPE won't do it.

    Scroll down to a post by Scotthoot dated 28 Oct 2014 for what worked for him

    I also favour Process Explorer over Autoruns because it includes VirusTotal and you can see at a glance any red high value/~50 items. http://technet.microsoft.com/en-gb/s.../bb896653.aspx and you need to run it as an admin.

    Click on Options and ensure Verify Signatures is enabled and then hover over VirusTotal.com and check its box and then you will see which ones are verified and if any have the VirusTotal high red values.

    If you want to try the bootable Kaspersky Rescue 10 Disk you can get it from http://support.kaspersky.co.uk/viruses/rescuedisk/main but it can take quite a number of hours for it to complete its scan and you need to Ethernet connect the affected machine to update its definitions, but hopefully, what worked for Scotthoot will also work for you.

    ESET Online Scanner (which will be quicker than Kaspersky) may also find it http://www.eset.co.uk/Antivirus-Util...Online-Scanner

    Click on Advanced and check all items except the proxy one then go into Norton's Firewall settings and disable until next reboot immediately before hitting ESET's Scan button.
    Last edited by Sudo15; 2014-10-31 at 06:51.

  3. The Following 2 Users Say Thank You to Sudo15 For This Useful Post:

    1PW (2014-11-01),cmptrgy (2014-10-31)

  4. #3
    2 Star Lounger
    Join Date
    Mar 2010
    Location
    Charlotte, NC
    Posts
    132
    Thanks
    1
    Thanked 19 Times in 18 Posts
    Here is a link to another possible solution http://malwaretips.com/threads/troja...ate-etc.35975/

  5. The Following User Says Thank You to thomasjk For This Useful Post:

    cmptrgy (2014-10-31)

  6. #4
    5 Star Lounger
    Join Date
    Jul 2012
    Posts
    966
    Thanks
    661
    Thanked 58 Times in 57 Posts
    Problem solved: thank you
    ESET Online Scanner http://www.eset.co.uk/Antivirus-Util...Online-Scanner

  7. #5
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,619
    Thanks
    147
    Thanked 875 Times in 837 Posts
    Quote Originally Posted by cmptrgy View Post
    Problem solved: thank you
    ESET Online Scanner http://www.eset.co.uk/Antivirus-Util...Online-Scanner
    It is quite a thorough scanner and glad it worked for you.

  8. #6
    5 Star Lounger
    Join Date
    Jul 2012
    Posts
    966
    Thanks
    661
    Thanked 58 Times in 57 Posts
    I have a hard time understanding how come a paid Security Suite like Norton 360 couldn't have done the job like EST did. I recommended to me friend he should consider ESET

  9. #7
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,729
    Thanks
    95
    Thanked 128 Times in 125 Posts
    Don't online scanners assume one has an internet connection that is not part of a present problem? Sometimes I have to run Windows Repair (All in One) because one of the problems was I had no internet connection with the outside world. Both HD & online choices would be best.
    Last edited by RolandJS; 2014-11-04 at 10:04.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  10. #8
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,186
    Thanks
    47
    Thanked 983 Times in 913 Posts
    You need to download the scanner and latest definitions so an internet connection is required somewhere. Offline scanners can be downloaded and burnt to CD / USB, but it's still an internet connection first.

    cheers, Paul

  11. #9
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,619
    Thanks
    147
    Thanked 875 Times in 837 Posts
    Quote Originally Posted by cmptrgy View Post
    I have a hard time understanding how come a paid Security Suite like Norton 360 couldn't have done the job like EST did. I recommended to me friend he should consider ESET
    You have a valid point but Norton did report blocking it and its repeated attempts could be as you suspect.

    Reading through the article I'd linked and from what you say as to your friend's habits, it's possible it could have gotten in through an exploited PuP.

    Norton tends not to recognize PuPs as threats because of their signatures, but it was interesting to note that MBAM was unable to pick this up either.

    While Scanners probably look for similar signatures, each will have a few of their own which is demonstrated by the fact that ESET takes ~1ĺhrs to complete, whereas the one time I ran Kaspersky Rescue 10 Disk, it took ~9.5hrs and is why some can and others can't find a particular nasty.

    Totally off topic - when I tried to use ALT+171 for the half symbol - got to ALT+17 and got a prompt asking if I wanted to stay or leave the page
    Last edited by Sudo15; 2014-11-04 at 09:57.

  12. #10
    5 Star Lounger
    Join Date
    Jul 2012
    Posts
    966
    Thanks
    661
    Thanked 58 Times in 57 Posts
    Excellent comments Sudo15; and one of their family members is pretty "clumsy" on how they use their computer (oh yes should I say I'm being polite on how I'm trying to describe that?)
    --- Anyway I have brought their issues up to date on that with them, what they decide to do we'll see
    --- I was even willing to help them sign up with WindowsSecrets but that fell on deaf ears

    In my original post I wasn't aware that MBAM had been used and some infections had been found and were quarantined but I found out later. On Norton 360, although it reported that the websites were being blocked it was non-stop for about a week before my friend called me; plus I found out that within seconds the Internet Options the default security settings in Internet Options were changed to Custom Settings in the Internet and Restricted sites Enable Protected mode became unchecked in both cases. Since ESET cleaned out what they did, those settings do not revert back being unchecked or Custom settings. ESET took about 2 hours the first time it ran to find and remove all threats and there were plenty of them. My friend told me he has run ESET every day now and it's finishing very quickly and no threats are being found anymore and Norton 360 isn't reporting any more blocking

  13. #11
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,619
    Thanks
    147
    Thanked 875 Times in 837 Posts
    Hope your friend is checking the box to auto uninstall it each time.

    I know it will take longer to initialize each time but it's advertised (or used to be) as a one time free online scan, so regular use could get a response from ESET if left installed.

    ESET has a services restore tool to reinstate services that can be stopped by an infection but as the machine is infection free, then it won't be needed.

    This is it if you want to bookmark it http://kb.eset.com/library/ESET/KB%2...icesRepair.exe (active download link).

  14. #12
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,729
    Thanks
    95
    Thanked 128 Times in 125 Posts
    Hey Paul! Thanks for your gracious reply, I changed my post after realizing that I left off some stuff.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  15. #13
    New Lounger
    Join Date
    Nov 2014
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    When i was working on my system having good Internet Speed, i suddenly got Trojan on computer screen. After getting that i ignore and close the window, but after sometimes it appears again and again. It was really very annoying situation for me. I became fedup and looked for suitable solution. When searching on the Internet for solution, I came across http://www.removepcadware.com/uninst...win32comamegmb. Its activities are similar to the Trojan present in may computer. Here I also got best and effective solution to remove PC threats completely. It makes my task so easy and I could not get such suitable solution somewhere else. it can also be very useful for you. So you can try it for best and convenient solution.

  16. #14
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,619
    Thanks
    147
    Thanked 875 Times in 837 Posts
    Quote Originally Posted by jesonjohn01 View Post
    When i was working on my system having good Internet Speed, i suddenly got Trojan on computer screen. After getting that i ignore and close the window, but after sometimes it appears again and again. It was really very annoying situation for me. I became fedup and looked for suitable solution. When searching on the Internet for solution, I came across http://www.removepcadware.com/uninst...win32comamegmb. Its activities are similar to the Trojan present in may computer. Here I also got best and effective solution to remove PC threats completely. It makes my task so easy and I could not get such suitable solution somewhere else. it can also be very useful for you. So you can try it for best and convenient solution.
    Welcome to the Lounge jesonjohn01

    Glad that program was able to disinfect your system but if you read through this thread you will see a number of free effective anti-malware scanners referenced, that probably would have done the job without having to stick your hand in your pocket.

  17. #15
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    S.F. Bay Area, California, USA
    Posts
    735
    Thanks
    15
    Thanked 80 Times in 78 Posts
    Sudo,

    Pardon me for being skeptical, but when the only post from a new user, written in somewhat stilted English, recommends a payware site from Delhi, whose website is also written in somewhat stilted English -- I sense a spam.
    I don't intend to be xenophobic, but let's see if the user posts again, on other topics.

    Zig

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •