Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    5 Star Lounger
    Join Date
    Jul 2012
    Posts
    1,018
    Thanks
    703
    Thanked 64 Times in 62 Posts

    Trojan & Web Attack attempts at startup

    Working on a Windows 7 Home Premium with Norton 360

    Starting about a week ago, within a few seconds after startup Norton 360 reports it blocks Trojan.powelik activity, Trojan AdClicker activity & Web Attack. Fake Scan
    --- I should have taken better notes but if I remember correctly the first item had a severity rating of Low and the last 2 had a severity rating of High

    Within the few seconds it takes Norton 360 to block them, the default security settings in Internet Options are changed to Custom Settings at least in the Internet Medium-High and Restricted sites High settings
    --- Also in each of those 2 cases Enable Protected mode is unchecked

    After blocking them Norton 360 then reports the system is protected
    I ran Disk Cleanup & AdwCleaner, which cleaned out a number of registry items
    Upon allowing the computer to restart, those 3 items did not show up immediately but did so about 30 minutes later

    For some background, the computer users play a lot of games, go on gambling sites and told me sometimes they get messages from some Facebook users that are questionable whatever that means.
    --- It wouldnít surprise me if those attempted Trojan infections were because they are running on the coattails of from somewhere in there.

    Iíll be going back there in a few days
    I plan to check Enable Protected mode in both the default Internet Medium-High and Restricted sites High settings, as thatís what I have on my Win7 desktop & laptop computers

    Checking Nortonís website, I found this
    Nortonô Power Eraser https://security.symantec.com/nbrt/npe.aspx?lcid=1033
    --- Does anyone have experience on using that?
    --- I donít recall the exact wording, but being careful of how to use it is mentioned

    I have recommendations to use AutoRuns I think it is to see what actually is running in the background. Should I look into that or Sysinternals or another program?

  2. #2
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    8,021
    Thanks
    203
    Thanked 1,046 Times in 994 Posts
    Yes, I have used NPE but from a Google on that Trojan and https://community.norton.com/forums/...al-help-please NPE won't do it.

    Scroll down to a post by Scotthoot dated 28 Oct 2014 for what worked for him

    I also favour Process Explorer over Autoruns because it includes VirusTotal and you can see at a glance any red high value/~50 items. http://technet.microsoft.com/en-gb/s.../bb896653.aspx and you need to run it as an admin.

    Click on Options and ensure Verify Signatures is enabled and then hover over VirusTotal.com and check its box and then you will see which ones are verified and if any have the VirusTotal high red values.

    If you want to try the bootable Kaspersky Rescue 10 Disk you can get it from http://support.kaspersky.co.uk/viruses/rescuedisk/main but it can take quite a number of hours for it to complete its scan and you need to Ethernet connect the affected machine to update its definitions, but hopefully, what worked for Scotthoot will also work for you.

    ESET Online Scanner (which will be quicker than Kaspersky) may also find it http://www.eset.co.uk/Antivirus-Util...Online-Scanner

    Click on Advanced and check all items except the proxy one then go into Norton's Firewall settings and disable until next reboot immediately before hitting ESET's Scan button.
    Last edited by Sudo; 2014-10-31 at 05:51.

  3. The Following 2 Users Say Thank You to Sudo For This Useful Post:

    1PW (2014-11-01),cmptrgy (2014-10-31)

  4. #3
    2 Star Lounger
    Join Date
    Mar 2010
    Location
    Charlotte, NC
    Posts
    138
    Thanks
    1
    Thanked 19 Times in 18 Posts
    Here is a link to another possible solution http://malwaretips.com/threads/troja...ate-etc.35975/

  5. The Following User Says Thank You to thomasjk For This Useful Post:

    cmptrgy (2014-10-31)

  6. #4
    5 Star Lounger
    Join Date
    Jul 2012
    Posts
    1,018
    Thanks
    703
    Thanked 64 Times in 62 Posts
    Problem solved: thank you
    ESET Online Scanner http://www.eset.co.uk/Antivirus-Util...Online-Scanner

  7. #5
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    8,021
    Thanks
    203
    Thanked 1,046 Times in 994 Posts
    Quote Originally Posted by cmptrgy View Post
    Problem solved: thank you
    ESET Online Scanner http://www.eset.co.uk/Antivirus-Util...Online-Scanner
    It is quite a thorough scanner and glad it worked for you.

  8. #6
    5 Star Lounger
    Join Date
    Jul 2012
    Posts
    1,018
    Thanks
    703
    Thanked 64 Times in 62 Posts
    I have a hard time understanding how come a paid Security Suite like Norton 360 couldn't have done the job like EST did. I recommended to me friend he should consider ESET

  9. #7
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,899
    Thanks
    111
    Thanked 144 Times in 141 Posts
    Don't online scanners assume one has an internet connection that is not part of a present problem? Sometimes I have to run Windows Repair (All in One) because one of the problems was I had no internet connection with the outside world. Both HD & online choices would be best.
    Last edited by RolandJS; 2014-11-04 at 09:04.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/
    Backup, backup, backup! -- Lady Fitzgerald (sevenforums)
    Clone or Image often! Backup, backup, backup, backup... -- RockE (Windows Secrets Lounge)

  10. #8
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,954
    Thanks
    62
    Thanked 1,104 Times in 1,027 Posts
    You need to download the scanner and latest definitions so an internet connection is required somewhere. Offline scanners can be downloaded and burnt to CD / USB, but it's still an internet connection first.

    cheers, Paul

  11. #9
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    8,021
    Thanks
    203
    Thanked 1,046 Times in 994 Posts
    Quote Originally Posted by cmptrgy View Post
    I have a hard time understanding how come a paid Security Suite like Norton 360 couldn't have done the job like EST did. I recommended to me friend he should consider ESET
    You have a valid point but Norton did report blocking it and its repeated attempts could be as you suspect.

    Reading through the article I'd linked and from what you say as to your friend's habits, it's possible it could have gotten in through an exploited PuP.

    Norton tends not to recognize PuPs as threats because of their signatures, but it was interesting to note that MBAM was unable to pick this up either.

    While Scanners probably look for similar signatures, each will have a few of their own which is demonstrated by the fact that ESET takes ~1ĺhrs to complete, whereas the one time I ran Kaspersky Rescue 10 Disk, it took ~9.5hrs and is why some can and others can't find a particular nasty.

    Totally off topic - when I tried to use ALT+171 for the half symbol - got to ALT+17 and got a prompt asking if I wanted to stay or leave the page
    Last edited by Sudo; 2014-11-04 at 08:57.

  12. #10
    5 Star Lounger
    Join Date
    Jul 2012
    Posts
    1,018
    Thanks
    703
    Thanked 64 Times in 62 Posts
    Excellent comments Sudo15; and one of their family members is pretty "clumsy" on how they use their computer (oh yes should I say I'm being polite on how I'm trying to describe that?)
    --- Anyway I have brought their issues up to date on that with them, what they decide to do we'll see
    --- I was even willing to help them sign up with WindowsSecrets but that fell on deaf ears

    In my original post I wasn't aware that MBAM had been used and some infections had been found and were quarantined but I found out later. On Norton 360, although it reported that the websites were being blocked it was non-stop for about a week before my friend called me; plus I found out that within seconds the Internet Options the default security settings in Internet Options were changed to Custom Settings in the Internet and Restricted sites Enable Protected mode became unchecked in both cases. Since ESET cleaned out what they did, those settings do not revert back being unchecked or Custom settings. ESET took about 2 hours the first time it ran to find and remove all threats and there were plenty of them. My friend told me he has run ESET every day now and it's finishing very quickly and no threats are being found anymore and Norton 360 isn't reporting any more blocking

  13. #11
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    8,021
    Thanks
    203
    Thanked 1,046 Times in 994 Posts
    Hope your friend is checking the box to auto uninstall it each time.

    I know it will take longer to initialize each time but it's advertised (or used to be) as a one time free online scan, so regular use could get a response from ESET if left installed.

    ESET has a services restore tool to reinstate services that can be stopped by an infection but as the machine is infection free, then it won't be needed.

    This is it if you want to bookmark it http://kb.eset.com/library/ESET/KB%2...icesRepair.exe (active download link).

  14. #12
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,899
    Thanks
    111
    Thanked 144 Times in 141 Posts
    Hey Paul! Thanks for your gracious reply, I changed my post after realizing that I left off some stuff.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/
    Backup, backup, backup! -- Lady Fitzgerald (sevenforums)
    Clone or Image often! Backup, backup, backup, backup... -- RockE (Windows Secrets Lounge)

  15. #13
    New Lounger
    Join Date
    Nov 2014
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    When i was working on my system having good Internet Speed, i suddenly got Trojan on computer screen. After getting that i ignore and close the window, but after sometimes it appears again and again. It was really very annoying situation for me. I became fedup and looked for suitable solution. When searching on the Internet for solution, I came across http://www.removepcadware.com/uninst...win32comamegmb. Its activities are similar to the Trojan present in may computer. Here I also got best and effective solution to remove PC threats completely. It makes my task so easy and I could not get such suitable solution somewhere else. it can also be very useful for you. So you can try it for best and convenient solution.

  16. #14
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    8,021
    Thanks
    203
    Thanked 1,046 Times in 994 Posts
    Quote Originally Posted by jesonjohn01 View Post
    When i was working on my system having good Internet Speed, i suddenly got Trojan on computer screen. After getting that i ignore and close the window, but after sometimes it appears again and again. It was really very annoying situation for me. I became fedup and looked for suitable solution. When searching on the Internet for solution, I came across http://www.removepcadware.com/uninst...win32comamegmb. Its activities are similar to the Trojan present in may computer. Here I also got best and effective solution to remove PC threats completely. It makes my task so easy and I could not get such suitable solution somewhere else. it can also be very useful for you. So you can try it for best and convenient solution.
    Welcome to the Lounge jesonjohn01

    Glad that program was able to disinfect your system but if you read through this thread you will see a number of free effective anti-malware scanners referenced, that probably would have done the job without having to stick your hand in your pocket.

  17. #15
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    S.F. Bay Area, California, USA
    Posts
    785
    Thanks
    16
    Thanked 85 Times in 83 Posts
    Sudo,

    Pardon me for being skeptical, but when the only post from a new user, written in somewhat stilted English, recommends a payware site from Delhi, whose website is also written in somewhat stilted English -- I sense a spam.
    I don't intend to be xenophobic, but let's see if the user posts again, on other topics.

    Zig

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •