Computer Help: Trojan Horse removal

[scott s]

My girlfriends laptop has picked up a Trojan Horse. It initially popped up as a dialog box pop-up that said something like "Threat detected, Zafi.B Win32.Zafi.B" and asked you to enable protection. It was configured to look like a Windows Security Center warning. When she clicked on "enable protection" it took her to a site that tried to sell her an anti-virus program. She did not buy anything and closed the window.
When she went to AVG to see if it had found the Trojan threat, AVG would no longer open or operate. She had to uninstall and reinstall the AVG software (the free version). Windows Defender found nothing. I had her install AdAware and it has found it and quarantined it several times.
If she tries to remove the program (either from AdAware or AVG, can't remember which), it tells her " Forceable removal could cause system instability or crash".
Anytime Resident Shield (AVG) finds it she can "heal" it and it sends it to the Virus Vault, where it shows up as "Trojan Horse Generic 12.BJFK". It has been found in at least two different paths to file.
It continues to pop up on start up. What is this file? How can we find it and remove it permanently without damaging her computer.
She's running WindowsXP on a 4 year old HP laptop. She's using MSN/Internet Explorer as her browser. She has the free versions of AVG, AdAware and Windows Defender, all recently installed and updated. AVG seems to find it most regularly.
HELP! This thing is annoying and sneaky...
_________________
Nothing screams "poor workmanship" like wrinkles in the duct tape.

[Glenn]

Even after removing a virus, i've never seen a PC behave normally.

I suggest you backup her data, format the drive and reload. After 4 years the PC will run faster anyway.
_________________
Glenn
74 Beetle Specs | 74 Beetle Restoration | 2180cc Engine
"You may not get what you pay for, but you always pay for what you get"

Member #1009

#BlueSquare

[insanitize]

I used malwarebytes to remove this from my daughters and a few other pcs.
It is a free download from thier site.
malwarebyte.org

[myk648]

I would wipe it clean and reload. Like Glenn said, after 4 years it will probably run better with a fresh start.

[MrBreeze]

I agree with both.....after 4 years a rebuild would be a good idea. I had this same virus and malwarebytes did the trick for me as well.
_________________
-=Rob

WTB: Bay Shore or Queensboro VW Frames

HBB 1984-2009
RW 1943-2011
ER 1964-2023

[scott s]

Will do the Malware deal...
I know just enough about computers to really screw one up. Can you guys talk me through the formatting and rebuild/reboot process in a way that an idiot can understand and won't destroy her computer?
_________________
Nothing screams "poor workmanship" like wrinkles in the duct tape.

[ChesterKV]

[scott s]

Well, until that time....any advice on reload/reboot?

The Malware program found 11 items and removed them. So far, so good....
_________________
Nothing screams "poor workmanship" like wrinkles in the duct tape.

[SkrapMetal]

Before you start its a good idea to Download Ccleaner and run it. You can also run it in safe mode.

Download Spybot Search and destroy, then reboot computer into safe mode. Update and run spybot.

Another good program to have is HijackThis. There is actually a forum to post what it finds in case you don't know what you're doing.

Having AVG, spybot, and ad-aware, I've not had a problem with anything getting in.
_________________
oo9less since 2007
-72 Ghia-

[90volts]

def vote for the reformat like Glenn and others said. PCs never seem to go back to normal even after removal... they touch so many files it messes something up that gets missed.

easiest way to format would be if you have the original system disk that came with the pc. put it in and run it and it should offer options, one of which will be to reformat.

best case for a computer that old would be get a new one if you can though. 4 years is a long time in comouter years. laptops for under 600 bucks and desktops for around 300.

[realbugfanatic]

Before you do anything, go to this place & download the free version & run it. Stupid name but check them out on the web, they work wonders.

http://www.superantispyware.com
_________________
1973 Super

[71Super4Rio]

I used this for my daughter's laptop when she downloaded the same thing.

In case some links don't work, please paste them manually into the address bar of your browser.

Here you go!!!!....
1) Turn off System Restore (Using XP? Click on the link below:
http://support.microsoft.com/kb/310405

Using Vista? Click on the link below:
http://windowshelp.microsoft.com/Windows/en-US/Hel...mspx#ENBAC

2) Disable all Startup Items and go to Services Tab, put a check into "Hide all Microsoft Services" and then click disabled all and then "Apply, "Ok", "Exit without Restart" (and also uninstall wanted applications)

In case anybody would like to know how to enable/disable Startup Items or Services then click on the link below:
http://support.microsoft.com/kb/950093/en-us

3) Shut down the system & restart in Safe Mode, plain Safe Mode.

4) Download and run Trojan Remover from the link given below:
http://www.gur.in/j/index.php?option=com_docman&Itemid=58&task=doc_download&gid=29

In case Trojan Remover won't be able to access/ remove some files, it will give you the option to fix issue at next reboot, so remember to check that option

5) Download & run MalwareBytes from the link given below:
http://www.gur.in/j/index.php?option=com_docman&Itemid=58&task=doc_download&gid=97

6) Download and run CCleaner from the link give below and run the regfix part of it for sure and fix all issues and I would run the cleaner part as well just to ensure MalwareBytes finishes fast.
http://www.filehippo.com/download/file/5be3ada3bcf...8d1e5907d/

7) Repeat Step 4-6

Reboot to Normal Mode

9) Repeat Step 4-6

10) Run Avira Antivir from www.free.av.com and will take care of most of the Trojan Droppers left in the system

11) Run CCleaner again and that will remove the Startup Item for that as well in case its left

12) Run Avira Antivir a couple of times more just to be sure

13) Reboot the machine and remove all Tools that you downloaded and installed, I would keep Avira & remove the rest

14) Reboot the machine and run Disk Cleanup from "Accessories" > "System Tools" and un-check compress old files and Office Setup files (If using any MS Office Programs) and Delete all others

15) Enable System Restore & create Restore Point manually

16) For future, install a good Internet Security Application which has a good Real-Time protections module and never use Multiple Internet Security Applications (I use Avira Antivir Premium
_________________
Aut Inveniam Viam Aut Faciam - "I shall either find a way or make one"

"It takes many years and experiance for a man to get comfortable in his own skin."

[ArmedGeek]

O.M.G. Generally not a good idea to ask computer advice of a bunch of car guys.

Glenn is right tho. reformat/reinstall. that is the *only* way. Once a machine has been infected it cannot be trusted.

And about half of the suggested "fixes" are crapware/adware thats damn near as bad as the malware itself.
_________________
1973 Std Beetle
"Work is punishment for failing to procrastinate effectively."

[SkrapMetal]

[Russ Wolfe]

How about just installing Linux, and then never run online as "root".
No more virus's or malware.
If you do have a problem, it is with just one user, not they whole system.
All the software is free, and does not cost 100's of dollars.
_________________
Society is like stew. If you don't keep it stirred up, you end up with a lot of scum on the top!--Edward Abbey

Gary: OK. Ima poop.

[VWSwap]

Welcome to the world of tapping the "F8" key when booting the computer.

Reformat it and re-install all of the software. All existing files and documents should be intact, but who knows.

Trojans can be a real bitch, and getting rid of them is sometimes impossible.
_________________
Like us on Facebook! http://www.facebook.com/MotherLodeVWClub
Camping & lodging information in Calaveras County is at http://www.gocalaveras.com

[JiI]

I have something adding all kinds of bookmarks/ favorites to my list. Insurance, porn, surveys, ads, shopping stuff etc... Any way I can stop that?
Jeff

[dlandvw3]

Reformatting is not really necessary. If you stick to good, legit, programs, that aren't trying to sell you something, they work wonders. Malwarebytes.org program Malwarebytes Anti-Malware is fantastic, and free, truly free, not shareware, and it's run by a great group of tech geeks who really know their stuff.

Another user mentioned Avira. www.avira.com That's another fantastic resource.

The free programs available on both of those websites are better than any commercially available programs out there, and they aren't bloated with crapware or whatever someone else called it.

On the Avira website, if you'll click on downloads, then down under tools, there are several really good specific removal tools that work for most trojans out there. It has a nice free registry repair tool, a very good rescue cd in case you can't boot into windows. It's a linux based repair cd that runs antimalware program on the computer. I've used it many times to fix pc's that most would think unrepairable. There's also a really good bootsektor removal kit, etc.

I use these every day, I remove viruses every day, and they both work.
_________________
We don't believe any VW is too far gone to be saved, and we feel the same about people...no one is too far gone to be saved

http://www.facebook.com/bugs4christ

[realbugfanatic]

[Behemoth]

Some pretty good advice given here from reformatting to Malwarebytes but the most pertinent I saw was the the turning off of the system restore as it'll hold everything you're trying to get rid of no matter what you run. Just be sure to turn it back on after everything is working right again.
_________________
63SunNotch...."Don't qoute me on it but I am pretty good when it comes to tits.
Been sucking on them since I was a baby. "
vdubmax..."I thought we were friends. I will be by to drop off your recently fucked up parts next weekend fool"