I believe I got a trojan virus that has caused some damage to my computer which will no longer connect to the internet. I read several threads on here and these are the steps I have already taken: 1)I downloaded and ran Marlwarebytes and AVG. (I think it found the virus and removed it) 2)I downloaded HiJackThis and saved it to a new folder C:\hijackthis and ran a scan and saved the following log. 3)I reviewed my temp files and I don't think there is anything in them that I need to save. (my understanding is that part of this …

Member Avatar
Member Avatar
+0 forum 21

More often than not I'll be writing about the security problems facing Windows XP users, such as when I recently reported how a large number of enterprises are still running XP SP2 machines which will shortly [URL="http://www.daniweb.com/news/story287954.html"]stop being supported by Microsoft[/URL] in terms of security updates, hotfixes and the like. So imagine my surprise, at the same time that [URL="http://windowsteamblog.com/windows/b/bloggingwindows/archive/2010/06/09/reminder-windows-xp-end-of-sales-and-end-of-support-deadlines.aspx"]Microsoft reminds us[/URL] that it's the end of the line for Windows XP netbooks, to finally get hold of a story about Windows XP being good for security. OK, so the report from the [URL="http://blog.webroot.com/2010/06/14/spammed-trojan-wont-run-under-windows-xp/"]Webroot Threat Blog[/URL] is a pretty damn …

Member Avatar
Member Avatar
+1 forum 3

[ATTACH=RIGHT]22213[/ATTACH]You may not be a big fan of Microsoft, but you wouldn't expect your computer to be held to ransom by the company would you? In recent months it has become quite commonplace, at least across Europe, for scammers posing as Microsoft technical support staff to 'cold call' people on their landlines and warn them that their computers have become infected with some nasty malware and offer to walk them through the solution to rid them of this imaginary infection, for a fee of course. They get you to visit a link that gives them control over your computer, and …

Member Avatar
Member Avatar
+0 forum 9

All right stop, collaborate, and listen. A new variant of the ZeuS financial malware platform known as Ice. This baby Trojan spawned from the original Ice IX is targeting bank customers on both sides of the pond. Here in the UK the 'big three' telecommunications providers are where it is flowing like a harpoon, daily and nightly. One thing is for sure, this ain't no vanilla ice attack. [ATTACH=RIGHT]23731[/ATTACH]OK, rubbish pop rap references apart, this is actually quite a serious deal. The new Ice TX configurations are apparently not only stealing bank account data, as if that weren't bad enough. …

Member Avatar
Member Avatar
+0 forum 1

According to a press release that arrived today, entitled "Kaspersky Lab identifies first targeted attack utilising malware for Android devices", it marks the "first serious wave of targeted attacks using Android malware" but just how worrying is that really? ![ad9c332c555679ef709b67f0c7093e73](/attachments/large/0/ad9c332c555679ef709b67f0c7093e73.jpg "ad9c332c555679ef709b67f0c7093e73") The PR company sending the release were at pains to point out that "this latest discovery is perhaps the first serious wave of targeted attacks using Android malware in-the-wild against Tibetan and Uyghur activists" and that "the malware secretly reports the infection to a command-and-control server. After that, it begins to harvest information stored on the device". The stolen …

Member Avatar
Member Avatar
+1 forum 1

An ongoing attack aimed at users of the Apple Mac platform is being reported by security researchers. [AlienVault,](http://www.alienvault.com) which has discovered these weaponised attacks in the wild, warns that regular Mac users without IT security software installed could be at risk of infection and hijacking. ![alien](/attachments/small/0/alien.jpg "align-right") The researchers suspect that the attack stems from the same anti-Tibetan, pro-Chinese, hacking group that has been [responsible for attacks](http://labs.alienvault.com/labs/index.php/2012/alienvault-research-used-as-lure-in-targeted-attacks/) targeting Tibetan activist organisations in recent weeks. According to the lead researcher who made the discovery, Jaime Blasco, the group is "delivering two different Mac trojans" including a new and improved one called …

Member Avatar
Member Avatar
+1 forum 1

Security vendor Malwarebytes has reported that a new variation of an old password stealing Trojan is out in the wild, but all is not as it may seem. Notably, this particular Trojan is signed with an apparently 'genuine' digital certificate that authenticates the file. Which rather prompts the question: "say what?" Or to put it another way, if the billion-dollar digital certificate and encryption market can't actually guarantee squat, then what's the point of it? The Trojan, it appears, evades many security barriers by a system of spoofing that involves the criminal enterprise behind the scheme setting up a bogus …

Member Avatar
Member Avatar
+1 forum 1

The 'World's Greatest Anti-Malware Software' is the spurious claim being made by Malwarebiter, which just so happens to sound an awful lot like Malwarebytes which could perhaps justifiably lay claim to that accolade. Take a look at this forum and you will see that Malwarebytes is a very valuable tool for discovering just what nasties are present on your computer, and for getting rid of them. Malwarebiter, on the other hand, is most certainly nothing of the kind. Malwarebiter, if you hadn't guessed by now, is a prime example of the Rogue Anti-Virus genre, identifying perfectly legitimate files as malware …

Member Avatar
Member Avatar
+1 forum 3

Mobile malware has moved from the security vendor testing labs, out of the realms of marketing hype and FUD, and [firmly onto your smartphone](http://www.daniweb.com/hardware-and-software/tablets-and-mobile-devices/news/382139/how-mobile-malware-actually-grew-by-1400-percent-in-the-last-12-months). The main target for the malware distributors would appear to be the Android platform, which is not surprising given the rapid growth in the userbase coupled to the 'open to all' nature of the Android app marketplace. Up until now, the usual method of monetizing Android malware had been to subscribe to premium SMS text message services owned by affiliates of the cyber-criminals. Other than this, monetization of malware on the smartphone platform had been rather …

Member Avatar
Member Avatar
+0 forum 6

Everyone loves PHP these days it seems, and that includes the bad guys. So it should come as no surprise to learn that yet another remote access Trojan written using PHP has appeared. However, the fact that this particular bit of PHP backdoor code comes complete with a second, hidden, backdoor within it certainly was surprising to the security researcher who found it. DaniWeb has been talking to that researcher to find out more... [attach]17135[/attach]"Is there no honor among thieves anymore?" asks Andrew Brandt, the Lead Threat Analyst for security specialists Webroot, when disclosing the details of his [URL="http://blog.webroot.com/2010/09/06/php-backdoor-has-another-backdoor-inside/"]PHP double …

Member Avatar
Member Avatar
+4 forum 10

Hi, Main problem: My Laptop (*Not the one I'm using now*) isn't accepting ant input, the mouse and the keyboard are both disabled... It must be due to Trojan attacks... I suspect they unninstalled some drivers... #------'The Story'------# 1. I was surfing the Net, when my 'Microsoft Security Essentials' popped up with a warning of a detected treat: a *Trojan* had been caught!, so i told it to remove it (Instead of Quarantine). 2. After some minutes a new warning message from the AV appeared, it had detected another *Trojan* wich i told the AV to remove too. 3. When …

Member Avatar
Member Avatar
+0 forum 2

The Flashback Trojan has infected at least 600,000 Apple computers running Mac OS X according to the Russian AV company [Dr Web](http://www.drweb.com/?lng=en) which researched the spread of the malware which was originally discovered at the end of last year and for which Apple issued a security patch just this week. You can determine if your Mac is one of the machines infected by the Flashback Trojan, which disguises itself as an Adobe Flash Player installer, by running the AppleScripts provided by Mashable in response to the Dr Web discovery and available for [download here](http://mashable.com/2012/04/05/mac-flashback-trojan-check/) Alternatively, you can run the following …

Member Avatar
Member Avatar
+1 forum 1

Hi!! I would like to know if I could get someone's help. My computer, which is connected to an internal web, had a detected security risk, so Symantec Antivirus was installed to make a clean-up. Nevertheless, after the installation, a couple of messages appear every time I initiate the computer, saying that there's a failure with "C:DOCUME~1userLOCALS~1applic~1micros~2winini~1.exe" specified in the registry. Also, even after the antivirus update and scannings, there is a message that appears 2-3 times per minute over the Symantec Endpoint Protection in the Desktop Bar, indication,saying "[SID:24142] System Infected: Trojan Download Request detected" [] . Nothing happens …

Member Avatar
Member Avatar
+0 forum 3

Help me Obie One; you're my only hope. My wife's desktop was infected with Trojan C-Ransom or something like that, and in safemode I was able to get McAfee to locate and -- I thought -- delete the virus. I then ran MS Malware and the report indicated it had found another virus (Trojan A). I couldn't read the whole virus name because the name was a hyperlink, which I clicked and from that point on Windows has been locked down tight. It behaves as it did with the Trojan C-Ransom virus (screen is just pinstripe like pattern). I ultimately …

Member Avatar
Member Avatar
+0 forum 4

Security researchers are warning that some 30,000 WordPress websites, 85% of them based in the US, have been compromised by a mass-injection hijack attack which sees visitors to any of more than 200,000 individual pages redirected to a Trojan infected rogue AV scam. [ATTACH=RIGHT]24076[/ATTACH]The senior security researcher with Websense Labs, Elad Sharf, admits that while rogue AV is old hat these days it's obviously still a money-making exercise and one that turns enough profit for the bad guys for them to keep plodding away at it. "With such a high number of compromised web pages and websites in this on-going …

Member Avatar
Member Avatar
+0 forum 4

The Ainslot.L Trojan appears to be much the same as any other at first glance; logging user activity and sending Gmail and Facebook passwords to the bad guys, downloading further malware, taking over your computer and the main payload of being a Banking Trojan stealing account login data. But Ainslot.L has one rather more unusual trick up its sleeve in that it will also scan your system for evidence of other bot-related infections such as Zeus or DarkComet and remove any that it finds. Of course, Ainslot.L isn't doing this in order to cleanse your computer but rather to ensure …

Member Avatar
Member Avatar
+4 forum 2

Hello. I'm looking for help with what appears to be a stubborn trojan problem. I've read the sticky on how to post requests for help so hopefully I've got this right. It's regarding a PC running XP Pro. Yesterday morning I began experiencing problems such as right-click disabled, incomplete Start menu, inconsistent navigating with file Explorer. I suspected a virus and so restarted in Safe Mode and then found the Daniweb virus forum. I followed all the steps outlined in the sticky and MBAM found two trojans. I deleted those with MBAM and then restarted my computer. I was able …

Member Avatar
Member Avatar
+0 forum 19

Hi all, I'm using my neighbors computers in hopes someone can help me fix my own ... not sure why or how it's happened, but my computer has been completely taken over I think. I've never seen one so aggressive. I'm unable to connect to the internet, and several programs won't run anymore, though I'm going to try installing them again - but renaming them first. I know nothing about hijackthis, but ran it and saved a log for posting, I do hope someone can help guide me in the right direction with fixing this! Logfile of Trend Micro HijackThis …

Member Avatar
Member Avatar
+0 forum 24

hi i have the latest internet explorer and sometimes even when im not using the internet at all random adds come up but there is no window i have found out it is the internet explorer but i dont know how to stop it perminantly when i close the process it just starts up again

Member Avatar
Member Avatar
+0 forum 5

So I wrote a little remote control client/server based app to turn off my roomates torrent client at night (to avoid having to go into his room). I could have done this with remote software such as teamviewer or VNC but I don't need all the functionality that they provide plus I figuired it was a good learning exercise. It's not a trojan per se, since he knows it is running so don't flame me! haha. It works great on windows XP and vista but doesn't work at all on Windows 7 for some reason. It works like this: -the …

Member Avatar
Member Avatar
+0 forum 7

I've seen earlier posts for this problem, but the solutions don't apply to me, and the earlier posts are a couple of years old. I was hit on 6/5/11 with malware from a legitimate website that I had accessed just the day before with no problems. Malwarebytes (MBAM) identified the culprits as Trojan.Agent.GD and Trojan.FakeMS. These trojans installed a start-up program called NfeiQASGux and ran from a program called 26992420.exe on my PC. I thought MBAM had scrubbed the trojans, but I found later that I could hear a .wav sound in the background that occurred randomly whether or not …

Member Avatar
Member Avatar
+0 forum 9

I'm attempting to fix a friend's laptop, and I definitely need some help on this one. Ran several AV progs which detected a couple of trojans. I'm kicking myself for not recording names. AV progs removed them, but laptop is still having issues. Nearly all the services are disabled and do not offer the option of restarting or changing them. These are services that I KNOW should be running under normal circumstances. Additionally, it does not appear the sound, wireless modem, ethernet controller, or other devices are working, even though the device manager indicates otherwise. I have no internet connectivity …

Member Avatar
Member Avatar
+0 forum 1

Hi, I need some help with this because it's driving my friends crazy. My Yahoo email account was hacked by this spammer and I can't get rid of the virus by using Kaspersky anti-virus, running the full scan. The trojan keeps using my email address to spam my friends with viagra ads. Can you help me? Thank you so much! Clotilde This is my HijackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:41:50 PM, on 2/17/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program …

Member Avatar
Member Avatar
+0 forum 4

Hello need help and I saw this forum and was hoping someone could. I keep getting reidirected to different websites so I google that and found a thread on this site that helped but I am a novice and don't know exactly how to fix my problem. Another problem I have is sometimes get a window saying Server Busy then there is an option to switch to or retry. when I click switch to the start menu opens then when I close the start menu the server busy message sometimes goes away and sometimes it stays.What gives? The thread I …

Member Avatar
Member Avatar
+0 forum 23

Just moved and the cable/internet guy told me I have a nasty trojan called "deploy.akamaitechnologies"..... said he'd seen them before and they were very hard to get rid of, I've looked online and found many posts from people with this problem yet no concrete solutions, I need help taking if off my computer, please!

Member Avatar
Member Avatar
+0 forum 3

My laptop has been running extremely slow. It takes a long time to open and close programs, and to perform routine tasks including internet browsing. It's almost unbearable to use. Your analysis and recommendations will be greatly appreciated!!! The laptop is a Dell Inspiron E1705 running Windows XP Media Center Edition 2002, Service Pack 3. I've run through all the initial cleaning process steps as instructed: 1) Malicious Software Removal Tool: "No malicious software was detected" 2) ATF Cleaner: - selected all files to delete - ATF CLEANER has freed 208.055 MBs 3) GMER Rootkit Scanner: - quick scan saved …

Member Avatar
Member Avatar
+0 forum 7

Hello Yesterday I downloaded this: [B][COLOR="Red"]Infected Executable File Removed[/COLOR].[/B] My Panda antivirus didn't see anything wrong with it, but it is some sort of spyware or trojan. Since I ran it last night, my IE opens up sometimes with an IQ test page '=) Today I ran a quick scan with Windows Defender and it found a Win32/Renos.MQ (more info here -> [url]http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=TrojanDownloader:Win32/Renos.MQ&threatid=152583[/url]) It gave me the option to remove it, so I did. It took several minutes... And, how lovely, while it was doing it, my antivirus said "Virus neutralized!" and when I checked it, [B][COLOR="Red"]xxxxxxxx[/COLOR][/B] which was INSIDE …

Member Avatar
Member Avatar
+0 forum 12

I have a few things I want to make that I havent yet so this will be a later project but I was just wondering, How would a anti virus program work in C#? I've seen ones on youtube that iterate through your HD and looks for keywords like "Virus","Trojan" and thats basically useless.. So how should a antivirus program detect if its a malicious file? Thanks!

Member Avatar
Member Avatar
+0 forum 3

Rundll popup on start up: Problem starting winrkr32.rom. Could not find the module Hi, Since the past couple weeks I get this pop up every time start my laptop. Its a HP Pav dv6t Windows 7. The pop up's title is Rundll. The message box contain message saying that "Problam starting winrkr32.rom Problem laoding the module" ( or module could not be found).. It stays till i do not press OK. I googled and there were almost no results for this. Superspyware.com had listed winrkr32 as a dangerous trogen - so i downloaded and installed that too ! but the …

Member Avatar
Member Avatar
+0 forum 1

There's no news yet on McAfee's [URL="http://www.mcafee.com"]website[/URL] about what happened today when their famed antivirus program went bonkers and froze computers by misidentifying a common Windows file as a virus. If it's an actual virus hack, it's a pretty darn clever one--to make the antivirus program think a system file is a virus so that the computer halts. This might be the first time I'd ever actually applaud a virus creator. I usually prescribe some sort of cruel and unusual punishment for such mongrels who write viruses and then unleash them upon the world's innocent but this time is different. …

Member Avatar
Member Avatar
+0 forum 2

The End.