Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

my PC is INFECTED with a trojan horse...

W

whyrichard

macrumors 68000
Original poster
Aug 15, 2002
1,708
6
I think i just got my first trogan horse...

running avast and adaware. avast cought it, adaware is picking up critical objects, both scans pending...

...my background is red, i keep getting balloons telling me that i should buy this anti spyware software... etc...


... how do i save my pc? i have been so careful, but it's been compromised!@



thanks,
r.
 
kwood

kwood

macrumors 6502a
Jun 26, 2006
833
0
In the Great White North.
Easiest thing to do is back-up then wipe the drive. Or if you are ambitious some virus scans will tell you where the virus is located. You can then hunt it down and try to delete it. It will take a bunch of restarts to finally get it but it can be done. Personally, when it does happen to me (and it hasn't in at least 2 years) it is quicker to erase the drive then restore from a back-up.

Options:
Spend over an hour hunting down the virus and removing it.

or

Spend 30 minutes formatting the drive (quick) and go with a fresh install of Windows.

I go for the latter, less stress and more time to deal with important things.
 
SMM

SMM

macrumors 65816
Sep 22, 2006
1,334
0
Tiger Mountain - WA State
whyrichard said:
I think i just got my first trogan horse...

running avast and adaware. avast cought it, adaware is picking up critical objects, both scans pending...

...my background is red, i keep getting balloons telling me that i should buy this anti spyware software... etc...


... how do i save my pc? i have been so careful, but it's been compromised!@



thanks,
r.
Click to expand...

Most of this stuff can be corrected by the programs. If not, you will have to identify WHAT you have, then research how to esponge it. You may be screwed.
 
kwood

kwood

macrumors 6502a
Jun 26, 2006
833
0
In the Great White North.
SMM said:
Most of this stuff can be corrected by the programs. If not, you will have to identify WHAT you have, then research how to esponge it. You may be screwed.
Click to expand...

This is why I always keep a constant back-up ready for a restore at a moments notice. Who actually wants to research on how to get rid of the problem when it can be corrected within an hour. I had to learn the hard way many a time.:cool:
 
e²Studios

e²Studios

macrumors 68020
Apr 12, 2005
2,104
5
Before you blow away the drive see if you can go back to a restore point. Chances are if you installed something or didn't mess with the backup utility in XP and Vista it makes regular restore points that you can go back to. This would allow you to go back to a previous date when the virus wasn't there rather than wiping the HD.

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx

http://www.microsoft.com/windows/products/windowsvista/features/details/backup.mspx

Ed
 
PCMacUser

PCMacUser

macrumors 68000
Jan 13, 2005
1,706
25
Dude, dude dude *shakes head*... What did you run to get that? Don't tell me you clicked on one of those popups that says 'install this anti spyware software'...
 
W

whyrichard

macrumors 68000
Original poster
Aug 15, 2002
1,708
6
PCMacUser said:
Dude, dude dude *shakes head*... What did you run to get that? Don't tell me you clicked on one of those popups that says 'install this anti spyware software'...
Click to expand...

nononono! it was a strange program installation... not some popup... something from china...


anyways...


...when using avast's bootup scan, it finds a few files, gives me the option to delete them "press 2", but i can't with my keyboard. do i need a ps2 keyboard to select 2 in the bootup scan?


r.
 
pjarvi

pjarvi

macrumors 65816
Jan 11, 2006
1,289
190
Clovis, CA
Download Hijackthis, boot Windows into Safe Mode (press F8 before Windows starts to boot), run Hijackthis and select the 2nd option to do a scan and save a logfile. Post or attach the logfile to this thread, and I'll type up some instructions on what to do if you want to manually remove it.

It takes me less than an hour to remove viruses from PC's at work, much better than spending 4+ hours reinstalling Window+Drivers+Updates+Software.
 
C

contoursvt

macrumors 6502a
Jul 22, 2005
832
0
pjarvi said:
Download Hijackthis, boot Windows into Safe Mode (press F8 before Windows starts to boot), run Hijackthis and select the 2nd option to do a scan and save a logfile. Post or attach the logfile to this thread, and I'll type up some instructions on what to do if you want to manually remove it.

It takes me less than an hour to remove viruses from PC's at work, much better than spending 4+ hours reinstalling Window+Drivers+Updates+Software.
Click to expand...

Agreed on the Hijackthis. Takes care of most things. I also find the AVG anti-malware to be a pretty good software.
 
K

kazkom

macrumors newbie
Jan 7, 2008
18
0
scotland
are we effected by trogans?

i am a macuser, am i effected by it? my friend says i have one and it is sending itself to other people via msn. i dont think it effects me. but it may be a long term problem...
 
T

The Flashing Fi

macrumors 6502a
Sep 23, 2007
763
0
kazkom said:
i am a macuser, am i effected by it? my friend says i have one and it is sending itself to other people via msn. i dont think it effects me. but it may be a long term problem...
Click to expand...

Affected by what? Viruses?

I can't look at your computer and tell you. If your friends say that they're getting messages from you that attempts to put a virus on their computer, then you probably are affected by a virus. Do you have any virus protection? Do you actually USE it (run virus scans)?
 
Dmac77

Dmac77

macrumors 68020
Jan 2, 2008
2,165
3
Michigan
Download clamX and run a scan of your drive. I will tell you if you have any infected files. There aren't any known viruses for Macs, but you can pass viruses along to Windoze users.

Don
 
Macloven

Macloven

macrumors regular
Aug 25, 2008
219
21
there are many app's now that give false virus messages and offer to sell you something to fix them. the viruses are b.s. A buddy had this problem last week...he researched the messages and turns out a fix was on the Microsoft website on how to get rid of the p.o.s. software that was messing with his system.

Mark
 
Z

Zaeyde

macrumors member
Jun 26, 2008
35
0
I think I got hit with the same thing you did. (My fault, I wasn't running antivirus and I was pirating a program. I had bought the program but lost the disc. Oh well.)

That thing installed keyloggers and stuff that crippled my computer so bad I couldn't access anything online, couldn't go to my computer, couldn't even shut down. Completely took over the whole thing.

I must say, it was a nicely done virus.

Anywho.
I just wiped it and started over. But I don't think yours is so extreme.
 
7031

7031

macrumors 6502
Apr 6, 2007
479
0
England
kazkom said:
i am a macuser, am i effected by it? my friend says i have one and it is sending itself to other people via msn. i dont think it effects me. but it may be a long term problem...
Click to expand...
Sounds to me like you've given out your password somewhere and something is hijacking your account. Change your MSN password and see if it stops.
 
chrono1081

chrono1081

macrumors G3
Jan 26, 2008
8,725
5,201
Isla Nublar
Lol for future reference its just called a Trojan. A Trojan Horse is different but has the same concept.

Sounds more like you have a desktop highjacker but you could have both easily. For antivirus I like Kaspersky or NOD32 (no norton please, its freaking terrible but thats another story)

Antispyware like Webroot Spysweeper is pretty good to have as well.
 
xlii

xlii

macrumors 68000
Sep 19, 2006
1,867
121
Millis, Massachusetts
chrono1081 said:
Sounds more like you have a desktop highjacker but you could have both easily. For antivirus I like Kaspersky or NOD32 (no norton please, its freaking terrible but thats another story)
Click to expand...


Just for the record. I like Nortons. I've used it for over 10 years and while I don't get that many viruses... the ones I have gotten have been trapped, contained, cleaned... no problems with my machines in all those years.
I have it on both my PC's and my kids MBPRO at school. While her machine has had a few in college that were for PCs... they have been trapped and stopped so she is not the one who will pass it on to someone else.
 
pwn247

pwn247

macrumors 6502
Aug 30, 2008
301
0
West Virginia, USA
Just to clarify: is this virus in your Windows environment, or your OS X environment? I would expect it to be on the Windows side of your computer, as there aren't any live viruses out for OS X at the moment. ;)
 
toolbox

toolbox

macrumors 68020
Oct 6, 2007
2,304
3
Australia (WA)
Also one more tool to add, download smitfraudfix, update date that once downloaded. Rebooted into safe mode and run the tool then - This tool has to be run in safe mode
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom