Jump to content

Menu
Giving You and Your Child a Road Map to the Best Possible Education
The Well-Trained Mind Community

HELP! Trojan got to my computer and now I can't open AVG, Spybot, Malware...

Dianne-TX
 Share

Recommended Posts

Dianne-TX

Dianne-TX

Posted
Posted

I was reading an article online when AVG popped up and found a trojan. AVG did it's thing to say it was removed and I did everything to remove it, but then when I restarted my computer, I cannot open any of my files. It brings up the box asking what I want to open the file with which is not normal. Not good. I wanted to run AVG again, Spybot, and Malware just to be safe, but nothing will open. I can still access the internet, thankfully. What does this sound like and what can I do? I tried safe mode, but I still couldn't open files in that mode either. If I remember correctly, the trojan name I believe is net.exe or nee.exe or something like that. I remember seeing that. Help!

Link to comment
Share on other sites
ChrissySC

ChrissySC

Posted
Posted

AVG again, Spybot, and Malware are freebie tools. They are only providing you protection at the cost of free. Free is as good as anything else free would be. Keep that in mind. I just blogged not too long ago about this. :)

 

Try this:

 

Malwarebytes can be downloaded to your desktop. Yes a new installation. Right click the malwarebytes executable file that you downloaded. Rename it viruskill

 

Now double click to open and install. If this fails, let me know.

Link to comment
Share on other sites
WishboneDawn

WishboneDawn

Posted
Posted

Try some of online scans. These are all reputable sites.

 

Bitdefender

 

TrendMicro's Housecall

 

Kapersky

 

When and if they come up with something make you you write down the name of the virus. Net.exe itself is a valid Windows process but there may be something using it and we'll need the rest of the name to track it down.

Link to comment
Share on other sites
WishboneDawn

WishboneDawn

Posted
Posted
AVG again, Spybot, and Malware are freebie tools. They are only providing you protection at the cost of free. Free is as good as anything else free would be. Keep that in mind. I just blogged not too long ago about this. :)

 

 

You wound me! In the world of software this isn't a fair generalization. There are some fantastic free resources out there and some horrid (*cough*Norton*cough) for-sale apps.

Link to comment
Share on other sites
Dianne-TX

Dianne-TX

Posted
  • Author
Posted
AVG again, Spybot, and Malware are freebie tools. They are only providing you protection at the cost of free. Free is as good as anything else free would be. Keep that in mind. I just blogged not too long ago about this. :)

 

Try this:

 

Malwarebytes can be downloaded to your desktop. Yes a new installation. Right click the malwarebytes executable file that you downloaded. Rename it viruskill

 

Now double click to open and install. If this fails, let me know.

 

Trying it now. Thanks. I'll let you know.

Link to comment
Share on other sites
ChrissySC

ChrissySC

Posted
Posted
You wound me! In the world of software this isn't a fair generalization. There are some fantastic free resources out there and some horrid (*cough*Norton*cough) for-sale apps.

 

 

I do like Malwarebytes, but it is not to be left on the computer. Backdoor and assistant to infection. :001_smile:

 

As for free, if you like being someone's school project or beta-testing ground, why not.

 

If I offer to fix your car for free, what do you think you will get? :lol: Well, if it is beyond a belt or oil change, I hope you don't ask me! LOL But, KWIM?

Link to comment
Share on other sites
ChrissySC

ChrissySC

Posted
Posted (edited)

Did you try the Trend online scanner? Sometimes when you can't install a program it will let you use the online version.

 

You may need to go through the tast manager and let me know what is there so that we can stop it from running. :) I know that sounds like fun, huh. I'll pm you my mail.

 

If you successfully downloaded, try safe mode to install and execute. You should bypass the infected part. Press f8 to request boot to safe mode.

Edited by ChrissySC
Link to comment
Share on other sites
Dianne-TX

Dianne-TX

Posted
  • Author
Posted
Did you try the Trend online scanner? Sometimes when you can't install a program it will let you use the online version.

 

You may need to go through the tast manager and let me know what is there so that we can stop it from running. :) I know that sounds like fun, huh. I'll pm you my mail.

 

If you successfully downloaded, try safe mode to install and execute. You should bypass the infected part. Press f8 to request boot to safe mode.

 

I'll try Trend now. Where do I find the task manager? BTW, my AVG is not the free version, I paid for it! Ugh! So much for that huh? Or can some trojans get by anyway?

Link to comment
Share on other sites
WishboneDawn

WishboneDawn

Posted
Posted
I do like Malwarebytes, but it is not to be left on the computer. Backdoor and assistant to infection. :001_smile:

 

As for free, if you like being someone's school project or beta-testing ground, why not.

 

If I offer to fix your car for free, what do you think you will get? :lol: Well, if it is beyond a belt or oil change, I hope you don't ask me! LOL But, KWIM?

 

I'm the wrong person to ask. Most of the software I run is open source and/or free. I've been very happy.:001_smile:

 

Could she use a boot CD? Ive used Bart's PE before and even bootable Linux CDs like Knoppix. It's a bit more cumbersome...

Link to comment
Share on other sites
ChrissySC

ChrissySC

Posted
Posted

I can think of all sorts of ways that I would take it off, lol, but hard for a novice.

 

I am trying the most simplest of items.

 

As for open source, yes, I use it too. :) I am careful. I would not trust my security to freeware, much more different than open source.

Link to comment
Share on other sites
WishboneDawn

WishboneDawn

Posted
Posted
I'll try Trend now. Where do I find the task manager? BTW, my AVG is not the free version, I paid for it! Ugh! So much for that huh? Or can some trojans get by anyway?

 

Hit Ctrl-alt-del at the same time to access the task manager.

 

Some viruses will get past any anti-virus. They're only as good as they're last update. You can download a couple like AVG and Avast and use both and that will help to reduce risk.

 

Also, make sure you have a firewall. Windows has one and it's decent but I prefer Comodo (free) myself. The Windows wall only blocks things from coming in but if you are already infected or still manage to get an infection the Windows wall won't block things going out, and that could be things like info from keyloggers.

Link to comment
Share on other sites
JudyJudyJudy

JudyJudyJudy

Posted
Posted
I just want to say that I really don't like this method if that's ALL someone is going to do. System restore often doesn't really get rid of the virus.

In my experience, it's a great start. I work an online job in which I review web pages, so I am likely to get viruses (I only use the old computer to do this job because I don't want to take the chance of messing up our better computer). This procedure has saved me several times. If the virus has taken over her computer, it may be the only option. Then once she takes control of her computer again, she can again access the programs to scan and remove viruses.

Link to comment
Share on other sites
WishboneDawn

WishboneDawn

Posted
Posted
In my experience, it's a great start. I work an online job in which I review web pages, so I am likely to get viruses (I only use the old computer to do this job because I don't want to take the chance of messing up our better computer). This procedure has saved me several times. If the virus has taken over her computer, it may be the only option. Then once she takes control of her computer again, she can again access the programs to scan and remove viruses.

 

You're right of course. :) I was thinking about that after.

Link to comment
Share on other sites
ChrissySC

ChrissySC

Posted
Posted
I'll try Trend now. Where do I find the task manager? BTW, my AVG is not the free version, I paid for it! Ugh! So much for that huh? Or can some trojans get by anyway?

 

 

Some get in anyway for numerous reasons.

 

It's OK, try the scan and yell back. :)

 

Did you try safe mode booting and running malwarebytes too?

 

Task manager is easily accessed by start - run - type "taskmgr" without the quotes and press the enter or click OK

 

Go to processes, show all processes from all users button, click the users title space to line them up, and run through your account processes making a list. :)

Link to comment
Share on other sites
ChrissySC

ChrissySC

Posted
Posted
You're right of course. :) I was thinking about that after.

 

And after that I was thinking, it could have already disabled and corrupted system restore.:glare:

 

I quote myself at Get That Working ...

 

A trojan, also known as a trojan horse, is very similar in function as the Trojan Horse from history. The computer trojan will appear as something harmless – a program, a file, a picture, et cetera. The purpose of the trojan is not to replicate. You will more than likely not cause harm to others when infected. However, you will consequently allow others to cause harm to you. A trojan is a wonderful way for a hacker to gain access to your computer remotely. As well, the trojan could download and upload files from and to your computer, delete files, log keystrokes, or watch your screen, and even crash your computer.

Link to comment
Share on other sites
ChrissySC

ChrissySC

Posted
Posted (edited)

We might get lucky and find it in the temp folders ....

 

Let's do this (getting list together to tell you were to go and what to dump) ... I'll edit in a minute . :)

 

 

We will start with disconnecting the internet. Reboot the computer. Press f8. Select start from safe mode. Try Malwarebytes in safe mode if you have not already. Double click the desktop icon.

If it fails or provides you with a notice, open your web browser, press alt + t and select internet options from the drop down list. On the General tab, click the settings button under the Browsing history divider. In the settings window, click the button view files. Delete everything in this folder and close the window. Click the button view objects. Delete everything in this folder and close the window. Close the Temporary Internet Files and History Settings window.

Go to start, computer (my computer), (C:), users (my documents and settings), find the name of your local user account and click it. Do you see a folder titled AppData?

No? Go to control panel, folder options, view tab, choose to show hidden files, folders, and drives.

Refresh the window that contains your user folders. Do you see AppData now? Click and open. Click local and open. CLick Temp and delete all files.

 

Last, go to start, programs, accessories, system tools, disk cleanup and run it. :) Might as well get the other onsense off of there too.

Edited by ChrissySC
Link to comment
Share on other sites
Dianne-TX

Dianne-TX

Posted
  • Author
Posted
Some get in anyway for numerous reasons.

 

It's OK, try the scan and yell back. :)

 

Did you try safe mode booting and running malwarebytes too?

 

Task manager is easily accessed by start - run - type "taskmgr" without the quotes and press the enter or click OK

 

Go to processes, show all processes from all users button, click the users title space to line them up, and run through your account processes making a list. :)

 

I tried safe mode earlier, but I still couldn't run anything. Every exe file I tried to open was met with the "Open With" box which means I cannot open it. Usually, all files just open up without that box appearing. I've heard before that you can search for the trojan or virus in your list of files and delete, is that true?

Link to comment
Share on other sites
ChrissySC

ChrissySC

Posted
Posted

Go back and read my notes, lol ... sorry for the chatter with other posters in there. :)

 

Show all processes from all users, click the button .... make a list for system and for your account.

 

And ... you wil lneed to hand clean the folders above in my edited post. :)

Link to comment
Share on other sites
Dianne-TX

Dianne-TX

Posted
  • Author
Posted
Go back and read my notes, lol ... sorry for the chatter with other posters in there. :)

 

Show all processes from all users, click the button .... make a list for system and for your account.

 

And ... you wil lneed to hand clean the folders above in my edited post. :)

 

I have the list for Owner and for System. Now what? BTW, thank you SO much!

Link to comment
Share on other sites
Dianne-TX

Dianne-TX

Posted
  • Author
Posted
We might get lucky and find it in the temp folders ....

 

Let's do this (getting list together to tell you were to go and what to dump) ... I'll edit in a minute . :)

 

 

We will start with disconnecting the internet. Reboot the computer. Press f8. Select start from safe mode. Try Malwarebytes in safe mode if you have not already. Double click the desktop icon.

If it fails or provides you with a notice, open your web browser, press alt + t and select internet options from the drop down list. On the General tab, click the settings button under the Browsing history divider. In the settings window, click the button view files. Delete everything in this folder and close the window. Click the button view objects. Delete everything in this folder and close the window. Close the Temporary Internet Files and History Settings window.

Go to start, computer (my computer), (C:), users (my documents and settings), find the name of your local user account and click it. Do you see a folder titled AppData?

No? Go to control panel, folder options, view tab, choose to show hidden files, folders, and drives.

Refresh the window that contains your user folders. Do you see AppData now? Click and open. Click local and open. CLick Temp and delete all files.

 

Last, go to start, programs, accessories, system tools, disk cleanup and run it. :) Might as well get the other onsense off of there too.

 

Just saw this. I'll read it now.

Link to comment
Share on other sites
Dianne-TX

Dianne-TX

Posted
  • Author
Posted
I am fixing a few machines remotely too ... so I am not lost ;) but I am trying to multitask this afternoon, LOL

 

Okay, did the safe mode things you mentioned and I was not able to delete the "objects". There were things listed and I selected all and clicked delete several times as I sat here and waited for them to delete, but nothing ever happened. Also, I wasn't able to run disk cleanup at the end because it's an exe file and that "open with" box came up. Otherwise, everything else was done. Also, maybe a bit of info. to share, when I open my browser to access the internet, that "open with" box comes up and the file it is trying to open is "ssvagent.exe". I click cancel and then my browser opens. When I click cancel with other programs I try to open (malware, avg, etc.), it doesn't open when I click cancel in that "open with" box. I don't know if that helps you any.

Link to comment
Share on other sites
Dianne-TX

Dianne-TX

Posted
  • Author
Posted

Also, my desktop has had things removed from it as well as the links that are usually in the taskbar at the bottom of the desktop screen. (skype icon and many others that are usually there) I noticed that when I restarted to begin with when the problem occurred.

Link to comment
Share on other sites
2cents

2cents

Posted
Posted

A friend of mine had this a couple of weeks ago. Sounds like you have the 'windows recovery virus'. You can read about it and how to get rid of it at:

http://www.precisesecurity.com/rogue/windows-xp-recovery/

 

Your files are likely NOT LOST. They are just hidden. The virus clicks the 'hidden attribute' in the properties of the folders. My friend just turned hers back on by unclicking the box.

 

The site above was excellent for helping my friend and get rid of the virus. Good luck with your computer. I think people that write these viruses should be jailed for a long long time. So frustrating!!!

Link to comment
Share on other sites
ChrissySC

ChrissySC

Posted
Posted
A friend of mine had this a couple of weeks ago. Sounds like you have the 'windows recovery virus'. You can read about it and how to get rid of it at:

http://www.precisesecurity.com/rogue/windows-xp-recovery/

 

Your files are likely NOT LOST. They are just hidden. The virus clicks the 'hidden attribute' in the properties of the folders. My friend just turned hers back on by unclicking the box.

 

The site above was excellent for helping my friend and get rid of the virus. Good luck with your computer. I think people that write these viruses should be jailed for a long long time. So frustrating!!!

 

 

To check to see if files are hidden ... this was a while back .... go to start, control panel, folder options, view tab, and select to show hidden files and folder. :)

Link to comment
Share on other sites
Dianne-TX

Dianne-TX

Posted
  • Author
Posted

I think I fixed it! I looked up the ssvagent.exe and found a forum where people were having the exact same problem I was having (I think it was something like tom'shardware.com). I saw one answer that said to click "browse" when the "open with" box came up and try to open the malwarebytes file that way. I did that and it allowed me to open malwarebytes. I ran malwarebytes, it found 2 infections and healed them. The infections were Hijack.exe and Broken.OpenCommand. I restarted and everything is back to normal. I haven't checked to see if I lost anything yet. I'll let you know if there's still a problem. Thank you SO much for your help!

Link to comment
Share on other sites
mommybee

mommybee

Posted
Posted
AVG again, Spybot, and Malware are freebie tools. They are only providing you protection at the cost of free. Free is as good as anything else free would be. Keep that in mind. I just blogged not too long ago about this.

 

Not sure if this was mentioned yet, but AVG does have a paid program. I don't use the free I use their paid version so I expect it will do as it says it will.

Link to comment
Share on other sites
Dianne-TX

Dianne-TX

Posted
  • Author
Posted
Not sure if this was mentioned yet, but AVG does have a paid program. I don't use the free I use their paid version so I expect it will do as it says it will.

 

I have the paid version, too. :glare: Malwarebytes is good to have and run periodically. I do that and Spybot, too. The trojan today shut down all that, so I had to figure out how to run them and when I did, it fixed it. AVG picked it up, but it still got in there.

Link to comment
Share on other sites
ChrissySC

ChrissySC

Posted
Posted
I think I fixed it! I looked up the ssvagent.exe and found a forum where people were having the exact same problem I was having (I think it was something like tom'shardware.com). I saw one answer that said to click "browse" when the "open with" box came up and try to open the malwarebytes file that way. I did that and it allowed me to open malwarebytes. I ran malwarebytes, it found 2 infections and healed them. The infections were Hijack.exe and Broken.OpenCommand. I restarted and everything is back to normal. I haven't checked to see if I lost anything yet. I'll let you know if there's still a problem. Thank you SO much for your help!

 

Awesome ... when all else fails go through the tasks. :)

 

You should feel really good. Now, don't forget to go and run the online trend scanner and then run malwarebytes one more time.

 

Edit: Just thought that I should let you know that Spybot often causes conflict with programs like AVG and Avast. :) I just fixed a Spybot/Avast fight today, LOL

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...