Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Cant get rid of trojan! (computer woes pt1)

Options
  • 04-03-2006 7:05pm
    #1
    Scruff
    Registered Users Posts: 4,222 ✭✭✭


    have a fecking trojan on my pc that keeps poping up a prompt from the system tray to download fake anti virus software among other things
    The trojan is called [FONT=Arial, Helvetica, sans-serif]PWS-Puper.dr[/FONT] and its not being picked up by AVG or spybpot S&D. Its rnning off a program called c:\windows\system32\dfrgsrv.exe but i cant delete, even after killing the explorer process and trying the dos delete.
    Its driving me mad!!!


Comments

  • Options
    #2
    greglo23
    Registered Users Posts: 1,028 ✭✭✭greglo23


    try this program http://www.emsisoft.com/en/software/free/


  • Options
    #3
    Scruff
    Registered Users Posts: 4,222 ✭✭✭Scruff


    u need to set up an account to run that.


  • Options
    #4
    **Timbuk2**
    Moderators, Education Moderators, Motoring & Transport Moderators Posts: 7,395 Mod ✭✭✭✭**Timbuk2**


    No you don't :)

    Download it from here

    EDIT: I think I misunderstood :o I thought you meant you needed an account to download it, not run it. Well my new advice is to just make an account, its better than having trojans on your computer :) You could always just give a junk e-mail


  • Options
    #5
    aidan_walsh
    Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    You do during the installation of the program. Its for the auto updating.


  • Options
    #6
    Scruff
    Registered Users Posts: 4,222 ✭✭✭Scruff


    tis scanning now. fecking trojan has already installed "SpyFalcon 2.0" and god know what else. oh look! anti spyware software installed by a trojan, that must be 100% safe. hardly. spybot already deleted it the 1sf time it was installed.


  • Advertisement
  • Options
    #7
    Scruff
    Registered Users Posts: 4,222 ✭✭✭Scruff


    ok that didnt work. looks like computer is infected with new variant of Smitfraud
    http://wiki.castlecops.com/Malware_Removal:_SpyAxe_Removal

    not only doesn it down load ****e it keeps poping up this ****e (see attaced)

    fighting a losing battle here :(


  • Options
    #8
    kaizersoze
    Registered Users Posts: 7,042 ✭✭✭kaizersoze


    I got rid of something very similiar from a machine the other night. If that software doesn't work download and try Ewido (14 trial version):
    http://download.ewido.net/ewido-setup.exe
    Install and update it then run a scan in safe mode.
    It also found a lot if crap that the other programmes missed. The scan takes about 1 hour depending on the size of your HD.
    Edit: Just saw your above post. That's the exact thing I was getting and Ewido deffinately got rid of it.


  • Options
    #9
    **Timbuk2**
    Moderators, Education Moderators, Motoring & Transport Moderators Posts: 7,395 Mod ✭✭✭✭**Timbuk2**


    I once had a virus/trojan like yours before. The anti-virus software were not picking it up, so I did a system restore, and wolla, the virus was dead

    I recomend that you do a system restore. This will only work if you know when the virus started. Then pick a date closest to now before the virus started

    This won't cure it.... gurantee. It will more than likely stop them pop-ups coming up, but you will have junk and possibly fake anti-virus software still on your computer.


  • Options
    #10
    Shane O' Malley
    Registered Users Posts: 1,373 ✭✭✭Shane O' Malley


    Seen that one before. Uses rootkit to hide the reinstall routine.

    Download http://www.f-secure.com/blacklight/ and run it in normal mode.

    Then you should be able to uninstall the spyware in safe mode.

    To be fair i never got IE to work properly again on my test system but firefox was fine.

    Good Luck


  • Options
    #11
    Offalycool
    Closed Accounts Posts: 459 ✭✭Offalycool


    Hi, I Feel ur pain.


    Give this a shot.... Go to http://yu.trendmicro-europe.com/consumer/products/cws_shredder.php and download cool web shredder. This should clean up any IE hijackers. Then using IE, go to http://housecall60.trendmicro.com/en/start_corp.asp This is an online virus KILL'er. U should also try http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displaylang=en
    This MS remover may help. http://www.lavasoftusa.com/software/adaware/ is an excellent spyware remover, and it's free. Good Luck.

    EDIT: Back to the Future! only noticed im late, Sure U won the Battle?, forget the war.


  • Advertisement
  • Options
    #12
    Scruff
    Registered Users Posts: 4,222 ✭✭✭Scruff


    Finally killed the ba$tard.
    If ye ever get it the SpyAxe\SpywareStrike\SpyFalcon\etc versions of SmitFraud trojans follow the instructions here:

    http://malwareremoval.com/plog/index.php?op=ViewArticle&articleId=85&blogId=3

    Completely removed it.*

    /edit
    *it completely stopped the vrus activating but did leave 1 file that needs to be removed manully
    C:\windows\system32\dfrgsrv.exe


  • Options
    #13
    **Timbuk2**
    Moderators, Education Moderators, Motoring & Transport Moderators Posts: 7,395 Mod ✭✭✭✭**Timbuk2**


    OMG SpyAxe ewwwwwwwww

    I had dealings with that virus before :)

    Trust me, I didn't know about that linky thing and I found it awful hard to get the virus off
    It wouldn't let me into the registry :(


  • Options
    #14
    Scruff
    Registered Users Posts: 4,222 ✭✭✭Scruff


    Rather belatedly i have noticed that i seem to have posted this in the wrong forum.
    Apologies.
    Mods please move this to somewhere more [FONT=&quot]appropriate. [/FONT]


Advertisement