Trojans.... I've had a few

But then again, too few to complain.

So I was looking for some trial software yesterday, and I downloaded the wrong file and blammo! Trojan Attack! Anti-virus software didn't see it until after I did.

But of course, with every trial of patience comes a lesson or two.
- update AV Defs more often!
- screw trial software on those shady websites!
- Reboot into Safe Mode with Command Prompt, then delete the files that are locked down by the system.


Also of note, I found a couple of good-to-have around programs.

Autoruns v9.54
Autoruns is a tool that checks all of your registry entries and pulls up a list of everything that auto-runs at boot-up. So you'll find listings for your audio drivers and such, but more importantly you find malicious files that start & hide at boot-up. The web link above has a better description and a screenie, but trust me it's a worthwhile application.


Elite Toolbar Remover - ETRemover v2.1.2
This is a program designed to go in and kill those extra IE Toolbar apps like Weather-bug and such, but it cleans a bit more and can actually delete files that you can't sometimes. Helps to run it in Safe Mode, but everything I needed it to do was accessible to me in normal mode. I believe the company that makes this program is Italian. From a short look around on their website, looks like they offer other freeware that can help clean your system up, but they aren't a major player in the security field yet.

Really, I should have more to say about this issue, it has eaten up about 7 hours of time in the last two days. But most of the troubleshooting can't be described. Really though, those two programs listed above did me a world of good, better than my AV program (Comodo) or Ad-Aware (Lavasoft).


Ok, one last thing... The Trojan, when activated, was so blatant and obvious that I have to wonder what the code writer was thinking. Isn't the idea to be subversive? This trojan would open up 5 extra random windows every time I opened my browser and go to advertisers. Not sure what they were advertising, I just closed the screens as soon as possible. But come on guys, have a little subtlety.


----- UPDATE-----
Oct 2, 2009 - 7:40 am

Again I have reached a point where I feel like I just might possibly be CLEAN. I think I've gotten everything quarantined, removed, deleted and sanitized.

The latest program that I can recommend is Malwarebytes' Anti-Malware after everything else I have tried, I ran this program and it found and removed things that all the other programs had just given a miss or had been unable to touch.

Particularly there was a trojan in the system-restore folder and since that is a "heavily protected" folder, I couldn't manually go in and look at it, and other programs couldn't touch it.

MalwareBytes' was able to get past that and actually allow me into that folder where I was then able to manually delete every offensive file I found. Well, I did go a bit crazy and think everything was offensive, but screw it, it's been 3 days now of this trojan crap and I wanted to be SURE.
Also MalwareBytes found the reason it was seemingly attached to browser function. In Prog Files\Mozilla\ there were files to be deleted that other programs had completely missed.

So, after a long and tiresome battle, I think that maybe, just MAYBE I might be free of trojans for now.

If they "reappear" or something, I'll update this blog with new info, but for now the final word was the MalwareBytes program.