I failed to beware Greeks.

John Matrix

I've run a tight ship on my PC for the past 7 years, but alas I have finally succumbed to a Trojan. I've ran fully updated spybot (including immunization) and adware but it keeps coming back.

I've run hijack this and have a logfile, but as far as I can tell none of the registries appear malicious.

My symantec anti-virus delights in running itself and now finds approx. 10 trojan type things.

My spybot monitoring software will also pop with warnings about denying or allowing registry changes.


Anyone have some expertise in this stuff or can suggest a (free) anti-virus solution? I'm prepared to re-format, I only use my system for internet browsing now, but I've never done it before and at first glance it scares me.



Help me, PA Kenobi, you're my only hope.

LoveIsUnity

When you ran Spybot and Ad-Aware did you make sure to run them in Safe Mode? If not, give that a shot as a lot of problems are easily fixed in Safe Mode. If you need help booting in to Safe Mode, I can help you out.

John Matrix

Ahh no I didn't! Would that explain why it sometimes denies access to the bad files?

How do I safemode?

wasted pixels

It can very slightly depending on the age of your motherboard, but you can typically just tap F8 as your computer is booting up. Every board is a little different about when it wants you to hit F8, so the easiest option is to just keep tappin' away at it every other second it from the moment it boots. You'll get a "Windows Advanced Options" menu with the option to boot in Safe Mode, Safe Mode w/ Networking (etc.), and you'll want plain ol' Safe Mode.

If that fails, let us know, and we'll provide you with more hacker-y instructions to getting into safe mode.

Powerpuppies

Advice sent to me in a similar situation (though more grievous) by the great DrFryLock:

1. Download and install HijackThis
2. Run it and generate a log
3. Post that log on a place like MajorGeeks malware removal forum or BleepingComputer malware removal forum. Somebody there will tell you a sequence of steps, and if you keep responding in a timely manner, you'll eventually get it scraped off.

The procedure that you'll probably do is this:

1. Run HijackThis and generate a log.
2. Download and run a tool called ComboFix that will scrape off most of the infection. This will also generate a log.
3. Use that log to create a special text file called CFScript.txt that tells ComboFix what else to scrape off that it missed the first time.
4. Run ComboFix with CFScript.txt and scrape off the rest.
5. Run HijackThis again and generate a log to make sure it's clean.
6. Run TrendMicro antivirus and Malwarebytes Anti-Malware just to make sure you got it all.

ComboFix is very powerful but also very aggressive and can nuke your computer, but it has saved my ass more than once. Some of the above steps are manual - particularly reading the ComboFix log and then figuring out what to put in CFScript.txt. Basically you need someone that can look at the log and say "that's normal...that's not." and put all the "not normal" stuff in the CFScript for removal. This is why you want to do it with the help of a MajorGeeks or BleepingComputer helper.

Aurin

Shut off system restore as well. Viruses and spyware will hide themselves in there, and repopulate from there every time you reboot your computer.