Repeated removal of the same trojan

J

John Berting

I recently removed several hundred (maybe thousand)
viruses and trojans from a friend's parasite infested
computer. It was by far the most compromised system I've
ever seen, and was almost non-functional.

After the removal of most of the infestation I left MS
Anti-Spyware installed. (Among other protections.) On
every reboot MS Anti-Spyware corrects the same browser
redirects, and declares the problem fixed. (I have been
unable to locate the program, dll, or script that is
redirecting the machine. I think it was being attacked
via a compromised MSN Messenger exe, which I uninstalled.)

My question is this: Since MS Anti-Spyware declares the
bug "fixed", does that mean that MS is not informed that
there's a recurring problem on this machine? Or if the
program smart enough to relay information back regarding
repeating offenses in addition to failed removals?

Incidentally, I no longer have this machine in captivity,
so I can't easily answer any questions about any problems
it might still have... The machine is about 100 miles from
here and I addressed its spyware problems during a one-day
visit.
--- John Berting
 
A

Alan

John,

If the system is running XP, have your firend go to
c:\windows\prefetch and shred any files there whose
filenames contain the names of the infections. It might
just be easier for your friend to create a new folder in
the prefetch folder, move every file into that folder and
then shred the folder. Some shredding applications will
only allow you to shred files, not folders. If that is
the case, then simply delete the entire folder, the new
one, that now contains the files. Then see if the
shredding application will allow your friend to shred the
contents of the Recycle Bin, and if so, shred the
contents. If your friend doesn't have a file shredding
application, a FREE copy can be obtained from
download.com.

Then have your friend reboot into Safe Mode (no network
support, and NOT the command prompt option), and run a
full system scan with MSAS. This seems to be helpfull in
removing constantly regenerating spyware.

If your friend's system doesn't have a firewall
installed, installing one IS a GOOD idea. This might
prevent some future infestations.

Alan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Removal of trojan W32.Sinnaka.A@mm unsuccessful 13
Can't get rid of Farmmext 2
Curing Major Spyware Infection 8
Solved = Anti-Apyware Beta Freezing in RegScans of WinTools 1
SpywareQuake ... same old crap, new name. 1
Permanent performance problems after removal of Spyware Beta 1
A step Backwards - BETA1 for Defender instead of BETA2 for MSA 10
[ANN] WinPooch 2

Top