Trojan.Desktophijack virus

  • Thread starter Thread starter Ernie
  • Start date Start date
E

Ernie

I just received this message from a friend:


"I have some computer issues that I do not understand. My computer keeps
freezing and then when it restarts it tells me that a malicious script has
been detected. I always check--stop this script. I went to Norton and it
lists Trojan.Desktophijack virus.--and access to file denied. What do I do
now. The computer seems to be working, but I think that I may have a
problem. Do I?"

If we lived closer - she is in N.H., I am in R.I. - I would go there and sit
in front of her machine and then make a decision whether to take her machine
and do a clean install. I don't want to travel up there, if some other
avenue is available to try that I don't know about.

Her hardware is a Three-Years-Old Dell, and has a P-4 1.8, WindowsXP
Professional.

Any suggestions as to how to proceed to correct this situation?

Thank you for your help.

Ernie
 
From: "Ernie" <[email protected]>

| I just received this message from a friend:
|
| "I have some computer issues that I do not understand. My computer keeps
| freezing and then when it restarts it tells me that a malicious script has
| been detected. I always check--stop this script. I went to Norton and it
| lists Trojan.Desktophijack virus.--and access to file denied. What do I do
| now. The computer seems to be working, but I think that I may have a
| problem. Do I?"
|
| If we lived closer - she is in N.H., I am in R.I. - I would go there and sit
| in front of her machine and then make a decision whether to take her machine
| and do a clean install. I don't want to travel up there, if some other
| avenue is available to try that I don't know about.
|
| Her hardware is a Three-Years-Old Dell, and has a P-4 1.8, WindowsXP
| Professional.
|
| Any suggestions as to how to proceed to correct this situation?
|
| Thank you for your help.
|
| Ernie
|

Download SmitFraud.exe from the URL -- http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }

Choose; Unzip

Choose; Close

NOTE: You may have to disable your software FireWall or allow FTP.EXE to go through your
FireWall to enable FTP.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat

{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the end
of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer). It
is suggested that you move the report out of c:\mcafee before performing another scan. It
would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.
 
 
Ernie said:
"I have some computer issues that I do not understand. My computer keeps
freezing and then when it restarts it tells me that a malicious script has
been detected. I always check--stop this script. I went to Norton and it
lists Trojan.Desktophijack virus.--and access to file denied. What do I do
now. The computer seems to be working, but I think that I may have a
problem. Do I?"
Click to expand...

Download two free anti-virus programs and two free anti-spyware programs
and install them and run them in safe mode. Let them find the nasties
and delete them. Then boot normally and run them again but update first.
 
On Fri said:
"I have some computer issues that I do not understand. My computer keeps
freezing and then when it restarts it tells me that a malicious script has
been detected. I always check--stop this script. I went to Norton and it
lists Trojan.Desktophijack virus.--and access to file denied. What do I do
now. The computer seems to be working, but I think that I may have a
problem. Do I?"
Click to expand...
If we lived closer - she is in N.H., I am in R.I. - I would go there and sit
in front of her machine and then make a decision whether to take her machine
and do a clean install.
Click to expand...

You'd be missing out a LOT of steps if that's your first approach.
- verify hardware
- RAM
- timings and cooling
- HD and file system
- exclude malware
- formal av scanning, e.g. from Bart PE
- scanning for commercial malware e.g. Safe Cmd Only
- manual suppression of integration points
- MSConfig
- NirSoft tools, see www.nirsoft.net
- HiJackThis; post log to appropriate forums

See http://cquirke.mvps.org/reinst.htm on why "just re-install" or
even "just destroy the entire installation and rebuild" are bad ideas.
 
From: "cquirke (MVP Windows shell/user)" <[email protected]>


|
| You'd be missing out a LOT of steps if that's your first approach.
| - verify hardware
| - RAM
| - timings and cooling
| - HD and file system
| - exclude malware
| - formal av scanning, e.g. from Bart PE
| - scanning for commercial malware e.g. Safe Cmd Only
| - manual suppression of integration points
| - MSConfig
| - NirSoft tools, see www.nirsoft.net
| - HiJackThis; post log to appropriate forums
|
| See http://cquirke.mvps.org/reinst.htm on why "just re-install" or
| even "just destroy the entire installation and rebuild" are bad ideas.
|
cquirke:

It is a variant of the SmitFraud Trojan. The remover I wrote,
http://www.ik-cs.com/programs/virtools/SmitFraud.exe will handle this as it is a very
complex infector that makes numerous alterations to the OS and has many components.
 
I logged on, and I don't see my "Thank you", which I sent yesterday.

So, I'll write it again.

Thank you to everyone who offered their assistance.

It is deeply appreciated.

mE

I just want to thank everyone for their help.
 
Back
Top