Wooster said:
Hi
Somehow I've got a Trojan called MicroBillSys stuck in my registry. Two or
three times a day, when I'm using the internet, it forces IE to their
website, and prompts me to log on and pay the bill. A 100% scam.
I've used various spy removal software. Some don't see it at all. Spy
Hunter sees it, allows me to remove it, but a re-scan shows it's still there.
Someone has called it a mutating trojan. (It detects it is about to be
removed, and makes another copy of itself, which isn't removed.)
Does anyone know how to get rid of this trojan?
Windows XP Home. IE V6 with SP2. Windows and IE both up to date.
Regards
For somehow the Virus created a script/VBs file, that generated on every
start up and resurrecting the Virus back, try Avast scanner on boot and also
use the Auto run to locate the Created Entry for start up.
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx
To make sure your system is clean:
Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
After the scan run disk cleanup on your drive.
2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(
http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to
http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass