Trojan

[Guest]

Hi

Somehow I've got a Trojan called MicroBillSys stuck in my registry. Two or
three times a day, when I'm using the internet, it forces IE to their
website, and prompts me to log on and pay the bill. A 100% scam.

I've used various spy removal software. Some don't see it at all. Spy
Hunter sees it, allows me to remove it, but a re-scan shows it's still there.
Someone has called it a mutating trojan. (It detects it is about to be
removed, and makes another copy of itself, which isn't removed.)

Does anyone know how to get rid of this trojan?

Windows XP Home. IE V6 with SP2. Windows and IE both up to date.

Regards

 

[John]

Hi

Somehow I've got a Trojan called MicroBillSys stuck in my registry. Two or
three times a day, when I'm using the internet, it forces IE to their
website, and prompts me to log on and pay the bill. A 100% scam.

I've used various spy removal software. Some don't see it at all. Spy
Hunter sees it, allows me to remove it, but a re-scan shows it's still there.
Someone has called it a mutating trojan. (It detects it is about to be
removed, and makes another copy of itself, which isn't removed.)

Does anyone know how to get rid of this trojan?

Windows XP Home. IE V6 with SP2. Windows and IE both up to date.

Regards

You may have to boot into safe mode (press F8 on boot) and run your
removal tools from there to get rid of it.

John.

 

[Detlev Dreyer]

Somehow I've got a Trojan called MicroBillSys stuck in my registry.
Two or three times a day, when I'm using the internet, it forces IE to
their website, and prompts me to log on and pay the bill. A 100% scam.

Pay your dues and see what happens (just kidding).

I've used various spy removal software.

Wrong approach. http://www.xp-vista.com/page/2 (excerpt)

| MicroBillSys usually installed itself onto your PC without your
| knowledge and permission, through Trojans and viruses.

Removing that particular malware wouldn't clean your system.

"Cleaning a Compromised System"
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

 

[Malke]

Hi

Somehow I've got a Trojan called MicroBillSys stuck in my registry. Two or
three times a day, when I'm using the internet, it forces IE to their
website, and prompts me to log on and pay the bill. A 100% scam.

I've used various spy removal software. Some don't see it at all. Spy
Hunter sees it, allows me to remove it, but a re-scan shows it's still there.
Someone has called it a mutating trojan. (It detects it is about to be
removed, and makes another copy of itself, which isn't removed.)

Does anyone know how to get rid of this trojan?

Windows XP Home. IE V6 with SP2. Windows and IE both up to date.

Removal instructions:

http://www.geekstogo.com/forum/How-to-remove-MBS-account-manager-t160681.html

If you find these instructions difficult (and there's no shame in
admitting that since we all have our areas of expertise), register at
the Geeks-to-Go forum and get guided help. Make sure you read the
posting FAQ first.


Malke

 

[Guest]

Hi

Somehow I've got a Trojan called MicroBillSys stuck in my registry. Two or
three times a day, when I'm using the internet, it forces IE to their
website, and prompts me to log on and pay the bill. A 100% scam.

I've used various spy removal software. Some don't see it at all. Spy
Hunter sees it, allows me to remove it, but a re-scan shows it's still there.
Someone has called it a mutating trojan. (It detects it is about to be
removed, and makes another copy of itself, which isn't removed.)

Does anyone know how to get rid of this trojan?

Windows XP Home. IE V6 with SP2. Windows and IE both up to date.

Regards

For somehow the Virus created a script/VBs file, that generated on every
start up and resurrecting the Virus back, try Avast scanner on boot and also
use the Auto run to locate the Created Entry for start up
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx

To make sure your system is clean:
Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

After the scan run disk cleanup on your drive.


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass

 

[Confuse The Newbie]

Hi

Somehow I've got a Trojan called MicroBillSys stuck in my registry. Two or
three times a day, when I'm using the internet, it forces IE to their
website, and prompts me to log on and pay the bill. A 100% scam.

I've used various spy removal software. Some don't see it at all. Spy
Hunter sees it, allows me to remove it, but a re-scan shows it's still there.
Someone has called it a mutating trojan. (It detects it is about to be
removed, and makes another copy of itself, which isn't removed.)

Does anyone know how to get rid of this trojan?

Windows XP Home. IE V6 with SP2. Windows and IE both up to date.

Regards

Get HijackThis.
Do a system scan and save a log file.
Post your log back here.

 

[Guest]

Thanks for your help. I treid various things (some suggestions were beyond
me!):
Avast (my resident see it) didn't see it. I contacted Avast, they suggested
a 'Deep Scan' which (also) didn't see it. bitdefender disn't see it. Norton
didn't see it. AVG saw it, but couldn't remove it. Spybot saw it, and
removed it. Conclusion: Use Spybot! www.computeractive.co.uk/2129071

Regards

Hi

Somehow I've got a Trojan called MicroBillSys stuck in my registry. Two or
three times a day, when I'm using the internet, it forces IE to their
website, and prompts me to log on and pay the bill. A 100% scam.

I've used various spy removal software. Some don't see it at all. Spy
Hunter sees it, allows me to remove it, but a re-scan shows it's still there.
Someone has called it a mutating trojan. (It detects it is about to be
removed, and makes another copy of itself, which isn't removed.)

Does anyone know how to get rid of this trojan?

Windows XP Home. IE V6 with SP2. Windows and IE both up to date.

Regards

For somehow the Virus created a script/VBs file, that generated on every
start up and resurrecting the Virus back, try Avast scanner on boot and also
use the Auto run to locate the Created Entry for start up.
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx

To make sure your system is clean:
Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

After the scan run disk cleanup on your drive.


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass

 

[Guest]

Thanks for your help. I treid various things (some suggestions were beyond
me!):
Avast (my resident see it) didn't see it. I contacted Avast, they suggested
a 'Deep Scan' which (also) didn't see it. bitdefender disn't see it. Norton
didn't see it. AVG saw it, but couldn't remove it. Spybot saw it, and
removed it. Conclusion: Use Spybot! www.computeractive.co.uk/2129071

Regards

 

[Guest]

Thanks for your help. I treid various things (some suggestions were beyond
me!):
Avast (my resident see it) didn't see it. I contacted Avast, they suggested
a 'Deep Scan' which (also) didn't see it. bitdefender disn't see it. Norton
didn't see it. AVG saw it, but couldn't remove it. Spybot saw it, and
removed it. Conclusion: Use Spybot! www.computeractive.co.uk/2129071

Regards

 

[Guest]

Thanks for your help. I treid various things (some suggestions were beyond
me!):
Avast (my resident see it) didn't see it. I contacted Avast, they suggested
a 'Deep Scan' which (also) didn't see it. bitdefender disn't see it. Norton
didn't see it. AVG saw it, but couldn't remove it. Spybot saw it, and
removed it. Conclusion: Use Spybot! www.computeractive.co.uk/2129071

Regards

 

[Detlev Dreyer]

Thanks for your help. I treid various things (some suggestions were beyond
me!):
Avast (my resident see it) didn't see it. I contacted Avast, they suggested
a 'Deep Scan' which (also) didn't see it. bitdefender disn't see it. Norton
didn't see it. AVG saw it, but couldn't remove it. Spybot saw it, and
removed it. Conclusion: Use Spybot! www.computeractive.co.uk/2129071

Sorry, that's nonsense. Read my reply again as well as posted article.
Neither the original trojan/s have been removed nor the created backdoors.
Some additionally downloaded software has been removed, that's all!