Trojans, Please help!

[Frank V.]

My computer is infected with:
JS.DOWNLOADER.TROJAN, TROJAN.BYTEVERIFY and possibly with others. It added
extra toolbars (I-search and Norton antivirus toolbar) in internet explorer
(IE6) and locked all toolbars so that they cannot be customized , added or
removed. It also locked toolbars in Windows Explorer. When I run Norton
Antivirus, it does not show any infected files, but they show in Activity
Log file. It states that "repair failed, access denied". Norton recommends
to turn off "windows system restore", which I did before updating a
rescanning the hard drive. Now I cannot go back because all restore points
were lost and Trojans are still on my computer and cannot be deleted.
Is there a way to clean up my computer or do I have to reformat and
reinstall everything. Will reformatting the hard drive get rid of Trojans? I
am running Windows XP.
Thanks a lot.

 

[The Prophecy]

My computer is infected with:
JS.DOWNLOADER.TROJAN, TROJAN.BYTEVERIFY and possibly with others. It
added extra toolbars (I-search and Norton antivirus toolbar) in
internet explorer (IE6) and locked all toolbars so that they cannot
be customized , added or removed. It also locked toolbars in Windows
Explorer. When I run Norton Antivirus, it does not show any infected
files, but they show in Activity Log file. It states that "repair
failed, access denied". Norton recommends to turn off "windows system
restore", which I did before updating a rescanning the hard drive.
Now I cannot go back because all restore points were lost and Trojans
are still on my computer and cannot be deleted.
Is there a way to clean up my computer or do I have to reformat and
reinstall everything. Will reformatting the hard drive get rid of
Trojans? I am running Windows XP.
Thanks a lot.

Re-formatting will get rid of those trojans but I would only use that as a
last resort step.

Reboot your computer and press F8. Go to Safe Mode with Networking. Now
start Internet Explorer and go to:

http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

Run Symantec's Online virus scanner, let it detect and remove anything it
finds. Next, while at Symantec, update your virus definitions. And you
should also go to Windows Update and see if there are any updates which you
have not installed. I'm sure somebody else will recommend another online
virus scanner and you should use those as well if the one at Symantec
doesn't work.

 

[Frank V.]

Thanks for the advice, I have already ran updated Norton Antivirus (with
virus definitions as of 5-28-04)in save mode and it did not show any
infection. I also ran online scanners (not in safe mode because I cannot
get on internet unless I enable access to SVCHOST.EXE in Zone Alarm) from
Norton, Panda (found 5 Trojans in
sun\java\development\cache\javapi\v1.0\jar\ folder) and McAfee (found 3
Trojans also in "Jar" folder). I deleted those infected files, but Tool Bars
problem did not disappear.
Is safe to remove all the files in "Jar" folder and to disable Java console
in Internet Explorer?
Thanks

 

[The Prophecy]

Thanks for the advice, I have already ran updated Norton Antivirus
(with virus definitions as of 5-28-04)in save mode and it did not
show any infection. I also ran online scanners (not in safe mode
because I cannot get on internet unless I enable access to
SVCHOST.EXE in Zone Alarm) from Norton, Panda (found 5 Trojans in
sun\java\development\cache\javapi\v1.0\jar\ folder) and McAfee
(found 3 Trojans also in "Jar" folder). I deleted those infected
files, but Tool Bars problem did not disappear.
Is safe to remove all the files in "Jar" folder and to disable Java
console in Internet Explorer?
Thanks

Go to the Java console and under the Cache section in the upper right corner
click on Clear. That should remove everything in the Java cache, including
the files in the Jar subfolder. Do not delete the Jar folder itself. To get
rid of the tool bars, use Ad-aware and Spybot S&D.

Ad-aware: http://www.lavasoftusa.com

Spybot S&D: http://www.safer-networking.org

Download and update both of them. *Note: Spybot released an update for the
detection rules yesterday. I tried to download them but got an error saying
that the CRC Checksum had failed. If you get the same error message, Try
selecting a different server in the program to download from.

 

[Frank V.]

Funny, I clicked the links for AD-Avare and Spybot S&D that you provided and
in both cases was redirected to "isearch.com", which is the website that
most likely placed their tool bar in my IE. It also changes my default home
page to the same web site even after I reset it. Obviously that Trojan is
"very smart".
I already have Spybot installed on my computer and it did not remove the
tool bar after running it. I will try to download the update and also
download and install AD-avare. I could not locate Java Console, just Java in
Internet Explorer Property "advanced tab"

 

[Beauregard T. Shagnasty]

Quoth the raven Frank V.:

Funny, I clicked the links for AD-Avare and Spybot S&D that you provided and
in both cases was redirected to "isearch.com", which is the website that
most likely placed their tool bar in my IE. It also changes my default home
page to the same web site even after I reset it. Obviously that Trojan is
"very smart".

Being redirected to a 'search' site is a prime symptom of the
CoolWebSearch badware. Read this:

http://home.rochester.rr.com/bshagnasty/tips.html#shredder

I already have Spybot installed on my computer

Which version? Supposedly, the latest 1.3 with current database
should also find CWS. I read that somewhere...

and it did not remove the
tool bar after running it. I will try to download the update and also
download and install AD-avare. I could not locate Java Console, just Java in
Internet Explorer Property "advanced tab"

I have no recommendations about any Java stuff.

 

[Frank V.]

Scanning my hard drive with Ad-aware 6.181 did the trick for removing
I-search tool bar and freeing my other tool bars. (I could not go directly
to Lavasoft but got it from Download.com after searching Goggle). Online
scan by several different antivirus software took care of Trojans
(Ravantivirus found 1, Panda 5, McAfee 3 even after updated Norton Antivirus
found 0). Hope this will be useful to someone else too.
Thanks a lot for the help.
Frank V.

 

[The Prophecy]

Scanning my hard drive with Ad-aware 6.181 did the trick for removing
I-search tool bar and freeing my other tool bars. (I could not go
directly to Lavasoft but got it from Download.com after searching
Goggle). Online scan by several different antivirus software took
care of Trojans (Ravantivirus found 1, Panda 5, McAfee 3 even after
updated Norton Antivirus found 0). Hope this will be useful to
someone else too.
Thanks a lot for the help.
Frank V.

You're welcome. Have fun, and let's hope this doesn't happen again....

 

[armando]

And I suggest you to download a bit defender

You're welcome. Have fun, and let's hope this doesn't happen again....

 

[PCportinc]

Funny, I clicked the links for AD-Avare and Spybot S&D that you provided and
in both cases was redirected to "isearch.com", which is the website that
most likely placed their tool bar in my IE. It also changes my default home
page to the same web site even after I reset it.

same thing happens to me.
just copy/paste the links, install and run both, then NAV.