Ask Me Help Desk

Ask Me Help Desk (https://www.askmehelpdesk.com/forum.php)
-   Spyware, Viruses, etc. (https://www.askmehelpdesk.com/forumdisplay.php?f=477)
-   -   Download Trojan From Hell! (https://www.askmehelpdesk.com/showthread.php?t=13229)

  • Sep 30, 2005, 05:46 AM
    Loriz
    Download Trojan From Hell!
    OK, so the last few days I've been fighting with this download trojan. By the time Norton let me know about it, I had about 200 infected files and key registries. I have all of the security software you've listed in previous posts (except for spyware blaster and spybot, which I am downloading as I speak) I believe I've gotten rid of them all except for one that keeps manifesting itself in my HKEY_LOCAL_MACHINE and calls itself "apropos browser modifier", along with that was "180search" and his friends, but there was one I'd not seen before called "dyfaca". Now this one raised an eyebrow cause I thought I was a goner! Well my PC anyway! Please tell me anything you can about these hidious pest. I appreciate all of you guys out there helping the rest of us. And please tell me why these companies (such as 180search) are allowed to stay running on the internet? Someone should give them a virus!

    __________________________________________________ _______

    Thanks much, Loriz
  • Sep 30, 2005, 06:17 AM
    fredg
    Trojans
    Hi,
    Welcome to the world of legal advertising over the net! That's why there are hundreds of free programs to stop Spyware/Advertising stuff from getting into a computer on the net.
    CWShredder should get rid of the "DyFaCa" mess. You have mentioned some free programs already. Here are suggestions for those free Spyware removal programs and how to use them. I use all these:

    If you think you already have Spyware/Advertising Ware in your computer, run these as follows:

    http://www.security-related.com/download2.htm
    Download: SpyBot Search & Destroy; 1.3
    (If you use the Spyware Blaster free program, then don't set SpyBot to the Immunization feature)

    AdAware at:
    http://www.lavasoftusa.com
    Download: AdAware_SE V 1.06

    CWShredder at:
    http://www.intermute.com/products/cwshredder.html
    (CWShredder is intended only for removal of CoolWebSearch files; placed as spyware on the harddrive). It is not a "stand alone" scan, but needs to be run. Download the free version by clicking on "Download stand alone version of CW Shredder".

    All 3 of the above programs run better and much faster when run in SafeMode.

    To get into SafeMode:
    Re-boot the computer, and immediately after starting up, Press and hold down, F8, at top of keypad.
    When the options show on the screen, use the up and down arrow keys on the keyboard to select
    "Safe Mode".
    Press Enter

    It's best to run the AdAware scan first; 3 times; then re-boot.
    Then, run the AdAware scan again 3 times; then run the SpyBot. Then, run CWShredder.
    Re- Boot.
    Reason for running so many times:
    Some of these trojans' files can be deleted the first time; leaving some others; but on re-boot, they re-write the files that were deleted.
    Running multiple times deletes most of it the first
    Time.

    If you wish to have a great program, after you clean out Spyware/Advertising Ware:
    This program stops this stuff from getting into the computer in the first place, by placing URL's in the browser, stopping them instantly. One of the Very Best free programs anyone can download!

    SpyWare Blaster 3.3

    http://www.javacoolsoftware.com/sbdownload.html

    I have had not ONE spyware program invade my computer since downloading/installing the great SpyWare Blaster 3.3. It has updates every week or so, with new "spyware definitions", and integrates those with IE in the Restricted Sites, stopping them from getting into the computer.
    I have not found anything with the other Spyware programs scans since using it.
    I highly suggest getting rid of Norton, and downloading/installing AVG Antivirus from http://www.grisoft.com. It really does stop more than Norton.
    Others will also have suggestions for free programs.
    Best of luck,
    fredg
  • Sep 30, 2005, 08:57 AM
    LTheobald
    As well as spyware programs, you want to get a filewall. Something that blocks outgoing and incoming traffic (in other words, not the built in Windows one). I use ZoneAlarm. With a firewall you can stop all these trojan's from accessing the internet and doing their damage. See my signature for a link to ZoneAlarm.

    Also have you tried looking in Control Panel >> Add/Remove Programs for anything you don't recognise (e.g. nCase might be in there ). If you see something you think is suspect, investigate by typing it's name in a search engine and removing if appropriate.

    Also a lot of the time you can get some good help by just typing the process name into Google along with "remove" or similar. I couldn't find the browser modifier one but here's something for 180Search - http://www.antivirusworld.com/articles/virus/ncase.php . Removal tool at the bottom.
  • Oct 1, 2005, 05:47 AM
    fredg
    Firewall
    Hi,
    I agree with a Firewall, but only if you have high speed connection; such as cable, DSL, etc.
    A Firewall isn't that necessary with the old phone dial-up system, as I have... tried one free, didn't care for it... more trouble than it's worth. I've never had any problems without one. My connection quits when I disconnect from the phone line... doesn't stay on constantly.
    Best wishes,
    fredg
  • Oct 1, 2005, 04:07 PM
    Loriz
    OK Fellas, here's what's up. I've downloaded the programs in your replies, (with my high speed dial-up modem!) I might have to take the ZoneAlarm off cause it seems to be conflicting with my windowsxp+servpack2 firewall. Although I've always had problems with it. Open for any advice..

    NOW... I can't get rid of this "apropos" which is, as you know, in my HKEY_LOCAL_MACHINE.

    It's got me really freaked out cause I've always tried to be careful. It hasn't been duplicating itself like it was, but it won't go away.
    Also my computer just shuts down now for no reason, when I was battling virus boy it shut down a lot. Now it's just every so often-enough to keep me on pins and needles!
    Will be waiting to hear from you all! And again thanks for being the good guys! Got to love you

    _____________________________________________

    Loriz
  • Oct 20, 2005, 06:42 AM
    LTheobald
    Hi Loriz,

    Sorry about not replying to this sooner. Busy few weeks. Have you seen this page: http://securityresponse.symantec.com...e.apropos.html

    I know you said you had Norton already so I'm not sure how much this will help. There's a removal tool towards the bottom of the page. It could be worth trying that. There's also a list of the information it leaves on your PC. If the removal tool doesn't work - maybe you could go through this list and delete what it creates (start with the executables first, registry keys last).

    • All times are GMT -7. The time now is 03:18 PM.