• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Any computer experts? Please help.

K

keatingschick

Well-Known Member
Wonder if anyone can help me please. My dad has tried to log onto his computer today to read his emails and my mum tells me they have a virus. She said something keeps flashing up saying they have a TROJAN and need to download this security to get rid. This happened to my daughter once and took me ages to get rid but I managed.
I've just been to look and it comes up saying:

Trojan-BNK.win32.keylogger.gen.

I have googled this and there are several pieces of info, one of them actually saying that there ISNT a virus this is just a fake thing making you buy extra security and that basically the only thing that needs to be uninstalled is XP SECURITY 2010. The thing is, in my dads account on the PC I cant do ANYTHING, there is no control panel on his account even though supposedly it is the administrator account, but I cant click on anything because it just keeps flicking up that the trojan has infected everything, it basically wont let me click anything. So I transer to my mums account on the same PC, I can access the internet etc but there is no control panel, but when I go to add/remove programs I can't find the XP security center, it doesnt seem to exist on that computer. I did try in SAFE MODE, but didnt know what to do from there.
I am not brilliant on computers so would really need BASIC instructions, but would really appreciate help cos they dont know what to do. My mum is assuming she is gonna have to get someone to look at it, but I've said I'll try and sort it if possible.
Any ideas?
Thanks,
Lo
 
Sounds like somebody got suckered by some scamware. It'll pop up claiming a virus or trojan and not let you open the real manager or many other programs. Do a google search for. XP Security 2011 (or whatever it's calling itself) removal instructions. Usually your best bet is to install and run MalwareBytes Anti Malware. (MBAM)

Whatever you do, do NOT install and pay for the fake security app that's popping up. Your payment will give you a month or so without the fake popup (depending on what level of support you pay for) and then it'll be back.
 
Thankyou so I search for the security removal instructions, but how do I install the malware when it isnt letting me use the internet? If I download the malware on my mums account will it still work on my dads account?
 
You could try using a different PC to download HIJACKTHIS from majorgeeks.com or use google for it. but this should at least help you get your browser back (as it sounds like its been hijacked by the scareware)

TBH i'd just use the recovery DVD and do a whole format and re-install, its a pain in the rear, granted, but at least then you can start from a clean slate. Sometimes it can even be quicker than trying to manually remove the infection.

If you do want to try and manually remove the infection, id suggest you try to post a screen shot of the process list in task manager. press ctrl + alt + DEL choose task manager from the options, and click on the PROCESSES tab. You may have to scroll, but by killing off misc processes you might find the infectious one.

For future reference if look into using something like iolo's system mechanic pro, as it has a start up guard to prevent and startup items / processes changing any registry values so that this situation shouldn't happen again
 
I'm with Xplosiv on this one. You may be able to get it back to some sort of functionality, but there's not telling how deeply the infection goes and where it came from in the first place. Plus, most of these scams will disable most of the recovery methods (like Windows restore).

When I am presented with a PC like this (and believe me, it happens a lot), I start by making an exact copy of the system partition (usually the C: drive) using a gPartEd live CD.

What you do, is after you create the live cd, you boot the infected machine from the cd and copy the infected partition to a removable USB drive. That was there is a copy of every piece of data, so little is lost. Once done (and it can take a while) I do a complete wipe and restore to factory conditions. Many newer PCs don't have restore disks, but restore partitions that you access by pressing a specific key or combination of keys at boot.

It's the only way to be sure the infection is gone.
Then comes the tedious task of reinstalling and reconfiguring all the apps and data.
 
OMG this all sounds so complicated to me. Well I looked at the first reply and realised I'd been looking for the XP security thing but not how to remove it. I googled that and it told me what to do, but then advised me to download SPYDOCTOR. I did that - supposedly FREE DOWNLOAD, sat there for over an hour while it found 870 infections, and then it tells me that to get rid of them he has to buy the app. So to be honest I'd been sat there 2 hours and wasnt sure what to do so I've left it for now, cos I am sure that was a con and just trying to get us to pay for the spydoctor. Will have to have a proper look tomorrow, but to be honest what you are telling me to do I wouldnt even attempt to do that...I really am a real dummy when it comes to computers, if it needs re-formatting or something we're going to have to get someone to do it.
 
keatingschick said:
OMG this all sounds so complicated to me. Well I looked at the first reply and realised I'd been looking for the XP security thing but not how to remove it. I googled that and it told me what to do, but then advised me to download SPYDOCTOR. I did that - supposedly FREE DOWNLOAD, sat there for over an hour while it found 870 infections, and then it tells me that to get rid of them he has to buy the app. So to be honest I'd been sat there 2 hours and wasnt sure what to do so I've left it for now, cos I am sure that was a con and just trying to get us to pay for the spydoctor. Will have to have a proper look tomorrow, but to be honest what you are telling me to do I wouldnt even attempt to do that...I really am a real dummy when it comes to computers, if it needs re-formatting or something we're going to have to get someone to do it.
Click to expand...

Unfortunately, by giving it permission to download with an administrative account you may have just inadvertently downloaded more malicious software to the PC. I'd really wipe the thing clean.
 
keatingschick said:
OMG this all sounds so complicated to me. Well I looked at the first reply and realised I'd been looking for the XP security thing but not how to remove it. I googled that and it told me what to do, but then advised me to download SPYDOCTOR. I did that - supposedly FREE DOWNLOAD, sat there for over an hour while it found 870 infections, and then it tells me that to get rid of them he has to buy the app. So to be honest I'd been sat there 2 hours and wasnt sure what to do so I've left it for now, cos I am sure that was a con and just trying to get us to pay for the spydoctor. Will have to have a proper look tomorrow, but to be honest what you are telling me to do I wouldnt even attempt to do that...I really am a real dummy when it comes to computers, if it needs re-formatting or something we're going to have to get someone to do it.
Click to expand...

If you mean Spyware Doctor by PC Tools, with the lil picture of the doctor:

Same thing happened to me about 5 years ago. I got infected with something called Spyware Strike, Spy Ax. I wound up using it. I had to use Spyware Doctor in Safe Mode to get rid of it.

I dont use Spyware Doctor anymore tho. It was very good, worked for fixing my problem and keeping my PC clean, but it went overboard protecting my PC. With it installed, I had a hard time running any hard disk checking, PC monitoring programs. That was some years ago, dont know how it is now. I didnt try different settings to see if it would play nicer with my PC. But it did work fine when I used it. It just worked a lil too good.

All advise given above is good. Its up you to decide what to do. Since you gotta pay for Spyware Doctor thats something to think about. I was pissed to. Funny to see they havent changed.

IF it is Spyware Doctor by PC Tools....

Nothing beats a format, re install tho. Whatever you do, when its fixed, I would seriously look into upgrading their internet security. Or keeping it up to date. Firewall, apps for spyware, antivirus. All in one, separate software, something.

My setup that has kept me straight so far since my infection is:

Outpost Firewall, just the firewall.
Nod 32, just the anti virus
Spyware Blaster
Spybot Search n Destroy

Its not the best, but its something. I tried software from Bit Defender, Norton/Symantec, Zone Alarm, Spy Sweeper over the years and they didnt protect good enough. Bit Defender found something Norton/Symantec missed, NOD32 found something Bit Defender missed...Spy Sweeper didnt even have documentation on my infection back then, Spyware Doctor did.
 
Superantispyware AND malwarebytes is all you need. Super has a portable scanner, run these from safe mode.

Though I also agree with the guys. A wipe and reload is best at this point
 
You'd need a virus scanner than runs from boot, before your OS is loaded. That's one of the best ways to remove stubborn viruses.

Also, with respect, I think anyone who actually falls for these 'Your computer has a trojan/virus, download this software to remove it' shouldn't be allowed any where near any piece of electronic equipment, small children or motorways.
 
RisingMoon said:
Also, with respect, I think anyone who actually falls for these 'Your computer has a trojan/virus, download this software to remove it' shouldn't be allowed any where near any piece of electronic equipment, small children or motorways.
Click to expand...

Wow, a little harsh isn't it?
 
Telling him to reformat for a rogue AV, really guys? I don't mean to be rude to anyone, but thats blowing things way out of perspective. Rogue AV's can be easily removed, even without extensive knowledge, following the tutorial posted earlier that is on BleepingComputer will work just fine.
 
It's tempting to agree with you ToastPwnz, but there are some instances where a format is the only and safest course of action.

If one uses their computer for online banking or credit card use and if said computer is infected with any type of backdoor trojan, then it's imperative to format the hard drive and start again. It's also imperative that banks and credit card companies are informed of the compromised computer so that passwords etc can be changed etc.

The reason for this is due to the fact that the backdoor trojan may well have already sent finacial details back to it's source.

See the two links below for details of when to format your computer.


When should I re-format? How should I reinstall? Security | DSLReports.com, ISP Information

How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports.com, ISP Information
 
I help develop an AV product for the company I work for, download VIPRE from VIPREAntivirus.com if it doesnt remove this one send me a PM and I will help you remove it. If this nasty prevents you from getting from to the site try running this command in command prompt:
Net stop dnscache
 
If you have a pc that works go to malwarebytes.org and save the program to a flash drive then run that program on the pc that has the scamware. You may have to do this in safe mode.
 
Howard Hopkinson said:
It's tempting to agree with you ToastPwnz, but there are some instances where a format is the only and safest course of action.

If one uses their computer for online banking or credit card use and if said computer is infected with any type of backdoor trojan, then it's imperative to format the hard drive and start again. It's also imperative that banks and credit card companies are informed of the compromised computer so that passwords etc can be changed etc.

The reason for this is due to the fact that the backdoor trojan may well have already sent finacial details back to it's source.

See the two links below for details of when to format your computer.


When should I re-format? How should I reinstall? Security | DSLReports.com, ISP Information

How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports.com, ISP Information
Click to expand...

That isn't always true. I work as part of a malware removal team on a site that will remain unnamed (for various reasons), and we remove FUD RATs, keyloggers, etc from people's computers all the time.
Though the ones that are coded well can be a slight pain to remove, most of them aren't that much trouble.
 
The problem is that there are no 100% guarantees that even after a system has been cleaned that it is safe to use for online banking and or credit card use, hence the need to format if a backdoor trojan is evident.

On top of that, there is also the problem that private and secure information may have already been sent to a third party. So, unless the question of what the computer is used for is asked, particularly asking if the system is used for online banking or credit card use, it's quite probable that the user would be completely unaware of the potential risks involved of having their system cleaned rather than reformated.

I too used to work in malware removal, I still do, but to a far lesser extent. I believe that the advice I gave is well worth consideration.
 
There are no viruses that can hide themselves from scanners such as OTL. Back in the "HJT Era" so to speak, there were a few that could crudely hide themselves from that scanner, but it was obvious because they hid every line within the category they fell under.

I'm not sure I understand your logic in this case, reformatting isn't going to erase the fact that their personal information may have already been collected, and because of that I don't see a point in reformatting if the virus can be removed just as easily.
I can say with 100% confidence that after I've analyzed a persons computer for infections they will not be infected with anything once I'm done. I know that sounds cocky, but I don't intend to boast, only state the truth.
 
I agree with Nightangel. Start the computer in safe mode with networking and download both MBAM and SAS and update and run full scans using both. Works most of the time for crap like this.
 
RisingMoon said:
Also, with respect, I think anyone who actually falls for these 'Your computer has a trojan/virus, download this software to remove it' shouldn't be allowed any where near any piece of electronic equipment, small children or motorways.
Click to expand...
:D:D:D Classic! :p
 
RisingMoon said:
Also, with respect, I think anyone who actually falls for these 'Your computer has a trojan/virus, download this software to remove it' shouldn't be allowed any where near any piece of electronic equipment, small children or motorways.
Click to expand...

This is why I recommended a few non-techy/clueless friends of mine get iPads, instead of PCs.
 
You must log in or register to reply here.
Back
Top Bottom