got a trojan and want to start over - format my hardrive!
- Thread starter kona
- Start date
1:Is it a pre-built or custom built?
2:If it's a pre-built, is there a recovery partition?
3:If there is no recovery partition, do you have a Windows disc to reinstall Windows with?
2:If it's a pre-built, is there a recovery partition?
3:If there is no recovery partition, do you have a Windows disc to reinstall Windows with?
kona
Member
custom built
I don't know about another partition
I havems works suite - is that part of windos disc?
I don't know about another partition
I havems works suite - is that part of windos disc?
No. Works is just productivity software.
Like Trem said, let's see if John can help you remove that trojan first. However, let's get you started on the right track. Head over and have a look at this thread:
http://www.computerforum.com/131398-important-please-read-before-posting.html
kona
Member
I went over and took a look at the link here - wow.....
I have a very good antivirus program (shawsecure) and I spoke at length with a tech there regarding my problem. The shaw secure antivirus antimalware was not able to remove my Trogen virus. Their advise was to take my pc into a tech and give it over to them. I may do that but you folks have helped me HUGE in the past so I thought I'd give it a try here.
I have most of my stuff backed up before I got infected with the Trogen. Fortunately for me my backup on my external HD was NOT plugged in for the past two days so I'm not worried about loosing stuff on my pc - I can FORMAT away - I just need to know how to clean this pc up and put everything back no it once that is done.
The Torgen names that came up when the ShawSecure scan finished were:
Trogen.Patched.HE
Trogen.Generic.6131647
AND it looks like the filename is fsdfwd.exe
If that helps
I have a very good antivirus program (shawsecure) and I spoke at length with a tech there regarding my problem. The shaw secure antivirus antimalware was not able to remove my Trogen virus. Their advise was to take my pc into a tech and give it over to them. I may do that but you folks have helped me HUGE in the past so I thought I'd give it a try here.
I have most of my stuff backed up before I got infected with the Trogen. Fortunately for me my backup on my external HD was NOT plugged in for the past two days so I'm not worried about loosing stuff on my pc - I can FORMAT away - I just need to know how to clean this pc up and put everything back no it once that is done.
The Torgen names that came up when the ShawSecure scan finished were:
Trogen.Patched.HE
Trogen.Generic.6131647
AND it looks like the filename is fsdfwd.exe
If that helps
I'd still give MalwareBytes a try and see if that can't get it for you. If not, John can suggest something else.
Antivirus programs are very poor at actually removing virus' once you've become infected. Trying to disinfect your machine will be a lot easier than formatting the hard drive and reinstalling Windows.
Antivirus programs are very poor at actually removing virus' once you've become infected. Trying to disinfect your machine will be a lot easier than formatting the hard drive and reinstalling Windows.
kona
Member
Thanks,
So - I may go to that link now.
Is there anything you can suggest as I do this...........is it pretty straight forward? I know a little bit about computers - enough to get myself in trouble probably. I'll wait for your reply before I go to the malwear site
I got impatiant and I'm using the suggested antivirus antimalware link above - it's in operation now
So - I may go to that link now.
Is there anything you can suggest as I do this...........is it pretty straight forward? I know a little bit about computers - enough to get myself in trouble probably. I'll wait for your reply before I go to the malwear site
I got impatiant and I'm using the suggested antivirus antimalware link above - it's in operation now
Last edited by a moderator:
kona
Member
I ran one on the link - and now it's asking me for $105
I think I will go back and find that malwarebytes - right?
can't find the one it says to click on in the link..........
This one is there:
rcpsetup_dcnew_300_new
Is it the right one to put on my desktop and run?
I think I will go back and find that malwarebytes - right?
can't find the one it says to click on in the link..........
This one is there:
rcpsetup_dcnew_300_new
Is it the right one to put on my desktop and run?
Last edited by a moderator:
Follow the instructions here.
Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.
EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE
But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.
Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.
Click Do a system scan and save a logfile
Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.
When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.
Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
- then click Finish.
- If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware
If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.
EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE
But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.
Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.
Click Do a system scan and save a logfile
Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.
When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.
Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
kona
Member
I clicked on malwarebytes and saved it to my desktop and then when I clicked on it to run it Regclean Pro is there. Is that the one I want on my PC?
No it is not, you clicked on the wrong one. If you went to the cnet download link, click on the big green box where it says download now on the left side of the screen, it also has the cnet logo inside the box. do not click on the box on the right hand side of the screen.
kona
Member
Okay - I removed the ones I installed by mistake.
Now I clicked on the one you suggested below. It's hanging there with a message my program will begin shortly. I noticed I had a picture blocker activated on my pc (box at top) I clicked it to allow download - it's running now. I went through the prompts as you suggested.
Now I clicked on the one you suggested below. It's hanging there with a message my program will begin shortly. I noticed I had a picture blocker activated on my pc (box at top) I clicked it to allow download - it's running now. I went through the prompts as you suggested.
kona
Member
I had a bit of a time getting past a few minutes useing the malware software - my antivirus program kept kicking in and freezing the malware program. I turned my ShawSecure software off - to allow certain internet access now it seems to be running okay.
just to get clear here - you want me to select and copy and paste the log (to my desktop) and attach it and post it here after the malware finishes? And, the hijackthis log is there also?
Please be patient with me I'm really new at this....but like I said in the past...you guys helped me before and I gladly gave a donation when that trauma was over. :good:
13 minutes into the latest scan attempt and already we're at 8 infected.
here's the log - text file attached
I selected all the infected files that Malware found and then selected "clean' and rebooted my computer like the message there said.
After about a minute my ShawSecure antivirus found the virus still on my PC and is attempting to remove it right now.
It's the same Trojan virus Trogan.Patched.HE file name wuauclt.exe
I booted my PC this morning and I got one of those white pages with the triangle with the Active Desktop Recovery message
Is there something more I can do? Should I run a scan with Malwarebytes again??
just to get clear here - you want me to select and copy and paste the log (to my desktop) and attach it and post it here after the malware finishes? And, the hijackthis log is there also?
Please be patient with me I'm really new at this....but like I said in the past...you guys helped me before and I gladly gave a donation when that trauma was over. :good:
13 minutes into the latest scan attempt and already we're at 8 infected.
here's the log - text file attached
I selected all the infected files that Malware found and then selected "clean' and rebooted my computer like the message there said.
After about a minute my ShawSecure antivirus found the virus still on my PC and is attempting to remove it right now.
It's the same Trojan virus Trogan.Patched.HE file name wuauclt.exe
I booted my PC this morning and I got one of those white pages with the triangle with the Active Desktop Recovery message
Is there something more I can do? Should I run a scan with Malwarebytes again??
Last edited:
You should have selected "Remove Selected", not clean. I just looked at the log and you didn't remove anything. Rescan with MalwreBytes and at the end, click "Remove Selected".
Run HijackThis (Instructions from John on another page) and copy the log into this thread.
Run HijackThis (Instructions from John on another page) and copy the log into this thread.
kona
Member
I turned my PC antivirus off and ran Malwarebytes again - it's running right now. So far no infected files found but Malware has "successfully blocked outgoing to potential harmful websites."
Is that the Trogan working on my PC - the Trogan.Patched.He virus??
This is the log from today's Malwarebytes scan. There were NO viruses - infected files - found. Does this mean the problem is solved - or is it that the Trogan has dug in and hasn't been located on my PC yet?
After the scan (and while the scan was running) I got a message that Malwarebytes has blocked access to a potentially malicious website. One website did appear however - saying I can win a cell phone - I xed out of that one.......
I will be leaving for work in an hour or so and I will check this Foum website from my work pc from time to time if I get a chance - other than that I will be back here after 17:30 hours Pacific Standard Time.
Cheers,
Gary
I rebooted the pc a few minutes ago and got this message from my ANtivirus program - ShawSecure - Shaw is my internet provider:
Malicous code found in Windows\system32\wuauclt.exe
Infection: trogan.Patched.HE
There were other 'boxed' messages after I clicked out of that one. They were similar..........trogan.Generic.6131647.....was one of them. Sorry, didn't get the third one - it was a numbered trogan virus like the Generic on above.
Is that the Trogan working on my PC - the Trogan.Patched.He virus??
This is the log from today's Malwarebytes scan. There were NO viruses - infected files - found. Does this mean the problem is solved - or is it that the Trogan has dug in and hasn't been located on my PC yet?
After the scan (and while the scan was running) I got a message that Malwarebytes has blocked access to a potentially malicious website. One website did appear however - saying I can win a cell phone - I xed out of that one.......
I will be leaving for work in an hour or so and I will check this Foum website from my work pc from time to time if I get a chance - other than that I will be back here after 17:30 hours Pacific Standard Time.
Cheers,
Gary
I rebooted the pc a few minutes ago and got this message from my ANtivirus program - ShawSecure - Shaw is my internet provider:
Malicous code found in Windows\system32\wuauclt.exe
Infection: trogan.Patched.HE
There were other 'boxed' messages after I clicked out of that one. They were similar..........trogan.Generic.6131647.....was one of them. Sorry, didn't get the third one - it was a numbered trogan virus like the Generic on above.
Last edited: