Jump to content

Help! Suspect Trojans/Keylogger in comp


Recommended Posts

Hi!

I suspect I might have a trojan or a keylogger on my comp as I just got a notification from google saying someone tried logging into my e-mail account. I have changed my password but still SuperAntispyware detects tracking cookies: account.google.com

 

There are also 3 persistent files, which I keep deleting, but they come back. I can't find these files in the computer however even when I set the option as "show hidden files".

 

Pls. help me clear my comp completely.

 

Thanx in advance.

 

PS: I downloaded dds and it opened in notepad with a message "This program cannot be run in DOS mode."

 

Comp Info:

OS is Windows Vista

 

Security:

AVG

Malware

SuperAntiSpyware

 

I also use ESET, Housecall and Bitfender online scanners.

 

Link to post
Share on other sites

Hi!

I wrote on this forum for help but got no response. Meanwhile, someone tried to hack my bank account and it was just sheer luck that my bank spotted the online errant logins, shut down my internet banking access and informed me immediately.

 

As I couldn't wait any longer for someone to urgently respond to my help, I tried finding a solution for myself. Not sure if I am 100% clean, but the scans in Malware, SuperAnti and Eset come clean. I could be infected with rootkits though.

 

For anyone who faces a similar situation as me, that is someone trying to hack into your google accounts etc, don't take it lightly. I found out after numerous clean scans, that I had a deadly trojan that not only stole my online identity, downloaded other malware and trojans, could actually sentd screenshots of my computer, but also dismantled my anti-virus and other security measures i had installed.

 

First signs of the Win32 Gen-Agent NOV is that your CPU usage will shoot up, like mine at idle would go to 98%-100% and freeze. It downloads so many other trojans and stuff that you can't see straight.

Then you will see unknown programs in your Task Manager.

My AVG scans would come clean, although in the middle of browsing the net, AVG would give warnings that Rozena is trying to open. I searched on numerous sites for this Rozena, but I only found downloader.rozena which is a virus, but the AVG one didn't have the same name.

Then I got an e-mail from Facebook that someone was trying to hack into my account. I didn't take it seriously and just changed the password. Hey its just FB right.

Then I got e-mails (like for two weeks) that someone was trying to login to google. Since I had been running scans on malware, AVG, superantispyware and all came clean, I dismissed it.

Until I got the message for hacking into my bank account.

 

Steps I took:

1. I am not an expert in all this, and AVG in all purpose looked like doing its job. But just for reassurance I checked my Windows firewall and noticed it just wouldn't start. Then Windows defender gave the same error.

2. I contacted this forum, but got no reply. So I uninstalled AVG, malware and Superantispyware.

3. On my mobile I again downloaded the malwarebyte and superantispyware software. Someone had given me pctools as a gift this Christmas. So I installed that. PC tools found 35trojans and 124malware. WOW!!!

4. After that I thought I was clean. But just for reassurance, I installed malwarebyte and superantispyware. Together they found another 315 stuff. You might think now my computer is clean. But...

5. Just for reassurance again, I downloaded ESET and Trends housecall something. I ran both of these. Both found trojans, saved on different locations, files, and even in different registry keys.

6. My CPU usage number went down dramatically. My comp wouldn't overheat much and things started working faster. Like programs would open fast etc.

7. Still ESET would find trojans and malware would find 5 PUP, adwares and even a bat.trojan. Superanti still showed account.google.com cookies. For every scan, they would pop up, I would clean, remove, quarantine and still they would show up.

8. I didn't know what to do now so I search online and read a few articles. One of the articles suggest I delete all my cookies and then set the setting to Not allow any cookies from any site. I did this.

9. Also on PcTools you can add certain files and programs that you want to prevent from opening. I noticed in the Taskbar that two files would start randomly (at any given time) and hog all the CPU usage. Sis.exe and Systay.exe. As I said, not an expert in computers, so I didn't know if these were Windows files or virus. I searched online and found that systay was actually a trojan. (Systray.exe is a windows file. Notice the "R" in tray. Seriously you need magnifying glasses to notice these things.) I crossed my fingers and added both these to the blocked files on PC tools. I also added the acounts.google.com cookie and other cookies that superantispyware was picking up.

10. After that I got messages from PC Tools all the time that the sis and the systay file wants to open, but I said to permanently block these. Also my system started functioned really well now. But I knew this isn't a permanent solution. I mean whatever this sis/systay virus is, it has to go. So I again scanned using ESET, malwarebytes and superanti. They found adware, malware, trojans. I cleaned them and then manually created a system restore after checking all the programs and stuff is working properly.

11. I then deleted all the system restore points before my recent one. (Don't permanently delete them using disk cleanup. Just find the system restore folder and put the files before the one you created in recycle bin. That way if you need something you can get it back.

12. Then I removed the "Block" for sis and systay and restarted my comp. I knew these don't start at the beginning bt just pop up while I am working on the comp. So I waited. I kept the task manager running all the time, and the minute I noticed the CPU usage going up, I checked and sure enough both the files were there. I closed all the windows and the net and then started ESET again. This time ESET caught the virus along with the files and I deleted them. Malware found 2 PUP files, and I deleted them.

13. You might think I was clear, but nope. A few hours later, I again did the ESET scan, just to make sure. And ESET again found the virus, in the system restore files. I noted down the file path and then deleted the virus using ESET.

14. Now that I know what the file path was, I kept checking again and again after a few hours to make sure they didn't come back. Till date the files haven't come back. I scan my comp before shutting down by all three of the programs. I am not sure if I am 100% clean, like I could have rootkits for which I don't know what program will search for. I did download the TSkill or some such program, but then I read online that if you don't know how to use this program properly, it can seriously damage your computer.

 

Anyway, I hope my experience helps someone else out there.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hello Bothersome

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Sorry we did not get to you but by replying to your own topic it made it look like someone was already helping you

I need to get some reports to get a base to start from so I need you to run these programs first.

-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif

    Download DDS and save it to your desktop

    Link1

    Link2

    Link3

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.