Have trojan. Getting new computer. don't want to transfer trojan.

[marciam12]

I have a trojan in my laptop. I have MWB Premium and MWB Privacy, but I think the trojan preceded them. I bought a new computer, coming today, when he went from changing my passwords to using my debit card. He can't use card any more at least.

Want to transfer pictures to new computer - with flash drive? I know very little - but don't want to transfer Firefox Cloud with the trojan in there.

My plan is to save my pictures on a flash drive (is that correct?) and start over on new computer. Set up firefox, immediately install MWB software, set up FB and banking info and whatnot. But how do I get out of the Firefox cloud and possibly a Google cloud unknown to me but maybe there to make sure I don't take this trojan with me? What's the best way to do this?

I also use Microsoft Edge because my laptop w/Firefox won't let me stream anything. So what do I do about that?

Thank you so much for your help. I used to have two live-in computer techs, but they grew up and left home. I would really appreciate any help. I've changed over to new computers before, but not with a trojan in the old one. Thanks.

[Maurice Naggar]

Hi,    Marciam12      
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

 

There should be no rush to get any stuff transeferred to the new machine.   For the new machine,  be sure it has its own installed Malwarebytes for Windows & Malwarebytes Privacy.

That is what the new machine ought to have.

Copying of files can be done much later;   after I have helped you to check out the old machine.

 

The basic question is:  Just what program has found this "trojan" ?    Where di it say it was ?   How did you see any notice ?

I need a good set of reports from the old machine  /  the existing machine that is suspected to have some infection.

 

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible. 
  
Please only just attach   all report files, etc  that I ask for as we go along.

I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.
Download Malwarebytes Support Tool
     

    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.6.1.784.exe  to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

Please know I help here as a volunteer.  and that I am not on 24 x 7.
Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.
Thank you,
Sincerely.

[marciam12]

Goodness, thanks for all your help! My new computer just arrived and is still in the box. I'm going to print out what you've told me so far and get the computer situated on my desk and suck. Back soon.

I promise not to do anything you don't tell me to do. I'm smart enough to know just how little I know about computers, medicine - and the list goes on, as it does for everyone. Back in a bit.

[marciam12]

Hi, I prefer to be called Marcia I'm going to try to answer your questions here. First, no program has found this "trojan." That's just what one of my friends told me it was. I had AVG free for a short time, and that's when he got in. I never got a notice. I installed MWB Premium and Security, and the spy or trojan or whatever he is - let's call him a trojan for now -  is still there. I only knew it was there because all of a sudden someone had changed all my passwords. That was irritating but tolerable. Then he got into my bank account and started charging things to my debit card (I am not out any money). His fatal mistake came when he opened up a FacebookPay account w/my debit card and paid $1 to open the account, verify, you know how that goes. So that's when I got a new debit card. He can't get into my money any more, but he's still in there.

the last thing I noticed that the trojan did is change the password on a very old Twitter account that I'd forgotten I had. I reported this to Twitter - this happened about ten days ago - and they removed the account he was messing with since I never used it. I have no reports or notices or anything. MWB and MWP don't pick up what he does.

when you say "download MWB Support Tool - you mean on the old computer with the trojan, right? I'll do that right now.

Then I'm going to go get the computer out of the box - the new one - and rearrange my desk but I'll check back on MWB Support Tool frequently.

Thank you so much. I'm not here 24/7 either. Wish me luck!

 

[Maurice Naggar]

Take your time.   There is no rush.   I just wanted for the new computer to be secured.

After all that,   we just want to run the report tool on the "problem-computer".   To start with, yes,  we want to get and run the report tool on the Old computer.

 

[marciam12]

I did it!

 

mbst-grab-results.zip

[Maurice Naggar]

On the new or old computer,  do not do any banking of any sort.  No shopping.  No purchasing.  No banking.    Do not even use Twitter or Facebook or anything online   ( except for accessing this Forum here).

Eventually, when we get all done,   ( not now)   we will need to have you change all accounts that have Passwords.   That is for later.

What you described is a compromise of credentials.  So far you mentioned Facebook / your bank / your debit card.

I do wonder whether at some point in time you left your Email address,  your date of birth,  your birthday,  your home address somewhere online.

Like Facebook ?   Twitter ?

It is possible that the loss of credential   happened on a outside source and not at all on your machine.

But that said,  we will run a battery  of several tests to check the old machine.

[Maurice Naggar]

Thanks, Marcia.   I see your report on the HP Laptop

The most recent scans with Malwarebytes reported no infections.

Even so,  I would like for you to do a new scan at this point.

 

Run a scan with Malwarebytes.
Start Malwarebytes from the Windows  Start menu.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

Then click the SECURITY  tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON  if it does not show a blue-color

Now click the small X  to get back to the main menu window.

Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Be sure all items were removed. ( if anything is found )

Then,   attach a copy of the last Scan report.

locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

 

[marciam12]

I am SO disappointed! I bought an HDMI adapter that they picked out (computer seller). It doesn't fit. So we can't do anything with the new computer today unless I get out in the heat and go to Walmart, but even then I wouldn't know what to buy. I think I'll go see  what Dell has to offer. Thank you for all your help. I'm really not in a hurry, I just want to use the big monitor ASAP so I won't have eyestrain all the time. Thank you so much.

 

[Maurice Naggar]

You can do the scan with Malwarebytes on the old computer.   with what it has as it is.

[marciam12]

OK, I did everything you said, and it came back all negative, nothing bad found on the scan. I ran it just as you told me to do. Everything was clean.

I get it - no shopping, no buying anything online, no info sharing. I promise to be good at that.

Thanks again for your help. So what's next? I can't do anything with the new computer because I can't hook up the monitor.

[Maurice Naggar]

Hi Marcia.   Glad to know the scan with Malwarebytes reported no malware.

Next, let's check for potential adwares.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.

 

[Maurice Naggar]

Hi Marcia.  I hope you saw my last reply.  How is the situation at this point ?

[marciam12]

I have had a busy week. After long talks with Dell, an honest salesperson told me that the new monitor was probably never going to work with the new-to-me refurb computer. So I did what I should've done all along - sent the refurb one back for a orefund and bought a cheap, basic Dell desktop brand new. I have had two doctors' appointments this week - nothing serious - and just haven't had a chance to even take the new Dell out of the box and, of course, I know that working on the old one is what we do first.

I'll install and run the Ad-Aware program as soon as I get a grip on the groups I help run on FB. I'm sorry I didn't get or didn't see your message. I'll follow your instructions and run that this afternoon. The ISP tech did tell me that, if the person who had this laptop before I did put a chip in it, nothing I can do will fix that. All I really want off this laptop is the pictures. I might want to take Libre Office with me as well. So it's not completely necessary that this laptop with all the problems  gets fixed. I have run CCleaner, Spybot, and defrag all on this laptop with nothing bad ever found on any of them.

Thank you again for your help. I'll be back as soon as I can.  You're a gem.

[marciam12]

Busy day. I installed and ran the Adware. I HOPE there will be a copy of its log at the end here. All I want to take with me from this computer to my new computer are pictures and a few memes from my desktop. I am saving them on old computer to a flash drive now. I will reinstall MWB Security Premium and Privacy first thing on new Dell. Is there anything else I need to do before I set up the new computer?

I need your advice on which browser I should use. I won't use Chrome. I've been using Firefox for many years, but it won't let me stream videos from Amazon Prime or ABC on this laptop - or maybe it's the laptop. I have much better luck on that with MS Edge and just got a copy of their new Edge a couple of weeks ago. I have a Firefox cloud; if someone has planted a chip in this laptop, will the cloud take it with Firefox Cloud if I install FF on new computer? Thinking about going with  Edge - your thoughts please?

I don't expect you to answer my questions on a Saturday night, and it's a little late for me to get started with computer setup. I go to bed early. Thank you so much for all your help. You're the BEST. MWB sends me surveys on your help, and I always give you the highest marks, as they are accurate. Thanks, Marcia   Here's a link to the Ad-Aware; I hope it works. Let me know if it doesn't.

 

file:///C:/AdwCleaner/Logs/AdwCleaner[C00].txt

I wrote this last night but forgot to hit REPLY. It was a bad day, and we all make mistakes, but I make more than others! Thanks again.

[Maurice Naggar]

On the new computer,  you only need to just install the Malwarebytes programs.   MWB Security Premium and Privacy    

You make mention of Ad-aware.   That is a choice if you so wish.

As far as web browsers,  stick with the Microsoft Windows'   EDGE browser.

A alternate browser,  if you desire such,  is the BRAVE browser.   See  https://brave.com

 

Your last reply did not actually attach anything.   You meant to attach the C:/AdwCleaner/Logs/AdwCleaner[C00].txt

You actually need to attach it  by going a tad more carefully,  as a part of the reply .....and before you click on "submit reply"

 

[Maurice Naggar]

Hi Marcia.   How  are  things  ?

[marciam12]

I havev all my pictures off old computer saved on flash drive. New computer up and running but cranky. First thing I did late last night - install MWB Premium & MWB Privacy. This morning it's just a blank screen, so I'm working on that. thanks for asking. you're my  hero! blank screen on monitor this a.m., fine last night, pushed all its buttons, off to Dell for help. Thanks.

[Maurice Naggar]

Check to see that all power cords , all cables are fully in,  where they should be.

Look for the power light indicator on the computer housing.

If you shutdown Windows last night,  and you powered up today,  try moving the mousearound  to see if the monitor comes to life.

Maybe the system went into power save mode  & went into sleep mode.

[marciam12]

Hi, I think I am cursed! The brand new computer I bought from Dell was a lemon. I have spent 26 hours sitting in this chair on the phone with them this week. I finally got sick of this last night and set out to return it. Locking up, crashing, every time I left for more than 30 minutes I had to restart the computer. Lots of weird things going on. I'm sorry I haven't been in touch, but all I've done is sit in this chair and talk on the phone and do what the Dell tech said. So I'll order a better computer when I get the refund for this one. I did get all my pictures transferred from laptop to lemon computer and added a few things to flash drive off lemon computer last night.

I just can't win, but I surely do appreciate all your help. You've taught me a lot. And the first thing I did when I got my nonworking lemon Dell was install Malwarebytes!

thanks, Marcia

 

[Maurice Naggar]

Hi, Marcia.   I hope your next computer does better.

I am happy to know that you did save your pictures.    My best to you.   Let me know if you need something else at this point.

[marciam12]

Maurice,

I would've never been able to save my pictures without your help. I am using my old laptop with the trojan or whatever it is until I get my NEXT new Dell. I was very disappointed in their tech support (closes at 5 p.m. central daylight time). But if you want sales support at any time, they are all over you!! I could sure use some luck, I feel cursed! Two computers I've bought and I'm still using my old one!

Again, thank you so much for your help. My next computer had BETTER perform better. I'm sure I'll be asking you something.

Marcia

[Maurice Naggar]

So.....  I take it you are not needing help from me at this time.

Have you run a scan recently on the computer you currently use ?

 

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your reply.

 

[marciam12]

My MWB scans are set to run every morning at 2:30 a.m. I'll run the scan you sent me when I'm through working tonight. Thanks for sending that.  You've helped me so much on this computer, it seems to be doing okay. I have also, as I may have told you, removed all financial data from this computer.  I had to check my card just one last time, and it was fine, but the hacker or trojan or whatever was still busy trying to run charges through on my old card number. So everything but my luck with Dell is fine. I'll send you the log on this tonight. I'm writing on deadline, or I'd do it now. Thanks.

[Maurice Naggar]

Hi.

About 

Quote

still busy trying to run charges through on my old card number

You had that old one cancelled ?    right ?

You had advised that bank and all your other bank / credit card companies notified that you were a victim of identity theft.   right ?

.

I look forward to getting a copy of the scan report.