Well, my friend just had 4 of his accounts (WoW, email, AIM, MSN) phished and did a scan to reveal 8 trojans. He couldn't remove them without a reboot (and Malwarebytes informed him that he couldn't even fully remove it anyways) so I recommended that he go in safe mode. He reboots his computer, and his computer now has a password that he doesn't know.

Since we share many things with each other on his server, I decided to do a scan with Malwarebytes, as well, and surely enough, 8 trojans. Except none of my accounts were stolen and I use keyscrambler and things of the sort, being paranoid. I don't know what to do, because I always thought the answer was to reboot in safemode and remove the threats, so I'm looking for a solution. Here's a http://img193.imageshack.us/img193/4628/trojanne.png.

I'm running Windows 7 Ultimate 64-bit. Can ANYONE PLEASE OFFER SOME HELP.

:D

first off rename your computer to OWNER. im going to assume that you already tried an AV program or something like spyware doctor or similar and it didnt work. if you can find the names of the trojans the best thing to do is simply google them. i had a couple of instances way back when i first started using computers and i found lots of info on how to get rid of them.......some of them required editing the registry and doing some other funky stuff.

my cousin uses some kind of passcode verify thingy that he got on his phone for WoW im not sure if its the same thing you are using.

I don't have an authenticator for WoW, but I haven't logged in since Cataclysm dropped, so I think that's fine. I'm just worried about my email, and even password to these forums. Rename the administrator account to OWNER, or my computer itself?

the computer........although it might just be my paranoia but i always kept it at owner so that it wasnt identifiable. im a libertarian so i dont trust anyone.

I actually just supposedly removed it with simply malwarebytes following instructions I found on google when googling the Trojan.Dropper and Trojan.Agent viruses that were on Malwarebytes' official website (though I'm doing another scan with avast! just to be sure, as well as backing up my OS).

If I restart my computer and get locked out, I want to be damn sure I can reformat.

It's silly-easy to crack a windows password, or just plain overwrite it. The only way you can get locked out of your data is if the password is 15+ characters and contains at least one special character AND you are using Bitlocker. If even one of those statements are false, you can recover your data even if the infection changes your password.


.... And yes, this should be considered as advertisemant for the use of encryption to truly protect your sensitive data (preferrably truecrypt since it is cross-platform allowing you to more easily unencrypt data if something goes wrong with your Windows install).

Oh, and of course a Windows password does zilch to keep you from reformatting/reinstalling. You'd need a BIOS password to do that, and you can usually either reset that or decode it with a checksum

So, assuming I restart my computer now that I've apparently removed the threat, and I get locked out, how would I get back in?

http://lifehacker.com/5674972/how-to-break-into-a-windows-pc-and-prevent-it-from-happening-to-you

So you don't need to worry about being locked out. You might want to pass that onto your friend too so he can get his data off his PC before nuking it.

Well, I apparently removed the threats, restarted, did a full scan, and they're still there. Trojan.Agent, Malware.Trace, Spyware.Bank, and Stolen.Data. I've done everything it said on google to remove them, and they're still here. Any advice? Will I have to reformat?

I'd just reformat if I were you. 4, maybe 5 hours is my metric. If an infection isn't 100% removed by that time and I'm not making significant headway on fixing anything the infection may have borked up, I just cut my losses and reformat and reinstall.

You've had good advice in this thread. It's time to format and reinstall. :brokencomputer:

*sigh* great.

Alright, time to back up all of my Mass Effect and Morrowind saves. -_-

And all of the mods I've made.

Thanks for the help.

What exactly are people doing to get all these nasty bugs / trojans?

I mean this seriously and without derision - I've been on the Internet for a rather long time now and I've only once had to reformat due to a virus (and this was maybe 10+ years ago and I had no idea what other options were at my disposal). Are there some viruses out there that avast! and AVG (I highlight those because they are free) can't detect? Or are people simply not running anti-virus scanners? I've heard people / tech magazines say that anti-virus stuff doesn't really cut it anymore, what with the latest generation of viruses and all, but I'm a little worried about how well-informed people who generally follow all the rules can still get a massive system corruption. Bottom line: is there something I / we should all be doing that we aren't?

Stop letting websites run Java applets (simple to do by disabling the Java plug-in), stop opening PDF files in Adobe Acrobat/Reader and use a different application. Use a URL unshortener extension so you know what is on the other side. If using Facebook, be weary of any messages you receive, even those by friends especially if they seem out-of-character, or contain a link asking you if "you" are the guy in the image/video.

So the basics, then.

Though I despise URL shorteners. Damn Twitter. And Adobe reallllly needs to get their act together regarding Flash / Acrobat / Reader.