Need Help with Trojan and MSE

Our 10-y/o backup PC (Dell Dimension 2350 running XP) that my 9 year old uses has apparently come down with a trojan or trojan(s).

MSE pops up every few minutes with an alert stating a trojan was detected. I prompt it to remove them, and often it states it "not found"?

One such file is: C:\WINDOWS\Temp\apnm.tmp\svchost.exe and many others.
There are TONS of temp files (no clue what they are), but MSE keeps finding infected Temp files that don't exist??

First off, I am not at all computer-savvy. You may have to dumb down your responses a bit for me!

I have run MSE, Malwarebytes, SuperAntiSpyware, killbox.exe, you name it. I also run ZoneAlarm as the firewall.

My son often plays these free internet ?flash games, which I suspect is the issue.

Most people have told me to simply "wipe the hard drive clean and reinstall the OS". This sounds like a very complicated endeavor for my skill level. Perhaps unnecessary?

What do you guys recommend? Any input greatly appreciated. Thanks in advance.

 

I would really recommend that you go to this website:

http://www.geekstogo.com/

They have trained experts that will work with you for free, they even have a extensive training program that also is for free. The only problem is that they are so busy you may have to wait a couple of days for them to respond to you, all of there staff is trained and must be certified, you really get quality help and support from them all for free.

Just sign -up in there forum and follow the instructions they provide, they are all very nice and understanding, I have nothing but good experiences and have learned a lot from them as well.

 

Wiping the system is completely unnecessary (but very simple to do).
Only do this as a last resort.

First off, I would recommend you remove ZoneAlarm from your computer.
It slows it down needlessly and introduces much more headaches than it's worth.
Look into other solutions for firewalls that are much more effective and bring far less headaches, or just stick with Windows firewall (which is more than effective).

For protection, you only really need MSE and maybe Malwarebytes (everything else is virtually a waste of OS resources).

Here are a few steps you should follow:
Open up both MSE and Malwarebytes then update them (make sure they are fully updated to the recent definitions).
Once you are done with that, reset the computer and before the Windows loading screen appears (right after POS screen - BIOS screen fllashes) keep pressing F8 until a menu appears.

There, select 'Windows Safe Mode' (just safe mode, no need for networking option).

Once you get into Safe Mode you will likely be asked if you want to run a system restore.
Tell the system to NOT go with the system restore and continue into Safe Mode.

Once you are at the desktop, run a FULL scan (not a 'quick' one) of your hard drive (all partitions) via MSE and after that with Malwarebytes.
If the programs find anything, well, get rid of it via repair/disinfect/remove options that present themselves in the programs upon detecting infections..

The reason I'm recommending this is because in Safe mode most system files are disabled and viruses/trojans/whatever can be removed with better ease.

Restart the system after the scan (and repair/desinfection) was done and check if you are still getting the issue under standard operations.

If you are still getting those issues, you might want to download and install Avira free (and update it) ... because it's supposed to be slightly better in detection rates compared to MSE.
Then run a full system scan with it and see (again in Safe mode) if it finds anything.

Which Internet browser is your son using btw?
My recommendation would be for you to download and install Firefox, then put 'AdBlock Plus' into it as an add-on (set to EasyList for blocking).

One final thing ... install 'cCleaner'.
Under it's 'Options' - 'Setting's, pick 'Secure File Deletion' and choose 3 passes.
Run the 'Registry' cleaner (several times even after you removed most issues, some new ones will crop up) and after that 'Cleaner' (which might take some time).

 

Thanks for the advice.

The browser is Firefox 3.6 with Adblock plus.

MSE and Malwarebytes are both current wrt updates.

I already have CCleaner--I'll change the settings you mentioned.

MSE every minute or so comes up with a warning that it's detected something. The file path it gives just doesn't exist--very strange.

I'll re-run everything in safe mode and see what happens.

**edit** I get the BSOD when I try to run safe mode.

 

shouldn't he turn off sys restore and get rid of all the restore points that are probably infected ?

 

Okay, this is getting a bit more frustrating. Safe Mode won't run, just goes into the BSOD.

Is there a plan B I can execute?

 

Hm ...
Now that one is a bit strange.
BSOD-ing in Safe Mode.

What you could try is to install Avira, update it, and scan the system like that (in regular mode).
See if it comes up with anything or gives you a different option.

Alternatively, you could try repairing your existing Windows install and then scan the system after that, if you have a XP CD/DVD with which you could conduct the repair.

Finally, if nothing works, then indeed it might be time for a full OS reinstall.

Although, I also wouldn't rule out the possibility of the HDD going bad and corrupting OS files given the computer's age.
That's one quite old system you have there.

Not a bad idea.
I think this can be acomplished via Disk Cleanup option (also turning off the restore points in Control Panel - System [at least temporarily] until all that is done) wouldn't hurt.

 

I actually had Avira before MSE. It didn't detect anything!

What do you mean by "repairing the existing Windows Install"? I do still have the XP discs that came with the PC...

 

Well, I may be hosed now....

BSOD on every startup now. Guess I better find directions on that "wipe and reinstall".....

 

If you started getting BSOD's at every startup, it's quite possible the HDD has started going under.
Though I'm not discounting the virus infection being extensive.

As for reinstalling the OS ... go into BIOS and set the boot from CD.
Insert your XP disc, then save the BIOS settings and wait until you get the message 'press any key to boot from CD'.

The rest of the process is rather easy and head on.
Once you get to the installation screen, set the C drive as the section to install the OS, but make sure to set the setup to run a FULL format of the drive in question before the installation begins.

After that, just follow on-screen instructions and that's it.

 

How do I go into BIOS? No matter what I do, I get the BSOD--can't go any further. Doesn't matter if the disc is inserted or not.

When I turn on the PC, I get the black and white screen asking to choose startup normally, safe modes, etc. No matter what I choose, the computer almost instantly goes into the BSOD. I never see an opportunity to access the BIOS.

**edit** I punched F2 upon startup, looks like I've accessed the BIOS screen!

 

Well, got into BIOS, booted from CD.....new BSOD now.

Screen reads: SESSION3_INITIALIZATION_FAILED

STOP: 0x0000006F

Not good.....

 

Before wiping out your hard drive, you could physically remove it from your PC. Take it to a knowledgeable friend. Ask him/her to install it in another PC, boot into Safe Mode, and scan your hard disk. Your friend may be able to heal/repair/disinfect/quarantine/etc. and make your hard drive workable.

Personally, I love a clean install every two years or so.

Jeremy

 

So, I put in the CD everything seemed OK until after it ran it's CHKDSK 3-stage process.

After that, I get stuck in a black screen that has safe mode in all 4 corners and a Windows XP Setup error: Windows XP Setup cannot run under Safemode. Setup will restart now. Only option is to click OK.

When I hit OK I go back into the setup loop all over again, regardless of whether the CD is in or not. I even tried ctrl+alt+del at the "black screen", but it will not work.

Do you think this sadistic loop I'm stuck in is because the XP CD I have is SP1, but the OS I'm trying to repair is SP2 or maybe 3?

 

I think there is a good possibility that your hard drive bid the dust.

you haven't even reached the option to instruct the program to repair the OS in question.

But what you could do is try burning the XP with SP2 and SP3 slipstreamed on it if you can get your hands on the version that you got initially and use the OEM key for activation.

Check your present XP CD for smudges or damage.

You could also attempt to disable the virus check in the BIOS (which might be the cause).

But honestly, I do think this might be connected to the HDD mechanical failure.

 

This is exactly, why you should go to the website I listed above, so far I saw incorrect information given out.

1. never turn off system restore until they have removed the problem. believe it or not an infected restore is better than none

2. never use registry cleaners.

3. Extra Note: Do not run a full scan with MalwareBytes. It is not required or needed, and in fact makes there job tougher.

you are definitely getting wrong information, most of these trojans, viruses are smarter than the people trying to remove them. Things must be done in the correct order and properly, never let just anybody just remove these issues because we also do not know what else you might be infected with and if not done correctly you will be left with a bigger problem.

There are special programs that need to be ran first, it use to be HijackThis. There is now a new program called OTL that needs to be ran by a professional who was properly trained to use it and know how to read the results.

Please go here and follow the instructions: (It is the starting point)

http://www.geekstogo.com/forum/Malware-Spyware-Cleaning-Guide-t2852.html

There are still many other special programs that you can only get from them as well and are not listed for the public to use, that will help get rid of your issues.

Please trust me as I have trained there for many months but have not finished the course and am not allowed to help you until I am certified to.

Good Luck.

 

2by4: thanks for your help, but how can I run system checks (again) when I'm now stuck in this loop? I'm no where near any point where I can access any programs.

I actually did follow the steps from geekstogo. Problem is, at step three it said I was fine. So I did a reboot per the instructions and got the BSOD which led to me trying to repair the OS.

 

The best advice at this time would be to sign up and access the virus and spy-ware forum and explain what had happened at/after performing step 3 they might still be able to gain access for you. The only problem is you might have to wait a while to be answered as they are volunteers that work for free and it is a very busy site.

Removing viruses and spyware can be tricky and time consuming, just running a anti virus/anti-spyware program does not always solve the problem.

The only other solution at this time would be to reformat the computer erasing all that is on the hard drive and reinstalling the operating system. But I would at least try the above solution first, as they may be able to access your computer and save your data if you have the time to wait.

I know that it is frustrating, but if you can wait for a trained specialist to work with you, there is a good chance that they can still help you, at least give it a try. I have to say that I have seen computers in similar situations which they have fixed, every-bodies situation is different.

Good Luck

 

See, the issue here is that the computer gives him an BSOD no matter what he does ... so even a format and re-install is not even doable for him at this point (because he already tried it and BSOD appeared after booting XP from the CD), which is why I told him to start thinking of the possibility the hard drive itself began to give out.

Also, while I agree that removal of virus and spy-ware can be a time consuming process and complicated ... most of the time, it's actually quite simple as running a scanner and removing it, which is why I suggested to him the Safe Mode option since it works almost every time (although very few people implement it), but was unable to do it because he started getting BSOD upon entering the mode itself.

How is he even going to format the hdd and re-install the OS if he keeps getting BSOD's at the XP setup from booting off of the XP CD to begin with?
This kind of issue suggests several possibilities.
Some of the likeliest ones would be the BIOS of the motherboard became infected, or/and that the HDD itself began to fail due to it's age.

Actually ...
There probably is a way.

Ubuntu LiveCD.

You could download it, then burn it and boot Ubuntu via the CD directly (hdd will not be involved at all).
That way, you could try to format the hard drive (which should show on the Ubuntu desktop as a separate icon), and once it's done, try to install XP.

I had an issue with my over 3 years old laptop.
The HDD went dead in a similar fashion.
I tried the LiveCD option to see if I can salvage the data, but it wouldn't even show up in the BIOS, let alone Ubuntu - it was completely dead (the HDD).

Of course, I'm not saying THAT's the issue. I'm only saying you should probably think of the possibility that the HDD decided to go 'poof'.

 

I read in some Microsoft Support Site, that this particular error can also be contributed to a bad optical drive.

You can try to review the BIOS and make sure that the hard drive is the first boot device, and see if this error goes away.

 

My friend, this thread is train wreck. You are totally screwed up now.

There is a reason why someone said go to geekstogo: malware removal is not hard, but it requires a methodic, careful process. That cannot occur on this forum because everyone starts throwing ideas (some good, some bad) at you and you follow them all in no given order.

You weren't supposed to go there and follow a few steps--you were supposed to go there, follow some steps and follow the instructions on posting a thread there.

There was no real effort to get any real information from you on which to make a solid diagnosis and work out a plan. This can occur when a single person works you through a problem, but the haphazard nature of this thread has made things worse not better.

You are now in the realm of take it to someone who knows what they are doing. I'm not talking geek squad, either, who never met a system they didn't want to wipe out or replace the harddrive (and will charge you twice what they ought to).

Check craigslist for a local tech who knows what he or she is talking about.

 

Yes, I was the one who mentioned GeeksToGo and could not agree with you more, I did start there training program and I could not believe how intense the program is. I know people want to help, but they don't even realize that they don't even have half of the information that is required to remove Spy-ware and Viruses. I only have about 4-6 months in the program and that is only about half way through. I really recommend that if you would like to learn go to www.geekstogo.com, the training program is for free, time consuming and very intense. I guarantee that it will not be easy even for the person who has some knowledge but it is very interesting.

(Below is to everybody)

Also, I know there are some that are easy to remove with some of the instructions that have been given but those that are easy to remove are so few these days, most are very complicated and will ruin your computer if not done correctly, if you do not believe just try and take the program at www.geekstogo.com, most people don't last after 1-2 months because it is hard and time consuming. There is a lot to learn, you will be shocked.

 

Now, you're going to scare people off (of the training).

Seriously, though, while the training is thorough, I firmly believe (almost) anyone can learn to be a malware cleaner provided they are willing to put in the time and leave the ego at the door.

And the support system is always there if you get into trouble to help you if you're stumped.

There are a lot of people on this forum who I believe could kill just about any malware if the infected computer were in front of them, but walking someone through a malware cleaning is another animal.

 

I know this advice comes too late for you, and it might well be that your problem has at least a hardware component to it, but next time you set up a PC for your 9-year-old to use, make sure to not give his user administrative privileges. In all likelihood, none of this would have happened if you had run this computer in a proper configuration. The most important advice, before you install any antivirus software or any other junk along those lines, is to never, ever, do your day-to-day work and web browsing while logged in with administrative privileges. Administrative logins are for software installation and system maintenance, and nothing else, period.

P.S.: As an aside, I find it telling that you don't see the above advice given very frequently, whereas everybody and his brother keeps peddling all sorts of anti-this-or-that garbage. I'll leave it at that.

 

Sometimes a malware will hook their executables or embbed them in a legal executable not covered under the sfc protected files therefore I don't bother to clean, since a reformat guarantees a full fix, just pull the important files off a Linux Live CD before you format.