Page 1 of 2 12 LastLast
Results 1 to 25 of 35
  1. #1
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    How Do You Get Rid Of Trojan Without Desktop?
    On my laptop. Somehow picked up trojan, AVG antivirus picked it up and healed it but still having issues. The problem is when I restart, the desktop shows up and then dissappears. So I can't get to any of my adware/spyware removers to get rid of it. 3 of the exe AVG said it got were chdpad exe, xpre exe, xrun exe if that helps. Anybody know what go do to get it back to normal? Thanks

  2. #2
    Internet Cowboy
    Join Date
    January 18th, 2005
    Posts
    4,662
    Start in safe mode and run your AV app.

  3. #3
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    I got it to safe mode and then it was loading up but then still nothing showed on desktop or bottom, can't click start or anything.

    So restarted and managed to click on a folder on my desktop with counterspy and other adware programs, running counterspy now. But still the desktop showed for a split second and then gone. Right now blank, just background/wallpaper. So CounterSpy is the only thing I can see. Once that's done running and I close it out, it will be completely blank.

    I've restarted, shut it down, numberous times and the desktop will show for a split second and then go or sometimes now show at all.

  4. #4
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    Oh, my AV program ran automatically at 8 am and said it healed the trojans. When it was running, couldn't even see it. The only way I knew it was running was by hitting ctrl alt delete and i could see it showing in the system processes.

    Damn, Counterspy found a trojan and adware PurityScan and said it removed them and rebooted and have the same problem. Desktop was flickering on and off and now off. Managed to start another adware program before it went off.

    All these people need to be in prison, at least.
    Last edited by Trust; June 16th, 2007 at 12:58 PM.

  5. #5
    Classic Rocker Mack's Avatar
    Join Date
    January 27th, 2007
    Location
    Lower Left Coast
    Posts
    1,167
    Reformat/Reinstall

  6. #6
    Internet Cowboy
    Join Date
    January 18th, 2005
    Posts
    4,662
    Time for a new computer in my book. Save all your data while you can.
    I'm going Mac on my next computer.

  7. #7
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    I'm running the other programs, see if they can do something. Got Ad Aware and VundoFix running now. Think I had that Virtumonde adware - Smit something toolbar

  8. #8
    Life is Supposed to be Fun! Rexanne's Avatar
    Join Date
    January 18th, 2005
    Location
    Los Angeles
    Posts
    12,360
    Oh BAH - Mercury Retrograde rearing ... time to BACK UP!
    Peace,

    Rexanne

    Rexanne.com
    Loving Everyone's Child Creates Magic


  9. #9
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Sounds like something has mucked with explorer.exe. I had that happen to me once, but luckily it was on one of my test systems, so I just deleted the system and started over again. Not want you want to have to do though.

    Try getting into your removal apps and set them to scan at boot. Then reboot and let them scan like that.

    Do you have HijackThis? You may want to get it and run it, then post the log on someplace like spywarewarrior forums. There are more than one baddie out there these days with so many variants, rootkits and/or mucking with system files, that special tools have been developed to rid specific baddies.

    Hope you have a backup disc of XP. Once you get it cleaned you may still have to re-install some system files if it's mucked them up.

    Or if you can get into restore and try a roll-back if you have a restore point prior to the problem. You might be able to get here through TaskManager.

    Sorry I can't anymore help than that. I never really try to get rid of the stuff. And if my OS gets whacked, I just delete it and create a new one.

    Just for future reference, McAfee puts out a lite virtual pc application now (though I've never pesonally used it myself). I think it was reasonably priced. You can set something like that up, then use the VPC anytime you may be doing "hazardous" surfing. If it gets blasted, then just delete the VPC and create a new one in a couple of minutes. VMWare puts out free applications as well. You can use their free VMWare Player to run a free Ubuntu system on your Windoze laptop for safe surfing. I know some folks who use some type of VPC set-up for anything that connects to the Net now. Shame to have to take the extra precautions, but better than a reformat.

  10. #10
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    "Think I had that Virtumonde adware"

    Saw a post over on the lavsoft forums from just a day or so ago from someone with the same problem and they had Virtumonde. Lavasoft was supposed to have a special tool to take care of it but something about there not being an actual hyperlink to get the tool. No one had responded yet to the post, but if you can't get it working you might want to keep an eye out on that forum as well or see if you can track down the tool.

  11. #11
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    "Try getting into your removal apps and set them to scan at boot. Then reboot and let them scan like that."

    Speaking of that, have you heard of AntiSpyware Boot Scan that shows up when loading back up? You can let it go or have 20 seconds to press a key and skip it.

    I think it might be from Sunbelt Counterspy? Never saw it before so I didn't know if it was one of those bad programs or if it was Counterspy or something else.

  12. #12
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    "Think I had that Virtumonde adware"

    Ran VundoFix (good tool) and now running a Symantec Adware/Virutmonde Removal Tool. I've had that before and eventually got rid of it, after like 14 hrs or so running different adware, spyware aps.

    Last month, that Virtumonde is a mf

    http://forum.abestweb.com/showthread.php?t=89835

  13. #13
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    It could be from counterspy, I'm not sure what specifically they call it. Pretty much all of them can be run at boot up. You may have to run them more than once unfortunately. Some are very invasive and good at hiding. Running a Hijackthis log after each go of it can be helpful as well. It will show you all the stuff which is running and flags bad stuff. If it's unidentified, you can at least go google it.

    And good look getting it sorted out without a reformat. It really is a PITA. Not a great feeling when you can't just easily trash the system and start fresh.

  14. #14
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    Ok, thanks. Will just run various adware programs the rest of the day and see if it helps, it's worked before.

    "Do you have HijackThis? You may want to get it and run it, then post the log on someplace like spywarewarrior forums.'

    I've seen that before when looking for fixes, never knew what it was but will check it out if I can manage to get a browser open.

  15. #15
    ABW Ambassador Nature Boy's Avatar
    Join Date
    January 18th, 2005
    Location
    Tennessee
    Posts
    1,423
    Boot up in safe mode.
    Do a control-alt-delete to bring up the task manager.
    Click File, New Task (Run...)
    Input Msconfig.exe
    Check your startup tab for anything out of the ordinary. If you need to search google for what a file actually is, do so.
    Uncheck anything that shouldn't be there.
    Reboot

    If the desktop still doesn't who up, it might be something to do with a resolution setting too.
    Do another control-alt-delete to bring up the task manager.
    Click File, New Task (Run...)
    Input Control Panel
    Check your Display settings.

    This is hoping that it's something simple, but if not, everyone elses advice would apply here.
    Scott
    If you can't dazzle them with brilliance, then baffle them with bulls#!t
    Don't tell me that you'll do it... SHOW ME.
    Just because everyone else is drinking it is no reason for me to drink the KOOL-AID.

  16. #16
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    Oh, have you seen fake/bad ones run when booting up, the AntiSpyware Boot Scans? It said something about removing spyware but like I said, didn't know if it was Counterspy or something bad so I just hit the space bar to skip. Last time I ran it. Thanks again for the help.

  17. #17
    ABW Ambassador Snib's Avatar
    Join Date
    January 18th, 2005
    Location
    Virginia
    Posts
    5,303
    Quote Originally Posted by UncleScooter
    I'm going Mac on my next computer.
    Way to go Scoot! If you've got any usage or software questions you know where to find me

    - Scott
    Hatred stirs up strife, But love covers all transgressions.

  18. #18
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Oh, have you seen fake/bad ones run when booting up, the AntiSpyware Boot Scans? It said something about removing spyware but like I said, didn't know if it was Counterspy or something bad so I just hit the space bar to skip.
    Yes they can be fake. If you look at the top 10 threats that counterspy and other put out each month, a good chunk of them are rogue antisyware applications. A reputable application should have their logo or something on that screen to identify themselves. Unless that was a Windows message you got.

    If you got to msconfig like NatureBoy said, you should see everything that is going to boot at start-up. Maybe you can id it there. It's probably not a bad idea to turn off any application you don't need right now. But turning off things you don't recognize like NatureBoy said is a good idea also. Not that some will just turn themselves right back on anyway, but it's worth a doing.

  19. #19
    Fear and Arrogance jrrl's Avatar
    Join Date
    January 18th, 2005
    Location
    Pittsburgh
    Posts
    485
    I've said it before and I'll say it again... I feel better about being a Linux and Mac house every single day...

    -John.
    There's a reason army's wear uniforms even though it makes them easier to spot. Sometimes that's what you want. Uniforms suggest organization, power, and numbers. These, in turn, inspire fear. And, as any good operative knows, there is no more effective weapon than fear.

    Hosting Comparison - HostScope - jrrl.com

  20. #20
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    I got it back.

    Ran everything I had:

    Counterspy
    AdAware
    Spybot
    Trend-Micro Anti Spware
    CW Shredder
    VundoFix
    FxVMonde Syntamec Adware/VirtuMonde Remover

    Registry Mechanic
    CCleaner

    AVG Virus Scanner
    Trend Micro Free Virus Scanner

    And I'm running some of that now and a few more times. So far looks like I can get around ok.

  21. #21
    Internet Cowboy
    Join Date
    January 18th, 2005
    Posts
    4,662
    I'm glad you got it back Trust, but this incident could be the poster child for the argument of leaving the windows environment behind.

    I recently had McAfee start charging my credit card automatically for updating their software. That is where I drew the line. We pay all this money for all this software to protect our computer from this kind of crap when MS could make it stop and doesn't or does not know how to make it stop, but now this type of software has turned into a multi-billion $ industry. What did this incident end up costing you?

    I have two great Windows machines, but I am going to buy a Mac and start the migration in a few months.

  22. #22
    All Around Web Guy Cursal's Avatar
    Join Date
    January 18th, 2005
    Posts
    829
    I feel your pain Trust!

    I have been battling a bug for weeks now. Seems each time I get rid of it, it comes back somewhere.

    It started with the Smitfraud.c-toolbar888
    Also had Virtumonde
    and whoever made the DeluxeCommunications crap should be jailed for sure.
    It almost always comes back to that one file tacked on to a registry H_Key.

    I got help from www.GeeksToGo.com and have run tons of scans and log files, .exe (hijackThis BillBox, Vfix etc)

    Let us know how it goes.
    I still get a warning in the mornings when I flip on the Monitor that AVG or Ad-Adware had found a critical file. Ugh! but i quarantine it and delete.

    Just don;t have the time to clean/wipe the HD and re-install everything.

  23. #23
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    "It started with the Smitfraud.c-toolbar888
    Also had Virtumonde"

    Sounds what like I had from the thread I linked too last month. DL this, it works, I think it's what took care of the Virtumonde problem I had.

    VundoFix

    http://www.atribune.org/content/view/24/2/

    And I'm running smooth again. Last scans all turned out clean.

  24. #24
    All Around Web Guy Cursal's Avatar
    Join Date
    January 18th, 2005
    Posts
    829
    Two links from the GeeksToGo site

    How did I get infected?


    Guides for removeal of common Spyware/Virus

    Very useful stuff

  25. #25
    Affiliate Manager MINDsprinter's Avatar
    Join Date
    August 18th, 2006
    Location
    Washington, DC
    Posts
    1,436
    Went to the Mac side 5 years ago and I've never looked back.
    Jason Rosenbaum
    Affiliate Manager
    MINDsprinting

+ Reply to Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Trojan from this board
    By Mmfh in forum Introduce Yourself
    Replies: 19
    Last Post: January 5th, 2009, 12:03 PM
  2. Trojan Spy
    By mailman in forum Programming / Datafeeds / Tools
    Replies: 2
    Last Post: November 24th, 2008, 08:54 AM
  3. Potentially Serious IIS Trojan
    By Dynamoo in forum Midnight Cafe'
    Replies: 10
    Last Post: June 27th, 2004, 01:36 AM
  4. trojan horse virus
    By eMerchantConsulting in forum Midnight Cafe'
    Replies: 4
    Last Post: June 25th, 2004, 10:43 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •