Page 1 of 11 123 ... LastLast
  1.    30 Apr 2017 #1

    Trojan deep in my system


    Hi!

    Today i might have got a trojan. I did indeed install a program that redirected me to a site where i think the website downloaded unwanted malware to my PC. The malware that has got control over my PC has completely blacked out my access to Windows Defender, At the time I am writting this i am running IObit Malware Fighter 5, as this is the only other antivirus i had on this computer (I do know it is stupid to not have a AV). IObit Malware Fighter 5 was able to find a Trojan called Trojan.Generic which was using the program smu.exe. I told IObit Malware fighter to remove the trojan and uninstalled SMU.exe. Even thought this helped me a little bit, i still get popups from different web browsers that has been hijacked. I'm pretty sure most of my Email accounts have been stolen or opened as well. Perfomance whise my computer is running okay, but my memory rate is higher than Usual. The program has removed all administrasion rights from me as well as defender has been disabled by "Group Policy".

    Hugs, Vikdal
    Last edited by Vikdal; 01 May 2017 at 11:15.
      My ComputerSystem Spec
  2.    30 Apr 2017 #2
    Join Date : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 17,005
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition

    You may want to consider d/l ing the suggested malware scanners beforehand onto a FD or to your PC so that they will be ready to run once you have run RKill.

    First off, d/l & run RKill, this will attempt to terminate any malware processes running in the background. Do not reboot after running RKill, instead immediately run a malware scanner. Rebooting will allow the malware processes to run again.

    Next d/l SuperAntiSpyware portable and run it.

    Note   Note
    Please note : The scanner is saved under a random filename so that malware infections won't block its execution.


    It would be a good idea to d/l & install Malwarebytes Free & also run that.

    Follow up with AdwCleaner. After running it, reboot your PC if it finds anything.

    Hope this helps.

    BTW, IOBit has somewhat of a shady past and you may wish to uninstall that & go with another program. They have been know to install PUP's as well as other spyware.
      My ComputerSystem Spec
  3.    30 Apr 2017 #3

    Hi!

    So i followed what you said from detail to detail and the problem seems to be solved. I uninstalled IOBit as well, because it had a shady past. The only problem is that the memory/ram which the computer is using is still higher than usual. Before i got the trojan i would use around 20% of my ram, now after the trojan, i'm using around 70% of the ram. This does not bother me a lot, but if i run either games or multiple programs, i have a chance of using all of my total ram. Is this normal? Can I fix this in any way? Thanks again for helping

    Regards, Vikdal

    UPDATE: The trojan itself seems to be gone, but all AV is still Blocked as well as ADWCleaner and MalwareBytes.
    Last edited by Vikdal; 30 Apr 2017 at 12:54.
      My ComputerSystem Spec
  4.    30 Apr 2017 #4

    Also, I could not use MalwareBytes or ADWcleaner, as i still could not run the installer after downloading it

    Picture of what happens when i try ADWCleaner is: https://gyazo.com/dfa208c4b3fd5bc1feb5c71421f67660
      My ComputerSystem Spec
  5.    30 Apr 2017 #5
    Join Date : Oct 2014
    Posts : 2,467
    W10 Pro + W10 Preview

    Download Malwarebytes Anti-Rootkit Supplement from LINK
    Instructions are included...
    https://support.malwarebytes.com/cus...7176?b_id=6400
      My ComputersSystem Spec
  6.    30 Apr 2017 #6
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,973
    Windows 10 (Pro and Insider Pro)

    Quote Originally Posted by Vikdal View Post
    Also, I could not use MalwareBytes or ADWcleaner, as i still could not run the installer after downloading it

    Picture of what happens when i try ADWCleaner is: https://gyazo.com/dfa208c4b3fd5bc1feb5c71421f67660
    Check this article on Bleepingcomputer. At the end is section about removing it

    If you did happen to get infected, the easiest way to remove SmartService is to use an unsigned security program and rename it to another name like iexplore.exe so that it will execute. *For our guide, we are using an*unsigned version of Zemana, which has been staying on top of this infection.
    Otherwise, you will need to boot into the Windows Recovery Environment and manually delete the files associated with SmartService. *Then when you reboot the computer you should be able to use your normal security programs to remove the leftovers.
    News was posted here about a week ago
      My ComputerSystem Spec
  7.    01 May 2017 #7

    Hi!

    Thanks again for helping me. The malwarebytes Anti-Rootkit got the same trojan over and over again, duplicated in different areas. Malwarebytes found 21 Trojan.Droppers and 1 Trojan.downloader and the computer seems to run fine. There is still abit of a high Memory usage compared with before, but i'm fine with that. I can still not download AdwCleaner even if i did what was said in the post above. I was able to remove the Reg that denied me access to windows Defender. (this was thanks to rKill). Any idea how to get these rights back?

    Vikdal

    UPDATE:
    Virus just backfired. I'm now getting popups once again and my background on web browsers has changed. Not sure what happend thought as i did not download anything.
      My ComputerSystem Spec
  8.    01 May 2017 #8
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,973
    Windows 10 (Pro and Insider Pro)

    Quote Originally Posted by Vikdal View Post
    Hi!

    Thanks again for helping me. The malwarebytes Anti-Rootkit got the same trojan over and over again, duplicated in different areas. Malwarebytes found 21 Trojan.Droppers and 1 Trojan.downloader and the computer seems to run fine. There is still abit of a high Memory usage compared with before, but i'm fine with that. I can still not download AdwCleaner even if i did what was said in the post above. I was able to remove the Reg that denied me access to windows Defender. (this was thanks to rKill). Any idea how to get these rights back?

    Vikdal
    If you have Smartscreen infection, try using following removal guide from Bleepingcomputer.
      My ComputerSystem Spec
  9.    01 May 2017 #9
    Join Date : Oct 2014
    Posts : 2,467
    W10 Pro + W10 Preview

    Quote Originally Posted by Vikdal View Post
    Hi!

    Thanks again for helping me. The malwarebytes Anti-Rootkit got the same trojan over and over again, duplicated in different areas. Malwarebytes found 21 Trojan.Droppers and 1 Trojan.downloader and the computer seems to run fine. There is still abit of a high Memory usage compared with before, but i'm fine with that. I can still not download AdwCleaner even if i did what was said in the post above. I was able to remove the Reg that denied me access to windows Defender. (this was thanks to rKill). Any idea how to get these rights back?

    Vikdal

    UPDATE:
    Virus just backfired. I'm now getting popups once again and my background on web browsers has changed. Not sure what happend thought as i did not download anything.
    After you had done the Mbam Anti-root scan did you tick all identified Trojans, then clicked Delete....IMPORTANT you must then Shut down the computer straightaway to complete the cleanup.
      My ComputersSystem Spec
  10.    01 May 2017 #10

    Yes i did do so, but in the middle of the cleanups it crashes. I'm currently doing what AndreTen told me to do, but while running Zemana it does equal to the AntiRoot-Kit and crashes in the middle of the cleanup :/
      My ComputerSystem Spec

 
Page 1 of 11 123 ... LastLast


Similar Threads
Thread Forum
Solved Trojan or not ?
Hi all, Not quite sure when this started but roughly somewhere around July I noticed a file called NTUSER.rhk that resides in "Users\My username". Googling for the .rhk file extension gave me a bit of a scare as most sites suggest this is...
AntiVirus, Firewalls and System Security
Solved Do I Have A Trojan?
Hello, First post here :) Lately my Windows Defender is finding a Trojan in the Recovery D (Trojan:Win32/Dynamer!ac) It only shows up after a full 3 hour search and not in the fast search A full search with Malwarebytes, Adware and Hitman...
AntiVirus, Firewalls and System Security
.ecc Extension: Trojan ? Can't Seem To Delete Them ? Help please
Hello, I received an eMail from a friend who said that any file with an .ecc extension is one of those Crypto ransom ware trojans. True ? My old PC7 PC was wiped out, literally, a few months ago, so I am literally paranoid about this.
AntiVirus, Firewalls and System Security
Solved Trojan Detected in OneDrive
The odd thing is I don't even use OneDrive except to automatically upload photos from my Android phone to my desktop; nothing has been detected on the phone. I've run another full scan with Bitdefender and Malwarebytes Anti-Malware (free) without...
AntiVirus, Firewalls and System Security
Trojan in My Registry
I have an older 15 inch HP with W10 that I recently updated. I have always had McAfee on the computer, it has never lapsed. I have also run Spybot, Malwarebytes, Google Ghostery and ABP Adblock Popup. When I recently bought a new printer...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 08:08.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums