08-19-2011 12:53 PM - last edited on 08-19-2011 01:16 PM by Dave_Coleman
I infact did catch a trojan. It made my computer continuously reboot, I had to restore to a previous date. But that only allowed me to reboot my computer in safe mode. I can't reboot my computer normally, and I have no idea which files I need to remove without removing important ones. I know I'm going to have to edit the registry and delete files from it and files from the computer. Someone please help me!
08-19-2011 02:25 PM
I forgot to say that I caught this trojan by downloading Adobe Flash Player. I saved the file (Norton verified its validity) and went to execute it and it said could not be accessed or something like that. Then, I tried to download it again from the adobe website and a message popped up in the corner of my computer saying that it was a backdoor trojan (I don't remember which one) and that I needed to restart my computer to remove it and it had a button to click on. I DID NOT click the button (seeing as how it did not look like it was from Norton) and my computer preceeded to restart on its own and when I logged back in after reboot, a little bubble popped up saying that my computer had issues that needed to be resolved, I clicked on the symbol (it looked legit) and my computer restarted again. And like I said it continuously did so (even when I was in safe mode). I even tried to bring up the task manager to quit the .exe's that was making my computer reboot but it was too fast. I can't run Norton (I think the Trojan deleted it or something), nor can I run any other Antivirus Program. I've run Windows Defender and nothing pops up on it. Should I use Norton Power Eraser? Or should I manually fix the registry. Since I last posted, I went through my system and found the files that were created at the time I caught the trojan and deleted all of them. I caught this trojan like 4 and a half hours ago. I would greatly appreciate anyone who can help me with this.
08-19-2011 03:06 PM
Since you have already deleted files that may or may not be a problem, I think it would be best to send you to a free malware removal forum where you can work one on one with someone to get your machine going again. Bleeping Computer will be slower than the others because it is so busy.
08-19-2011 09:07 PM
There is a Fake Flash Player (probably repacked to avod detection) and is cleaver with Facebook and fake UTUBE video page that states you need to update Flash Player, User does so then PC gets infected.
It is a Trojan, it installs on the system and gives a error message that looks as thougg it's a failed install, but it's NOT. After a Fake Alert popes up stating you need to restart the PC. The user does so, if unaware.
A registry key is created so that when the user restarts the PC Windows automatically loads into Safe Mode.
This is do the Trojan can uninstall the detcted Security Software (Norton included) as AV's don't run in realtime so does not protect itself from the malicious uninstall.
The fact you can't now get out of Safe Mode, due to either you deleting something or a Bug in the Malware itself, unsure, expert logging is required from one of the above sites. In my case I could not get back into Windows at all eventually..
What happens if you (or other PC's with this infection) can get restarted back into Normal Mode a Fake Message and a Norton icon (for PC's previously having Norton installed).
Once Coonected to the Internet the infection downloads more files to infected the Computer with and this includes the Rootkit Zeloares, which infects Windows files that is needs and should not be deleted, instead cured.
The infection is protective of itself, and on running scans or using other programs like Hijackthis OTL etc. some of the .exe files get corrupted so that the .exe can never be used again. You have to download a fresh copy after the clean.
Or SAS and MBAM can't scan and can get closed. Also Norton cannot be installed, gets stuck, NPE also gets stuck a long way before getting to the options scanning.
Yes I tried this Trojan.
08-19-2011 10:37 PM
My son's computer has gotten this exact Trojan. Norton 360 is gone and I have tried to re-install it many times but it never installs fully and then the computer restarts, it starts in safe mode then before you can do anything it restarts again but in normal mode. When someone finds a fix for this, I really need to know it so that I can fix my son's computer. Please post a complete fix, in dummy language please, so that I can follow it step by step.
08-19-2011 10:43 PM
You need to visit one of the four free malware forums, links posted above, for this sort of assistance.
08-19-2011 10:48 PM
It's not the easiest infection to get around, specialist advanced tools are required that can cause problems so it to be used under supervisoin, (some tools may be updated to be able to cure and remove.
Please go to the safer Malware removal forums, for one on one help.
08-20-2011 07:06 PM
Here is a writeup about the rootkit in question and the fact it self protects (bottom paragraph) saves me typing.
I found to remove the now useless programs, I had to script with avenger to remove the file(s) done during restart as Windows won't delete them.
08-21-2011 04:43 PM
Ok I want to start out by thanking Norton for having those links at the top of the page. I want to thank geeks-to-go, especially Essexboy, he was very professional and courteous in fixing my son's computer. It took a couple of days of back and forth to fully clean my son's computer from this very nasty virus. I did thank Norton, but I have very mixed feelings towards them.
I do understand that it was because my son clicked on a link that was a fraud and was really a virus waiting for the opportunity to invade his computer, but is that not what Norton is there for? Norton 360 is supposed to be a firewall/antivirus/antyspyware/keep the computer clean/registry cleaner...... kind of program that I have purchased with my hard earned money. How can a lowly virus come in and destroy all that Norton is? Then you have the wonderful non paid volunteers at geeks-to-go and the other ones on those links above come and help you to fix your computer instead of the paid people at Norton, with all of their knowledge not be the ones to fix it? Maybe I'm getting this all wrong but when it comes time for my renewal, I will be seriously looking around to see what's out there. Maybe by then Norton will have fixed their program so that a virus, the very thing that they are protecting me from, cannot just come in and destroy their program. I feel that the money that I paid them has not been very well spent at all, at this time. I'm sure I will cool down in a bit but right now I am very upset that my hard earned money paid for something that did not do it's job and had to be fixed by volunteers.
Now that my rant is over, I want to thank Norton once again for the links above and I especially want to thank all of those wonderful volunteers at those above links. So far my son's computer looks to be back to it's tip top shape.