Mirage Escorts

Fucking Trojan!!! Please Help!!!

Previous Thread Next Thread
Keebler Elf

Keebler Elf

The Original Elf
Aug 31, 2001
14,794
474
83
The Keebler Factory
My computer has been infected with the Win32.Zafi.B trojan and it's being a real BITCH to remove.

All the help sites say to restart in safe mode and then download antivirus like Malwarebytes. That's great but I can't start in safe mode!!!

When I reboot, I hit F8 but it either doesn't do anything and just boots normally or takes me to a popup menu to select which drive to boot up from (which is normal for my system).

So I tried rebooting via msconfig and as soon as I select the safemode option my computer automatically reboots without me even selecting enter. Of course, it reboots normally and not in safe mode.

FUCK!!! How do I get rid of this thing???

I did a full McAfee virus scan and detected nothing.
 
Keebler Elf

Keebler Elf

The Original Elf
Aug 31, 2001
14,794
474
83
The Keebler Factory
FUCK!!! Now as soon as I type msconfig in the Run box it auto-reboots!!! I don't even get to the popup to select safe mode!!!

This trojan takes you to the Perfect Defender website whenever you try to access the internet. Apparently the trojan just fucks over your machine and the solution, of course, is to use the product the trojan directs you to. Bastards! And even worse, the fuckers at Perfect Defender are on the messageboards saying they're the fix for the trojan.
 
S

stang

Banned
Oct 24, 2002
4,946
0
0
S ontario
That sucks. Nothing can be more frustrating.
Where'd you pick it up from?

Try googling the problem again and look for what others have done.
Try SmitfraudFix too.
 
Keebler Elf

Keebler Elf

The Original Elf
Aug 31, 2001
14,794
474
83
The Keebler Factory
I think I've fixed it. I downloaded Malwarebytes to my laptop, burned it to CD, then saved & installed to my PC. Ran it and removed two files. Here's the log:

Malwarebytes' Anti-Malware 1.33
Database version: 1714
Windows 5.1.2600 Service Pack 3

01/02/2009 7:35:30 PM
mbam-log-2009-02-01 (19-35-30).txt

Scan type: Quick Scan
Objects scanned: 51828
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Documents and Settings\"PC Name"\Application Data\Google\vgwsn871850.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\"PC Name"\Application Data\Google\vgwsn871850.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


That enabled me to access the internet normally. I then downloaded SuperAntiSpyware and ran it, finding nothing but some cookies (which I removed). I had to reboot at this point.

I then tried to msconfig my way to safe boot and that is accessible (i.e., my PC doesn't auto reboot to prevent me from entering safe mode).

I just searched for both of those registry files cited in the above post and neither were found.

I think the malware is gone but I'm going to run extensive scans with each software tonight to make sure I didn't miss anything.
 
O

onehunglow

Active member
Sep 13, 2007
1,027
0
36
In recent months i have installed Malware Bytes on over 300 machines. Lately there has been a massive amount of malware coming in from a multitude of sources.

Lose Norton, MacAfee, they are both problematic.

AVG, Avast, Malware Bytes, Adaware, C Cleaner, Spybot, Prevx CSI, Spyblaster,Hi-Jack This. All free and work well. Firefox 3 rather than explorer.

Good of you to download on another computer and burn programs to a disk.

Keep all your like programs in the same way. Often Trojans like this will hinder you going anywhere but to their site where for $$$$$$ they will fix you up.

You may have a BHO (Browser Helper) installed now and Hi-Jack this will aid with that.
Careful how you use it and allow program to make a backup of anything you might delete.

You can update Malware Bytes. Do it regularly and do a full scan from time to time. Doing this often unearths other bugs that your anti-virus will pick up.

Good Luck
 
W

WoodPeckr

Protuberant Member
May 29, 2002
47,064
6,196
113
North America
thewoodpecker.net
onehunglow said:
In recent months i have installed Malware Bytes on over 300 machines. Lately there has been a massive amount of malware coming in from a multitude of sources.
Click to expand...
All the more reason to dump M$ and switch to FREE Linux where none of those problems exist! With Linux you just turn your PC on and surf anywhere and NOT have to bother doing any of those security scans listed above!....:cool:

The same applies to a Mac .... that is, if you don't mind paying double or more for a Mac, compared to what you paid for your PC.
 
S

Shades

Shades of .....
Feb 8, 2002
2,993
2
38
onehunglow said:
In recent months i have installed Malware Bytes on over 300 machines. Lately there has been a massive amount of malware coming in from a multitude of sources.

Lose Norton, MacAfee, they are both problematic.

AVG, Avast, Malware Bytes, Adaware, C Cleaner, Spybot, Prevx CSI, Spyblaster,Hi-Jack This. All free and work well. Firefox 3 rather than explorer.

Good of you to download on another computer and burn programs to a disk.

Keep all your like programs in the same way. Often Trojans like this will hinder you going anywhere but to their site where for $$$$$$ they will fix you up.

You may have a BHO (Browser Helper) installed now and Hi-Jack this will aid with that.
Careful how you use it and allow program to make a backup of anything you might delete.

You can update Malware Bytes. Do it regularly and do a full scan from time to time. Doing this often unearths other bugs that your anti-virus will pick up.

Good Luck
Click to expand...
What happens if you have Norton...and want to add on Malware Bytes...does it let you do this or do you run into a conflict? I've a relatively new subscription to Norton...but have had the odd problem lately that Norton has found and fixed...but...it sounds like Malware might be a better "safe" route to follow.
 
S

Shades

Shades of .....
Feb 8, 2002
2,993
2
38
stang said:
That sucks. Nothing can be more frustrating.
Where'd you pick it up from?

Try googling the problem again and look for what others have done.
Try SmitfraudFix too.
Click to expand...
Damn it Stang...who's the girl in your sig pic!!!!. Makes me want to keep looking for and reading your posts just to see her :eek:
 
O

onehunglow

Active member
Sep 13, 2007
1,027
0
36
Shades said:
What happens if you have Norton...and want to add on Malware Bytes...does it let you do this or do you run into a conflict? I've a relatively new subscription to Norton...but have had the odd problem lately that Norton has found and fixed...but...it sounds like Malware might be a better "safe" route to follow.
Click to expand...
I would go ahead and download the malware bytes and see how it runs with Norton. It won't hurt to try. Never used it with Norton as i always remove it from my clients systems before we load the usual defensive programs.

Go to your search bar and enter Malware Bytes, Norton conflicts. See what turns up.
 
E

enigman51

New member
Jan 13, 2009
6
0
0
Keebler Elf said:
My computer has been infected with the Win32.Zafi.B trojan and it's being a real BITCH to remove.

All the help sites say to restart in safe mode and then download antivirus like Malwarebytes. That's great but I can't start in safe mode!!!

When I reboot, I hit F8 but it either doesn't do anything and just boots normally or takes me to a popup menu to select which drive to boot up from (which is normal for my system).

So I tried rebooting via msconfig and as soon as I select the safemode option my computer automatically reboots without me even selecting enter. Of course, it reboots normally and not in safe mode.

FUCK!!! How do I get rid of this thing???

I did a full McAfee virus scan and detected nothing.
Click to expand...
Try installing and running Spybot but...
Turn of System Restore to delete your restore points.
Go into the Spybot settings and tell it to run once from boot up.
Set your McAffee to run at boot up and reboot the computer.

That should kill most problems.

Another good suggestion made was get rid of McAffee and try Avast (from Alwil software, free registration and works well) and tell it to do a boot time scan.
 
O

onehunglow

Active member
Sep 13, 2007
1,027
0
36
WoodPeckr said:
All the more reason to dump M$ and switch to FREE Linux where none of those problems exist! With Linux you just turn your PC on and surf anywhere and NOT have to bother doing any of those security scans listed above!..
The same applies to a Mac .... that is, if you don't mind paying double or more for a Mac, compared to what you paid for your PC.
Click to expand...

I understand how proud you are of Linux. Like Mac there are not too many bugs created for either but it is notable that while Linux is usually immune to Windows bugs, your system can still be a carrier and transmitter of these little nasty's. I hope you practice "Safe File Sharing".:)

As soon as Linux becomes more mainstream it will command the attention of these virus writing hacks and your days of running without virus protection will be all but over. On that day i will mourn for you. It really will be sad.

Personally when i weighed the Good and Bad of Windows and Linux i chose Windows. Glad it works for you.
 
W

WoodPeckr

Protuberant Member
May 29, 2002
47,064
6,196
113
North America
thewoodpecker.net
onehunglow said:
As soon as Linux becomes more mainstream it will command the attention of these virus writing hacks and your days of running without virus protection will be all but over. On that day i will mourn for you. It really will be sad.
Click to expand...
Anything is possible, however hacks have their work cut out for themselves in attacking linux.
Linux treats threats far differently and more securely than M$.

Security in Ubuntu

Security is explained in simple words, a great read....;)
 
B

blueman

New member
Sep 3, 2005
1,315
2
0
http://www.malwarebytes.org/

Keebler Elf said:
My computer has been infected with the Win32.Zafi.B trojan and it's being a real BITCH to remove.

All the help sites say to restart in safe mode and then download antivirus like Malwarebytes. That's great but I can't start in safe mode!!!

When I reboot, I hit F8 but it either doesn't do anything and just boots normally or takes me to a popup menu to select which drive to boot up from (which is normal for my system).

So I tried rebooting via msconfig and as soon as I select the safemode option my computer automatically reboots without me even selecting enter. Of course, it reboots normally and not in safe mode.

FUCK!!! How do I get rid of this thing???

I did a full McAfee virus scan and detected nothing.
Click to expand...
go here
http://www.malwarebytes.org/

ps McAfee is not a quality virus protection option
try Kaspersky
 
K

kkelso

Well-known member
Apr 27, 2003
2,466
28
48
WoodPeckr said:
Anything is possible, however hacks have their work cut out for themselves in attacking linux.
Linux treats threats far differently and more securely than M$.

Security in Ubuntu

Security is explained in simple words, a great read....;)
Click to expand...
Agreed, a nice read.
 
You must log in or register to reply here.
Ashley Madison
Previous Thread Next Thread
Toronto Escorts
Top Bottom