whotheheckami: (Default)
[personal profile] whotheheckami
I seem to be in a bit of a pickle laptop wise.

I was warned by AVG that I'd picked up a Trojan so I ran a scan and cleared what I could to the vault. However, I noticed some problems:

1. When opening programs the file associations seem to have stopped working
2. Search engines seem to have been hijacked and take me to "junk" sites

I re-ran the scan and found more Trojan files - I forced these to clear to the vault and re-booted. Now I appear to have deleted "csrss.exe" from the registry and am getting the following error message when I try to connect to anything other than gmail I'm getting the error:

Firefox is configured to use a proxy server that is refusing connections

I would welcome any or all advice

Thanks

Mel

Date: 2011-05-07 11:29 am (UTC)
From: [identity profile] mister-jack.livejournal.com
Go to 'Tools->Options...' in the menu bar.

Then, in the popup window go to the advanced section, and then the network tab. In that tab click on the settings button next to where it says 'Configure how FireFox connects to the internet' and choose 'no proxies' from the popup window and click 'ok'.

That should sort it. Next, change ALL your passwords and keep a close eye on your bank account if you've done any online banking recently.

Date: 2011-05-07 11:32 am (UTC)
From: [identity profile] whotheheckami.livejournal.com
Got it. Thanks. I'd worked it out at about the same time you posted. Most difficult thing was finding where Firefox 4 had hidden the Tooks button ;@)

Now to tackle the file association glitch

Date: 2011-05-07 11:35 am (UTC)
emma: (Default)
From: [personal profile] emma
This sounds like something I had to deal with this week. While the file association thing is something you can fix (quite easily with a registry edit, I can dig it out for you if it still gives you trouble after running MWB scans, just amounts to a bit of copy and paste and double clicking), it's usually a sign of an "exe hijack" component of some malware, so make sure the nasties are gone first.

Date: 2011-05-07 11:33 am (UTC)
emma: (Default)
From: [personal profile] emma
Download a copy of Malware Bytes (http://www.malwarebytes.org/). Then boot into safe mode, run MWB and do a full scan. Wander off for a bit and come back when it's done, let it remove what it wants to remove, and boot back into normal mode. That should help a lot; MWB is very good with malware, better than I've found AVG to be. Csrss.exe is a system process but what these things often do is copy the names of system files and save them in other places, which makes it really hard to figure out what's naughty and what's an important part of your system. You've probably managed to delete the naughty bit rather than the system file, but you've undoubtedly got remnants of the malware lingering around which will just put things back when you reboot your machine. MWB should sort you out.

Date: 2011-05-07 07:59 pm (UTC)
From: [identity profile] perfectlyvague.livejournal.com
The last trojan I picked up manages to run a dummy version of this. You have to download it onto a different pc, rename it move it to the other pc via USB rather than disc and then use it.

Date: 2011-05-07 11:39 am (UTC)
From: [identity profile] miss-corinne.livejournal.com
I don't know what kind of laptop it is, but the only thing that properly fixed my flatmate's computer was a reinstall of windows. She didn't have any discs but her laptop came with it on a hidden partition accessed by pressing F10 when you're booting up.

If you can get to any other websites, http://housecall.trendmicro.com/uk/ is useful, as is http://www.malwarebytes.org/products/malwarebytes_free.

Date: 2011-05-07 11:59 am (UTC)
From: [identity profile] alexmc.livejournal.com
This was roughly what I was going to suggest.

Date: 2011-05-07 12:02 pm (UTC)
From: [identity profile] whotheheckami.livejournal.com
You chaps are wonderful. Malwarebytes is chewing away as we speak and I'll look at the File Association thing after it's done its stuff

Date: 2011-05-07 12:04 pm (UTC)
emma: (Default)
From: [personal profile] emma
Safe mode! It works much better if you boot into safe mode first because then a lot more of the background processes aren't running and it's easier for it to remove anything.

Date: 2011-05-07 12:08 pm (UTC)
From: [identity profile] alexmc.livejournal.com
Well, I'd say it would work better if you didn't trust *anything* on that hard disk. Ideally boot from a pristine OS on an external disk - CD or USB key - but of course that isn't trivial on Windows.

Date: 2011-05-07 12:03 pm (UTC)
ext_267: Photo of DougS, who has a round face with thinning hair and a short beard (Default)
From: [identity profile] dougs.livejournal.com
As others have said, wipe-and-reinstall is the only approach you can trust.

Date: 2011-05-07 12:08 pm (UTC)
From: [identity profile] alexmc.livejournal.com
You may also find it is the *quickest* and easiest method too.

Date: 2011-05-07 03:53 pm (UTC)
From: [identity profile] sarah-mum.livejournal.com
you mean "nuke it from orbit..."?

Date: 2011-05-07 04:52 pm (UTC)
ext_267: Photo of DougS, who has a round face with thinning hair and a short beard (Default)
From: [identity profile] dougs.livejournal.com
Take off [your files] and nuke it from orbit.

Date: 2011-05-07 02:03 pm (UTC)
From: [identity profile] specialunclet.livejournal.com
hitmanpro

download it onto a usb key on another machine, run it in safe mode with networking. when it wants a reboot go back into normal mode

reinstall is the safest option but an arse if you havent got a back up or even the disks for all your hooky software

Date: 2011-05-08 01:53 pm (UTC)
From: [identity profile] badkat.livejournal.com
lol, I was going to say "Got Geek Squad over yonder?"

:p Though the hubby usually does the fixin. And to think over 20 years ago I ws a computer wiz. Though I was in Computer Science and Pc's were just coming to the forefront. I worked on MainFrames. I learned programing languages and systems management in college.

Until my Father refused to allow me to continue after two years, Evidently, in 1985 he KNEW there was no future in computers. Yay me. Scholarship, two years of college and a high paying career down the drain.

And as he had full control of my life, I had no choice. I was a much different girl then, under his thumb and not knowing better. Wish I could go back and cut his nuts off. Really.

Date: 2011-05-20 12:22 am (UTC)
From: [identity profile] pickledginger.livejournal.com
Once you have things working again? iObit's Security 360 (a free download from cnet.com) has two nifty features: Security Holes, I think it's called; and Passive Security, likewise. The latter has long lists of sites such as doubleclick.com, doubleclick.net, & cetera, that it loads into the security settings of your browsers. (It did for two of the three I use, anyway, and cut-and-paste took care of the third.)


I wasn't terribly happy with AVG. Instead, I've been using ZoneAlarm plus Avast(free) plus supplemental/zero-day software ThreatFire for ... gosh, a couple of years now, I guess ... on my machine and my mother's (she's notorious). The only infection either of us has had in that time was something her PC picked up from a game site, when my nephew overrode all the security bells and whistles.

Profile

whotheheckami: (Default)
whotheheckami

January 2016

S M T W T F S
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 19th, 2017 08:49 pm
Powered by Dreamwidth Studios