Hey ya'll. I am new to this forum so I hope I posted this in the right place. If not can a mod please move this thread to the correct location for me. thanks.

So here's the scoop. My mom's computer is infected because she clicked on a popup that claimed she had a virus and it started to install a program which she canceled when she got the MS warning about it not being a known program or source or something along those lines. She claims the popup was named personal firewall. She uses Spybot S&D and Avast since that is what I recomended but neither active scanner picked it up. Her comp started acting funny after she canceled the install running slow, getting popups and a error message saying the install was not completed. She ran Avast and it found 6 or 7 trojans which she didn't right the names down but remebered that 1 atleast was a key tracker to steal identity. I figure she means a keylogger. She also said that now she can't use Spybot that it's still there on her computer but she can't open it up. I suspect the virus disabled it.

I informed her to scan in safe mode, restart then scan again with avast repeatedly until there were no more infections found. I told her she probably needs to remove spybot and redownload it then scan with that the same way. Any other advice. Someone has mentioned on another forum that I regulalry visit to use malwarebytes. I figure ya'll deal with this stuff on a regular basis so it couldn't hurt to ask.

The really bad part is she has alot of client info stored in her comp on a secure encrypted program. This worried me so I am trying to take this a little more seriously then any other computer I have cleaned up for anyone.

Thanks in advance for any help.

I would strongly suggest you change your passwords (your mom's) on sensitive accounts, like financial and client information, etc.
In the meantime, use the infected machine at least as possible, if better not at all. I'll provide you with information to get your machine cleared out:

Follow the links from Zenobia's post:
http://forums.spybot.info/showpost.php?p=324772&postcount=5
-
Instructions>HJT Log>Malware Forums.

Thank you for your response. I noticed the link you provided is for instructions on how to remove malware using Hijack this. Are you saying then that the rest of the programs I mentioned aren't needed and that Hijack this is the only thing that needs to be run to clean the computer? Correct me if I am wrong but I was always under the impression that multiple programs are recomended due to the fact that some virus's are better at hiding from some programs but not so much others there for running multiple antivirus programs will greater the chances of detecting all the threats?

As for the changeing the passwords, I think this may be better suited for once the computer is infection free otherwise it would defeat the purpose of changeing the password with a keylogger present.

Hello nelsoncp21,


Thank you for your response. I noticed the link you provided is for instructions on how to remove malware using Hijack this.


Actually no, that log provides basic information for analysis.



As for the changeing the passwords, I think this may be better suited for once the computer is infection free otherwise it would defeat the purpose of changeing the password with a keylogger present.

Please don't take chances if it is possible there is a keylogger present.

Follow the instructions in this link to produce a HJT log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where an analyst will advise you as soon as available.

Best regards.

Thank you Tashi for clarifying. I guess I should have mentioned in my orignal post that the infected computer (my moms) is 2 hours away and I do not have direct access to it. I have been attemting to advise my mom on steps to take to clean the computer and also precautions until it is clean. She is not tech savey at all (hence why I am here now) so I believe the steps mentioned in the link you provided a bit much for her to tackle. I wish I did have access to it though and had come here first before we took any actions.

In your experience do you think that we are taking good action or should I have her stop what we are doing, bring the computer to me and I can then follow the steps listed to create a log. The only probelm with this is that she would be without the pc for some time.

As much as I love helping people out sometimes I really regret being the go to guy in the family for tech related issues. I am sure you can relate. Oh I should also note that she tried to remove and reinstall Spybot with no success. She did however install Spyware doctor which found a ton of infections. She of course did not write them down but remembers 1 being called a fake keylogger. Thanks again for the response.

Hi nelsoncp21,

If normal methods have failed to remove the infection then someone would need to take a look at the system by analyzing logs. :)