Problem with SKYNET, backdoor trojan.

[ken545]

Good Morning,

It looks like you did everything correctly, you have the latest service packs and IE Browser, you have AVG Antivirus installed, and your HJT log looks fine.

Just add a firewall, pick one from the list, just one.

Free Firewalls

• Zone Alarm
• Sygate Personal Firewall Free Edition
• Outpost Firewall Free

Run this free online scan using Internet Explorer:
Kaspersky Online Virus Scanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
• Scan using the following Anti-Virus database:
• Standard
• Scan Options:
• Scan Archives
• Scan Mail Bases
• Click OK
• Now under select a target to scan: Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button:
• Save the file to your desktop.

Post the log along with a New HJT Log into your next reply.

 

[Myrkwood]

I'm gonna get one of those firewalls, but when I do should I disable my Windows Firewall? Also, I hooked up my other hard drive which all it had was .mp3, .jpeg, and my world of warcraft files. None of them are .exe or .src. I'm hoping they aren't infected, and if they are I can just wipe both hard drives. I'm scanning it with MBAM right now. Once that's done I'll run that online scan.

 

[ken545]

When you install a third party firewall it will disable the windows firewall.

.mp3, .jpeg, <--These may be ok but world of warcraft could be a problem, when your all done, run the kaspersky scan I posted, if this virus got back in Kaspersky will show it

 

[Myrkwood]

I'm about to run the Kaspersky program. Is there anyway to turn off "ctfmon.exe"? It's like some language thing but I'm not sure how to cut it off completely.

 

[ken545]

ctfmon.exe <--This is a legit windows file, leave it be

 

[Myrkwood]

Well, I ran Kaspersky and fell asleep. Since the window was open so long it froze when I tried to see the report, but it didn't find any problems or suspicious items.

 

[ken545]

Great, looks like your good to go.

• 
  How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

• Spybot Search and Destroy 1.6
  Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  
• Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  
• Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  
• IE-Spyad
  IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  
• Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Safe Surfn
Ken

 

[Myrkwood]

If I get spyware blaster and spyware guard will that interfere with AVG 8.5? I have SB S&D already and it works good.

 

[ken545]

Yes you can use them and they wont interfere with AVG, but Spyware Guard and the Teatimer in Spybot do the same thing so you dont want them both. If you keep Spybot and install SG, just disable the Teatimer in Spybot. If you like using the teatimer in spybot than don't install SG. Spyware Blaster is a nice tool, I have it on all my systems

 

[ken545]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.