• ARRSE have partnered with Armadillo Merino to bring you an ARRSE exclusive, generous discount offer on their full price range.
    To keep you warm with the best of Merino gear, visit www.armadillomerino.co.uk and use the code: NEWARRSE40 at the checkout to get 40% off!
    This superb deal has been generously offered to us by Armadillo Merino and is valid until midnight on the the 28th of February.

Backing up data from a trojan-infected PC

#1
Folks

my home PC has been infected with a particularly nasty trojan, even though I thought I was pretty protected (windows all updated, latest firefox, spybot-SD, avira etc).

I've used Kaspersky to (hopefully) rid the PC of the b@stard thing, but am not convinced it is gone as it was able to hide from various anti-nasty applications (Malwarebytes, Avira, spybot-SD etc). I would like to back up the various data I have on the PC before I reformat the hard-disk, but am worried about bringing the the trojan with them...

Any tips?

S-H
 
#6
Tremaine said:
http://www.google.co.uk/search?hl=en&q=Trojan.Win32.Small.bxz+&meta=

Spyware Doctor Scan (free) http://www.removal-guides.org/ppc/index.php?t=Trojan.win32&gclid=COHIjNWesJoCFQMFZgodbB94bg
cheers mate... i have been gooling like fark on this, and have run various malware checkers including Spyware Doctor.... it didn't pick this up. It was only when Kapersky ws run as a deep scan was it picked up.

My pc is still running strangely, and I'm not convinced it is clean... hence the question about backing up
 
#7
I recently had a nasty virus (or something), some berk had turned off my Firewall. The bloody thing latched onto a registry (usernit.exe) and rushing in I failed to take into account that deleting the virus would delete the registry, so whenever I logged in I was then immediately logged out! My attempts at what looked like a simple repair job(s) ultimately resulted in my deleting a few more registry's, so I just re-installed the whole thing, losing (and still replacing) all my data.

Now that you've read my exciting story (I empathise with you by the way) I suggest for spyware Malwarebytes Anti-Malware, which I have found to be very reliable and simple (others far too oft scan then demand a charge for a clean-up).
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

For Virus Protection I use AVG Free Edition (not that you have asked).
http://free.avg.com/

I used to use the Windows Firewall but now I use ZoneAlarms because I can keep an eye on it in the task-bar.
http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm

As for backing up, do you still have your XP (or operating system) disc?
http://www.microsoft.com/windowsxp/using/setup/learnmore/bott_03july14.mspx
 
T

Tremaine

Guest
#8
Pain aint it fella. I have Yahoo CA AntiSpy installed and that usually updates regularly. It has found and binned a few Trojans recently. Also, Comodo Pro Firewall though sometimes a pop-up nuisance , seems effective.

Trojan Help
http://www.avtc.org/how-to-remove-trojan-general.html

Clean Re-installation: "Although arduous, this will always be the only sure way to eradicate a trojan or virus. Back up your entire hard disk, reformat the disk, re-install the operating system and all your applications from original CDs, and finally, if you're certain they are not infected, restore your user files from the backup"

http://www.irchelp.org/irchelp/security/trojan.html
"Trojans are executable programs, which means that when you open the file, it will perform some action(s). In Windows, executable programs have file extensions like "exe", "vbs", "com", "bat", etc. Some actual trojan filenames include: "dmsetup.exe" and "LOVE-LETTER-FOR-YOU.TXT.vbs" (when there are multiple extensions, only the last one counts, be sure to unhide your extensions so that you see it). More information on risky file extensions may be found at this Microsoft document http://support.microsoft.com/support/kb/articles/q262/6/31.asp?LN=EN-US&SD=gn&FR=0 ."
 
#10
Once you are sure you have removed it, do a windows repair as in windows repair i still recommend you back up files just as a safety thing.
a windows repair will save all programs and files and fix any registry changes made by any trojan or virus.

p.s. Schleswig-Holstein if you dont do the above remember to turn off your system restore as it will still be in there and turn system restore back on.
many people forget to do this and in sometime in the future use system restore only to put back in the trojan.
 
#11
folks

cheers for the notes.

This evil little git successfully hid from all my attempts to find it using updated versions of stinger/malwarebytes/avira/spyware doctor etc. It was only when I had kapersky on deep scan was it found.

Tremaine's point about only backing non-executable files (e.g. .exe or .dll files) has been noted.
My only worry that if I attach a portable hard drive, will the trojan simply infect this?
(possibly showing my ignorance there)

S-H
 
#12
Schleswig-Holstein said:
folks

cheers for the notes.

This evil little git successfully hid from all my attempts to find it using updated versions of stinger/malwarebytes/avira/spyware doctor etc. It was only when I had kapersky on deep scan was it found.

Tremaine's point about only backing non-executable files (e.g. .exe or .dll files) has been noted.
My only worry that if I attach a portable hard drive, will the trojan simply infect this?
(possibly showing my ignorance there)

S-H
Schleswig-Holstein have a look at what this guy say

http://forum.kaspersky.com/lofiversion/index.php/t115922.html
 
#13
jaybee2786 said:
Schleswig-Holstein said:
folks

cheers for the notes.

This evil little git successfully hid from all my attempts to find it using updated versions of stinger/malwarebytes/avira/spyware doctor etc. It was only when I had kapersky on deep scan was it found.

Tremaine's point about only backing non-executable files (e.g. .exe or .dll files) has been noted.
My only worry that if I attach a portable hard drive, will the trojan simply infect this?
(possibly showing my ignorance there)

S-H
Schleswig-Holstein have a look at what this guy say

http://forum.kaspersky.com/lofiversion/index.php/t115922.html
cheers! I've followed that and the PC seems to have settled down now, and I'm hoping the damned thing is gone.
 
#14
I recommend you use programs such as acronis or nortons ghost and back up an image of your pc on a separate hard drive....... google computer image back ups and you will put pc engineers out of work :D
 
#15
Cheers. I have a copy of NTI shadow, and will be using that to copy all non executable files to a cheapo hard disk.

I'm debating whether to keep struggling with this crappy old pc or get something new and shiny. Unlike many people, I'm pretty impressed with Vista (once all the shiny stuff is switched off), but may wait until Windows 7 is available.

The moral of the story is that however up to date your virus checker/operating system/anti-malware software is, you can still pick something nasty up. The most embarrassing thing is that I'm pretty sure I got it from a pron site :oops:

That'll teach me not to go one handed surfing... :wink:
 
#16
Schleswig-Holstein said:
Cheers. I have a copy of NTI shadow, and will be using that to copy all non executable files to a cheapo hard disk.

I'm debating whether to keep struggling with this crappy old pc or get something new and shiny. Unlike many people, I'm pretty impressed with Vista (once all the shiny stuff is switched off), but may wait until Windows 7 is available.

The moral of the story is that however up to date your virus checker/operating system/anti-malware software is, you can still pick something nasty up. The most embarrassing thing is that I'm pretty sure I got it from a pron site :oops:

That'll teach me not to go one handed surfing... :wink:
In future use this: http://www.knoppix.org/

How old is your PC? And my advice is not to go cheapo for your backup solution...

msr
 
#17
msr said:
Schleswig-Holstein said:
Cheers. I have a copy of NTI shadow, and will be using that to copy all non executable files to a cheapo hard disk.

I'm debating whether to keep struggling with this crappy old pc or get something new and shiny. Unlike many people, I'm pretty impressed with Vista (once all the shiny stuff is switched off), but may wait until Windows 7 is available.

The moral of the story is that however up to date your virus checker/operating system/anti-malware software is, you can still pick something nasty up. The most embarrassing thing is that I'm pretty sure I got it from a pron site :oops:

That'll teach me not to go one handed surfing... :wink:
In future use this: http://www.knoppix.org/

How old is your PC? And my advice is not to go cheapo for your backup solution...

msr
about 5 years old (but was the dog's when I put it together)...

Have thought about going over to Linux, as all I need the home PC for is surfing, email etc. Knoppix looks like a good option...

Cheers
 

Latest Threads

New Posts