Backing up data from a trojan-infected PC

Discussion in 'Gaming and Software' started by Schleswig-Holstein, May 9, 2009.

Welcome to the Army Rumour Service, ARRSE

The UK's largest and busiest UNofficial military website.

The heart of the site is the forum area, including:

  1. Folks

    my home PC has been infected with a particularly nasty trojan, even though I thought I was pretty protected (windows all updated, latest firefox, spybot-SD, avira etc).

    I've used Kaspersky to (hopefully) rid the PC of the b@stard thing, but am not convinced it is gone as it was able to hide from various anti-nasty applications (Malwarebytes, Avira, spybot-SD etc). I would like to back up the various data I have on the PC before I reformat the hard-disk, but am worried about bringing the the trojan with them...

    Any tips?

    S-H
     
  2. what is the name of the trojan? 1st
     
  3. Am at work, but will check & post the name when at home.

    It's an evil little git, and I really, really want to hurt the little tw@t who built it...
     
  4. This is the trojan...

    Trojan.Win32.Small.bxz
     
  5. cheers mate... i have been gooling like fark on this, and have run various malware checkers including Spyware Doctor.... it didn't pick this up. It was only when Kapersky ws run as a deep scan was it picked up.

    My pc is still running strangely, and I'm not convinced it is clean... hence the question about backing up
     
  6. I recently had a nasty virus (or something), some berk had turned off my Firewall. The bloody thing latched onto a registry (usernit.exe) and rushing in I failed to take into account that deleting the virus would delete the registry, so whenever I logged in I was then immediately logged out! My attempts at what looked like a simple repair job(s) ultimately resulted in my deleting a few more registry's, so I just re-installed the whole thing, losing (and still replacing) all my data.

    Now that you've read my exciting story (I empathise with you by the way) I suggest for spyware Malwarebytes Anti-Malware, which I have found to be very reliable and simple (others far too oft scan then demand a charge for a clean-up).
    http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

    For Virus Protection I use AVG Free Edition (not that you have asked).
    http://free.avg.com/

    I used to use the Windows Firewall but now I use ZoneAlarms because I can keep an eye on it in the task-bar.
    http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm

    As for backing up, do you still have your XP (or operating system) disc?
    http://www.microsoft.com/windowsxp/using/setup/learnmore/bott_03july14.mspx
     
  7. Pain aint it fella. I have Yahoo CA AntiSpy installed and that usually updates regularly. It has found and binned a few Trojans recently. Also, Comodo Pro Firewall though sometimes a pop-up nuisance , seems effective.

    Trojan Help
    http://www.avtc.org/how-to-remove-trojan-general.html

    Clean Re-installation: "Although arduous, this will always be the only sure way to eradicate a trojan or virus. Back up your entire hard disk, reformat the disk, re-install the operating system and all your applications from original CDs, and finally, if you're certain they are not infected, restore your user files from the backup"

    http://www.irchelp.org/irchelp/security/trojan.html
    "Trojans are executable programs, which means that when you open the file, it will perform some action(s). In Windows, executable programs have file extensions like "exe", "vbs", "com", "bat", etc. Some actual trojan filenames include: "dmsetup.exe" and "LOVE-LETTER-FOR-YOU.TXT.vbs" (when there are multiple extensions, only the last one counts, be sure to unhide your extensions so that you see it). More information on risky file extensions may be found at this Microsoft document http://support.microsoft.com/support/kb/articles/q262/6/31.asp?LN=EN-US&SD=gn&FR=0 ."
     
  8. Go to moosoft.com and download a free version of The cleaner, it is designed especially for trojan cleaning
     
  9. Once you are sure you have removed it, do a windows repair as in windows repair i still recommend you back up files just as a safety thing.
    a windows repair will save all programs and files and fix any registry changes made by any trojan or virus.

    p.s. Schleswig-Holstein if you dont do the above remember to turn off your system restore as it will still be in there and turn system restore back on.
    many people forget to do this and in sometime in the future use system restore only to put back in the trojan.
     
  10. folks

    cheers for the notes.

    This evil little git successfully hid from all my attempts to find it using updated versions of stinger/malwarebytes/avira/spyware doctor etc. It was only when I had kapersky on deep scan was it found.

    Tremaine's point about only backing non-executable files (e.g. .exe or .dll files) has been noted.
    My only worry that if I attach a portable hard drive, will the trojan simply infect this?
    (possibly showing my ignorance there)

    S-H
     
  11. Schleswig-Holstein have a look at what this guy say

    http://forum.kaspersky.com/lofiversion/index.php/t115922.html
     
  12. cheers! I've followed that and the PC seems to have settled down now, and I'm hoping the damned thing is gone.
     
  13. I recommend you use programs such as acronis or nortons ghost and back up an image of your pc on a separate hard drive....... google computer image back ups and you will put pc engineers out of work :D
     
  14. Cheers. I have a copy of NTI shadow, and will be using that to copy all non executable files to a cheapo hard disk.

    I'm debating whether to keep struggling with this crappy old pc or get something new and shiny. Unlike many people, I'm pretty impressed with Vista (once all the shiny stuff is switched off), but may wait until Windows 7 is available.

    The moral of the story is that however up to date your virus checker/operating system/anti-malware software is, you can still pick something nasty up. The most embarrassing thing is that I'm pretty sure I got it from a pron site :oops:

    That'll teach me not to go one handed surfing... :wink: