Joker Trojan

Discussion in 'Hardware - PCs, Consoles, Gadgets' started by Recce19, Apr 4, 2012.

Welcome to the Army Rumour Service, ARRSE

The UK's largest and busiest UNofficial military website.

The heart of the site is the forum area, including:

  1. Right, a daughter has got this trojan (Joker - varient, as yet unknown), that apparently has stopped the Windows XP from loading properly and won't respond to F8 to get into safe mode!

    Does anyone have any ideas of how to get round this, so that it can actually be removed? I haven't yet seen the computer, so don't have many details. All I know is that it puts up a screen when the desktop loads, saying something like pay 'x'-amount to have it removed! Daftly, she only has the Admin account set up!

    As I get more details, I'll amend this post.

    As usual, any pointers in this grately received!!......except a fresh install! :grin:
     
  2. On anther computer, or on that one if you can, download 'rkill'.

    RKill - Download.com

    This will kill off ALL routines, bar a few on your computer.

    Then run Malwarebytes Anti malware.

    Malwarebytes Anti-Malware - Download.com

    She's opened a 'spam e-mail' ie You have a facebook message (99% sure of that).

    Has it actually started yet? Or is it still waiting for the 'go' command.

    Give us a PM if you need any help.
     
    • Like Like x 1
  3. It's sod all to do with me, I wasn't there and you didn't see me, right?
     
    • Like Like x 4
  4. Cheers C_F, much appreciated! Can this be run from cd or usb stick? Reason of asking, is I doubt I could install it the way it has been explained to me - the Malwarebytes i know about thanks.

    Joker62, I just knew you would say that! :gin:
     
  5. Sorry, thught i'd posted but it was still here, and then I hit refresh!!

    Rkill can be put on a cd/stick and booted from it. Providing your PC is set up to boot from USB/cd BEFORE your HDD.

    It isn't a 'programm' it is a MSDOS script.

    When you get your USB/CD in, double click and suddenly your computer will stop doing anything, as it has killed off any unauthorised routines.

    Then run your anti-malware programe.

    I'd get a few others as well, and just keep running and running on as many different scans as you can. ALWAYS hitting Rkill first. I think this particualar trojan (if running) will run and hide around your system.
     
    • Like Like x 1
  6. Thanks again C_F. Last stupid question..Once I run the MSDos script, will windows load to run the anti-malware programme, ie safe-mode or do I have to also run it from the dos prompt? (which isn't true dos in XP!)
     
  7. You should be able to run it from XP. If not, I have to admit I am stumped... I've never run it on XP prompt.

    Has the trojan actually activated? Ie, did it say something like 'click this and I'll do this' when really it was going to about unleash the RAMFcuker 2010 programme.
     
  8. Just check one thing as well - Last time I had a virus, it created it's own file and then put all off the files to "Hidden". That way the malware doesn't find it. Just ensure that all of the files are unhidden first. Malware sorted the bastard out last time - it's a good programme.
     
    • Like Like x 1
  9. I did a course on 'Cyber vandelism', in interviews many 'virus builders' said they did it for the challenge, it was a game, it was the victims fault for not having virus defence etc...

    I wrote in my thesis that they may not continue to think that way after I'd cleved their computer in two, with my beautifully crafted axe...

    Or ndeed their malfunctioning soft heads.
     
    • Like Like x 1
  10. ESet, NOD, and AVG all have free versions which will boot and run from CD/USB. Belt and braces, as RKill may not be aware of all processes.
     
  11. rkill isn't 'aware' of any processess except those that it allows to continue... EVERY other routine is killed off.
     
  12. Ok, thanks for all thiis. Won't have any more info until tomorrow night when I go round and hopefully get it sorted!
     
  13. Perhaps I should have been clearer - it isn't aware of every malware process.
    Secondly, it can be defeated by malware - some of which will terminate rkill.

    Hence the belt and braces approach.
     
    • Like Like x 1
  14. Got you.

    But as this is a fresh download the Rkill definitions should be completely up to date. And as mentioned Rkill shuts down certain processes on a 'your names not down, you're not coming in' basis.

    Most malware that circumnavigates Rkill has got in to the RAM and set up home, so after running and killing any malware, a restart and re-run of Rkill and anti-malware software usually does the trick.
     
  15. I'd still also run an off-line scan from known clean media... not because it is "better" - but because the two compliment each other.