#21  
Old 05-15-2008, 10:38 AM
HARLEY's Avatar
HARLEY HARLEY is offline
 
Join Date: Aug 2002
Location: MONTREAL~
Posts: 30,187
Question

Quote:
Originally Posted by David G.
Harley, My wifes PC just picked up a Trojan, AVG and Spybot stoped it from running. These are the file names: ctfmona.exe, ctfmonb (a bitmap image) and blackster.scr
I am atempting to remove them. I supose it is not recomended to just delete the files, right? I will try removal with Spybot SD. Any pointers?

Any luck?
__________________



DVD help

Photofiltre Graphic Editor



Reply With Quote
  #22  
Old 05-15-2008, 03:29 PM
David G.'s Avatar
David G. David G. is offline
Senior Member
 
Join Date: Sep 2002
Location: Maine, USA
Posts: 540
As far as I can tell it is gone. AVG put the Trojan in the vault. Spybot SD removed it and then I deleted the files that were not removed. Everything seems to be okay now. I am going to download the program you reccommended and run that today. Thanks for your help.
__________________
Home Built, Raygo Mid-tower, 450 watt PS, Asus Mother Board, 4 GB Memory, AMD Athlon II X4 630, 1.5 TB HD, Windows 7 64 Bit OS, Asus Monitor.
If we didn't have computers, what would we do to waste our time?
Reply With Quote
  #23  
Old 06-02-2008, 04:25 PM
hogndog's Avatar
hogndog hogndog is offline
Saved By Grace
 
Join Date: Jan 2007
Location: In His Service
Posts: 5,275
Thumbs up

Thanks Harley I downloaded the Process Explorer
__________________
.


Revelation 21:4 And God shall wipe away all tears from their eyes; and there shall be no more death, neither sorrow, nor crying, neither shall there be any more pain: for the former things are passed away.

Shalom
Reply With Quote
  #24  
Old 09-23-2008, 06:45 PM
P.O.M.'s Avatar
P.O.M. P.O.M. is offline
"God Bless America Again"
 
Join Date: Jan 2007
Location: My Own Little World
Posts: 402
Thanks Harley for all the great Information I checked my firewall which is
COMODO and got these results.

Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

Thanks Again
__________________
Win XPHE~SP3~AT&T/DSL~IE8~FFv3~OE6~Avira~ZA~SpywareBlaster~Malwarebytes~Spybot S&D
Reply With Quote
  #25  
Old 09-23-2008, 07:05 PM
P.O.M.'s Avatar
P.O.M. P.O.M. is offline
"God Bless America Again"
 
Join Date: Jan 2007
Location: My Own Little World
Posts: 402
I Downloaded this trojan simulator and my Avast went wild with a warning of Malware, They say the Zip file is corrupted. See photobucket link below.


And a trojan simulator......test your defenses.
http://www.misec.net/trojansimulator/


http://img.photobucket.com/albums/v5...ruptedfile.jpg
__________________
Win XPHE~SP3~AT&T/DSL~IE8~FFv3~OE6~Avira~ZA~SpywareBlaster~Malwarebytes~Spybot S&D
Reply With Quote
  #26  
Old 09-23-2008, 09:22 PM
HARLEY's Avatar
HARLEY HARLEY is offline
 
Join Date: Aug 2002
Location: MONTREAL~
Posts: 30,187
Quote:
Originally Posted by P.O.M.
I Downloaded this trojan simulator and my Avast went wild with a warning of Malware, They say the Zip file is corrupted. See photobucket link below.


And a trojan simulator......test your defenses.
http://www.misec.net/trojansimulator/


http://img.photobucket.com/albums/v5...ruptedfile.jpg
Avast is supposed to do that,which is good.
__________________



DVD help

Photofiltre Graphic Editor



Reply With Quote
  #27  
Old 09-23-2008, 09:27 PM
P.O.M.'s Avatar
P.O.M. P.O.M. is offline
"God Bless America Again"
 
Join Date: Jan 2007
Location: My Own Little World
Posts: 402
O.K. Thanks again for this good info
__________________
Win XPHE~SP3~AT&T/DSL~IE8~FFv3~OE6~Avira~ZA~SpywareBlaster~Malwarebytes~Spybot S&D
Reply With Quote
  #28  
Old 12-14-2008, 10:47 AM
Laughwthme Laughwthme is offline
Member
 
Join Date: Dec 2002
Location: Riverside, CA
Posts: 48
Still Confused

Thanks Harley for all the info, and yet I am still unsure of what to do. I have AVG8 installed on my computer. My son created a user profile for himself and left my sign on as is. But yet when I sign on under my user name for windows or the computer I get a Windows FIREWALL warning that I have a TROJAN.Zlob.g and will only give me the option to disable the warning. Under my name I use IE 7 for my browser, and under my sons he installed firefox. I can not go on the internet without using his profile. If I click on IE7 everything closes. I have scanned the computer several times with AVG and nothing comes up. What would be the best thing I can use and should I be signed on to the computer under my user name? I know I am computer DUMMY!
Thanks for you help Terry
Reply With Quote
  #29  
Old 12-14-2008, 11:23 AM
HARLEY's Avatar
HARLEY HARLEY is offline
 
Join Date: Aug 2002
Location: MONTREAL~
Posts: 30,187
1st thing you do is uninstall AVG [I'M NOT KIDDING EITHER].then download and install both of these programs.

SuperAntiSpyware will scan for and cleanup most malware.

http://www.superantispyware.com/


Malwarebytes Anti-malware
http://www.malwarebytes.org/mbam.php

Update them both and then run them both [1 at a time] from safemode.

Then get back to us.
__________________



DVD help

Photofiltre Graphic Editor



Reply With Quote
  #30  
Old 12-14-2008, 12:58 PM
MikeN.
Guest
 
Posts: n/a
Harley, I copied this from another post that Judy corrected me on about running Malwarebytes in Safe Mode.


Michael, while Malwarebytes' Anti-Malware does run in safe mode it really was not designed that way. It was designed to run in Normal Mode.
See this info from a forum administrator of the Malwarebytes' Forum Safe Mode
Quote:
MBAM works from safemore but it is not designed to work that way .

MBAM will work better from regular mode both in terms of what it detects and what it can remove .

Doing a safemode scan with MBAM should only be done when a regular mode scan fails .

The recommendation is also to run a Full System Scan, not just the Quick Scan, when there is a suspicion of infection on the computer.
When scan is complete then check marks should be in all items found and Remove Selected should be used.
Reply With Quote
  #31  
Old 12-14-2008, 01:29 PM
HARLEY's Avatar
HARLEY HARLEY is offline
 
Join Date: Aug 2002
Location: MONTREAL~
Posts: 30,187
I don't see why .........I run both it and SAS in safemode as the trojan services and processes can't start and it would easier to detect and kill them.
__________________



DVD help

Photofiltre Graphic Editor



Reply With Quote
  #32  
Old 12-14-2008, 07:33 PM
MikeN.
Guest
 
Posts: n/a
Just passing on what was posted to me by Judy.
Reply With Quote
  #33  
Old 12-14-2008, 08:08 PM
HARLEY's Avatar
HARLEY HARLEY is offline
 
Join Date: Aug 2002
Location: MONTREAL~
Posts: 30,187
Ya I know,,,,,,,,,but I'm just going by my experience with it,running in safemode.

I see SAS sometimes having to reboot into normal mode to finish the cleanup...might have something to do with deleting entries while Windows is running.

I'll have to start experimenting with MBAM and see which works best.
__________________



DVD help

Photofiltre Graphic Editor



Reply With Quote
  #34  
Old 12-15-2008, 01:58 AM
Cooter2001's Avatar
Cooter2001 Cooter2001 is offline
Epic Member
 
Join Date: Aug 2006
Location: Alberta,Canada
Posts: 3,738
Quote:
Originally Posted by P.O.M.
I Downloaded this trojan simulator and my Avast went wild with a warning of Malware, They say the Zip file is corrupted. See photobucket link below.


And a trojan simulator......test your defenses.
http://www.misec.net/trojansimulator/


http://img.photobucket.com/albums/v5...ruptedfile.jpg
I clicked your link to photobucket and got the little pic that says....

This image has been moved or deleted....

That makes that link and your post absolutely useless in this thread.....

What is the point of uploading to photobucket and posting a link and then deleting or moving the image??????

With a free photobucket acct. the storage space that photobuckets allows is 1GB so you can store one h*ll of alot of screen captures there without the need to delete any....

As an example I have 434 pics and 24 videos which use 160mbs of 1 gb or 15% of my space....

See screen shot.....
http://i166.photobucket.com/albums/u...hotobucket.jpg

I use the above acct for sharing screen shots etc. online at various sites and I have a 2nd free acct with photobucket for sharing family things with family and close friends....
__________________
Just my thoughts on the subject
Crazzy Cooter Cummin at ya


Vista Specs

Crockett's Sticky
Click

Mike Lin's Startup Ctrl Panel
Click


Startup Inspector 2.2
Click

Print Screen Tutorial
Click

Before posting your questions
Click
Reply With Quote
  #35  
Old 01-16-2009, 02:51 PM
lauralee26 lauralee26 is offline
Junior Member
 
Join Date: Aug 2007
Posts: 1
free virus protecter

I have avg and some people are saying it is starting to have problems..has anyone heard of this.? Then, if I decide to put another free one on...do I uninstall the avg first.
Thanks
Laura
Reply With Quote
  #36  
Old 01-16-2009, 03:01 PM
Cooter2001's Avatar
Cooter2001 Cooter2001 is offline
Epic Member
 
Join Date: Aug 2006
Location: Alberta,Canada
Posts: 3,738
Download the new antivirus program...
Disconnect from the internet..
Uninstall AVG...
Install new Antivirus program
Hook back up to the internet and the 1st thing you should do then is to have the new Antivirus program check for and install any new updates it finds for it...

Avast Free edition and Avira free edition are 2 of the free and highly recommended antivirus programs here at worldstart

I would suggest you pick 1 or the other and go from there...

Remember only 1 antivirus and 1 firewall installed and active....
__________________
Just my thoughts on the subject
Crazzy Cooter Cummin at ya


Vista Specs

Crockett's Sticky
Click

Mike Lin's Startup Ctrl Panel
Click


Startup Inspector 2.2
Click

Print Screen Tutorial
Click

Before posting your questions
Click
Reply With Quote
  #37  
Old 01-16-2009, 03:38 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,737
Malwarebytes' Anti-Malware in NORMAL mode

This is the information they give in the Malwarebytes Anti-Malware Forum
Quote:
The main reason for needing to scan in normal mode is because the drivers that MBAM uses to detect malware do not work while Windows is booted in Safe Mode. For MBAM, normal mode is always best as it gives it a chance to catch malware while it's active.
Quote:
http://www.malwarebytes.org/forums/i...rt=#entry48375
Never run MBAM is Safe Mode. It will cripple it's detection and removal capabilities.
Just checked again to be absolutely certain I have correctly read all at info concerning the running of MBA-M at Malwarebytes forum.

Here is the information I received from one of the Moderators over there;
Quote:
Different helpers post a little different instructions but it's posted all over the board to run in Normal Mode
Our program, Malwarebytes' Anti-Malware can detect and remove most Malware with no further actions required for free.
Please download Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to the following:

* Update Malwarebytes' Anti-Malware
* Launch Malwarebytes' Anti-Malware

* Then click Finish.
* Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
* Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
He also noted to do this after the Remove order has been given, which I also always try to include in my instructions.
Quote:
Then RESTART the computer.
Restart is often needed to remove locked files, therefore this is considered a normal part of the instructions.
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.53.0 ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #38  
Old 09-08-2009, 06:54 AM
billtjr50 billtjr50 is offline
Junior Member
 
Join Date: May 2006
Location: North Carolina
Posts: 8
Quote:
Originally Posted by Cooter2001 View Post
Download the new antivirus program...
Disconnect from the internet..
Uninstall AVG...
Install new Antivirus program
Hook back up to the internet and the 1st thing you should do then is to have the new Antivirus program check for and install any new updates it finds for it...

Avast Free edition and Avira free edition are 2 of the free and highly recommended antivirus programs here at worldstart

I wo

I would suggest you pick 1 or the other and go from there...

antivirus and 1 firewall installed and active....
I have used AVG and I have used Avira and they are both weak. They are better than nothing, but that is all. Spend some money and get good protection. If you have a trojan problem, make sure you do not have a rootkit. They are popular company for trojans, and rootkits are very difficult to get rid of. Your a/v may treat the infection, but not the rootkit, and your infection will return, over and over. Worldstart has the "iolo System Shield 3 Internet Security" for $9.97 right now, with a/v, firewall, and anti spyware, but I don't know anything about it personally. PC Mag gave it a very weak rating.
Reply With Quote
  #39  
Old 09-08-2009, 07:21 AM
Acer's Avatar
Acer Acer is offline
60 years on 2 wheels.
 
Join Date: May 2006
Location: In Canada.
Posts: 5,844
Thumbs down

Quote:
Originally Posted by billtjr50 View Post
I have used AVG and I have used Avira and they are both weak. They are better than nothing, but that is all. Spend some money and get good protection. If you have a trojan problem, make sure you do not have a rootkit. They are popular company for trojans, and rootkits are very difficult to get rid of. Your a/v may treat the infection, but not the rootkit, and your infection will return, over and over. Worldstart has the "iolo System Shield 3 Internet Security" for $9.97 right now, with a/v, firewall, and anti spyware, but I don't know anything about it personally. PC Mag gave it a very weak rating.
Poor advice given here. Obviously you should catch up on some AV program testimonials , especially if you're going to advise folks with bad info. Avast & Avira are both very popular & excellent programs, & are about the best free ones available. Personally I believe folks should ignore your advice.
Reply With Quote
  #40  
Old 09-08-2009, 10:10 AM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,737
Quote:
Originally Posted by billtjr50 View Post
I have used AVG and I have used Avira and they are both weak. They are better than nothing, but that is all. Spend some money and get good protection. If you have a trojan problem, make sure you do not have a rootkit. They are popular company for trojans, and rootkits are very difficult to get rid of. Your a/v may treat the infection, but not the rootkit, and your infection will return, over and over. Worldstart has the "iolo System Shield 3 Internet Security" for $9.97 right now, with a/v, firewall, and anti spyware, but I don't know anything about it personally. PC Mag gave it a very weak rating.
Why in the world recommend a program which you state yourself that PC Mag gave a very weak rating?
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.53.0 ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up

Last edited by jholland1964; 09-08-2009 at 11:02 AM. Reason: Dumb mistake discovered TOO late!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 09:36 PM.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright 2000-2011 WorldStart, Inc