Infected by trojans

TigerUK · 28 May 2009 at 16:14

My desktop was recently attacked by trojans, which took my ftp settings for my websites and modified every index.php file on my webservers (I initially caught the virus from visiting a rogue website). It attempted to do the same to mhy websites and keep spreading I guess.

Fortunately the virus code didnt work properly and just shut the pages down with php errors, so I was able to notice it.

Turns out the virus disabled my avast antivirus software and disabled autoscan permanently. And is evading full system scan even at bootup.

Furthermore I can't install other antivirus software on it.

I guess I need a bootdisc solution which will load up it's own OS and perform a virusscan and delete the culprit.

I had a look at the url
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Tried a few of them
kaspersky stops on bootup when seeking for the kaspersky folder (I guess it needs to have the full installation in the hard drive already)

Trinity & Bitdefender search and find viruses but they don't delete them, simply crate a list of them, so that I can delete the viruses manually, but the list is nowhere to be found when I boot up..

A bit frustration, I'm tempted to do a wipe and reinstall on a blank hard drive. But I know on the other hand I'll have to spend 3 full days installing all my software back into it again.. Which I'll regret.

Anyone have an alternate solution??

Cyclone · 28 May 2009 at 16:23

Have a look at MalwareBytes Anti-Malware. It works quite well at removing trojans/spyware etc.

wombraider · 28 May 2009 at 16:24

Could you remove the infected drive , place it in an external caddy , plug it into another PC
and use the other PC with AV on it to get rid of it ?

TigerUK · 28 May 2009 at 16:33

wombraider said:
Could you remove the infected drive , place it in an external caddy , plug it into another PC
and use the other PC with AV on it to get rid of it ?

That's a pretty good idea. I have a sata usb hard drive enclosure and a working laptop (to scared to use the net on the desktop to unplugged the ethernet). I suppose I can rig these up and run avast from the latop..

miniyazz · 28 May 2009 at 17:01

Format and reinstall. Only way you can trust the system again.

TigerUK · 28 May 2009 at 17:22

miniyazz said:
Format and reinstall. Only way you can trust the system again.

I'm doing the virus scan now via the external caddy method.

Why do you say format and reinstall over repairing the system??

tonyf1971 · 28 May 2009 at 17:29

TigerUK said:
My desktop was recently attacked by trojans, which took my ftp settings for my websites and modified every index.php file on my webservers (I initially caught the virus from visiting a rogue website). It attempted to do the same to mhy websites and keep spreading I guess.

Fortunately the virus code didnt work properly and just shut the pages down with php errors, so I was able to notice it.

Turns out the virus disabled my avast antivirus software and disabled autoscan permanently. And is evading full system scan even at bootup.

Furthermore I can't install other antivirus software on it.

I guess I need a bootdisc solution which will load up it's own OS and perform a virusscan and delete the culprit.

I had a look at the url
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Tried a few of them
kaspersky stops on bootup when seeking for the kaspersky folder (I guess it needs to have the full installation in the hard drive already)

Trinity & Bitdefender search and find viruses but they don't delete them, simply crate a list of them, so that I can delete the viruses manually, but the list is nowhere to be found when I boot up..

A bit frustration, I'm tempted to do a wipe and reinstall on a blank hard drive. But I know on the other hand I'll have to spend 3 full days installing all my software back into it again.. Which I'll regret.

Anyone have an alternate solution??

UBCD for win with Avira antivir and Super Antispyware installed and updated is probably the best boot cd for removing any malware.

http://ubcd4win.com/

Dr Web Live CD easier than a UBCD and another effective way to remove malware

http://www.freedrweb.com/livecd/

Dewotter · 28 May 2009 at 17:37

TigerUK said:
I'm doing the virus scan now via the external caddy method.

Why do you say format and reinstall over repairing the system??

It's the only way you can be sure it's gone.

Mattus · 28 May 2009 at 17:50

miniyazz said:
Format and reinstall. Only way you can trust the system again.

This. Even if you do manage to get the system running normally again, you'll never be sure that the virus isn't lurking somewhere, sending your passwords back home. Besides, it sounds like you have a serious infection, so a reformat would probably be quicker than fighting the virus.

miniyazz · 28 May 2009 at 18:19

^^ what they said

Deleted member 77746 · 28 May 2009 at 18:25

miniyazz said:
Format and reinstall. Only way you can trust the system again.

eXor · 28 May 2009 at 18:30

1. Nuke the disk.

2. Download firewall and antivirus onto clean, removable media. From a trusted install.

3. Install with ethernet unplugged, at least until you have firewall and antivirus configured.

4. Take steps to decrease the likelhood of such a nasty infection ever happening again.

theheyes · 28 May 2009 at 18:40

Yeah, nuke and reinstall and don't browse the web as administrator in future.

TigerUK · 28 May 2009 at 21:20

Looks like this virus is pretty evasive, I think I had a close call as my websites were only down for about 6 hours and didn't lose any google rankings. Did lose out on a bit of revenue. But that's OK I can live with that.

It looks like the antivirus before booting into windows hasn't yield any luck yet. No detections at all. :O

I will have to reformat and reinstall. Luckily I have duplicate my documents area on my laptop.

May have to consider switching to vista as I think XP was easier to get into.