Need help after removing Trojans

[verbal]

My brothers laptop got infected and I managed to clean off the two trojans found with Microsoft Security Essentials.*

Unfortunately. I'm left with the laptop not being able to download automatic updates (the yellow shield icon just stays at 0%) and I can't use the windows update webpage as it always fails. In addition I'm still getting occasional random tabs opening in firefox and chrome won't work at all. I also get a window called "Just-in-time Script Debugging" popping up which I take as further evidence that damage has been done.

I have scanned the laptop again with MS Malicious software removal tool, Security Essentials, AVG and MalwareBytes and I can't find any infections. Is it possible that the viruses are gone but what ever changes they made to the laptop are causing my problems?

Any advice on how to get the laptop back to normal would be greatly appreciated. Thanks



*AVG and MalwareBytes didn't find anything which is why I downloaded Security Essentials.

 

[Craig321]

To sort the Windows Updates problem check that the hosts file isn't full of crap.

Open the following in notepad: C:\Windows\system32\Drivers\etc\hosts

Make sure the only entry in there is some comments (starting with #) and "127.0.0.1 localhost"

 

[verbal]

Thanks for the advice. The hostfile is ok. The only non-commented line is:

127.0.0.1 localhost

I can get to the windows update page but the process fails.

"The website has encountered a problem and cannot display the page you are trying to view."

 

[theheyes]

I'll get the format and restore suggestion out of the way. It's the best way to get rid of malware.

Moving on, it may well be some modifications left behind that are causing the problems but it also might be a rootkit of some sort. Have you tried any offline scanning? Live CDs etc?

 

[verbal]

I'm trying to avoid a full re-install if I can but I know it might come to that.

Can you recommend a Live CD that might help?

 

[verbal]

FIXED: there was a rootkit. Removed by "Combofix". Hadn't heard of Combofix before today.

 

[Destination]

malwarebytes completely missed the rootkit?

 

[theheyes]

It depends how good the rootkit is, and this is a good example of how things can get missed.

What rootkit did combofix identify it as?

 

[Fire Wizard]

malwarebytes completely missed the rootkit?

Anti-malware software isn't a full proof solution, it never has been and I'll expect it never will be, certainly not in it's current form anyway. Anti-malware software is largely only useful for finding known threats. Whilst they may incorporate heuristic / behavioural based techniques on top of the standard signature based detection which may help a little bit, it doesn't really increase the value of anti-malware software much from my perspective. Malware has dwarfed the anti-malware industry and it simply can't keep up.

I certainly don't value "security" software as a whole and there are far better ways off keeping your system secure above scanning every single object on your system. One method is to take a whitelisting approach via Software Restriction Polices or AppLocker (a more advanced version of Software Restriction Policy). The downside about it is it's not accessible to all versions of Windows. Software Restriction Policy can only be found in the Professional versions of Windows and AppLocker requires the Ultimate or Enterprise versions of Windows 7.

I personally haven't got a single piece of security software installed on my system. Instead, I use the capabilities available within Windows already. The advantage of this is it doesn't impact the performance of my system in any way, it doesn't require software updates nor does it introduce any new vulnerabilities to my system.

• Standard User

• AppLocker

• Web browser runs as a low integrity process / executing as a different user

The above used in conjunction with:

• Windows Firewall

• Keep Windows and any other software which is installed up to date

• Use trusted software

• Education

Along with other security related features / improvements in Windows Vista / Windows 7:

• Windows Vista / Windows 7 went through the Security Development Lifecycle (Secure by design)

• Address Space Layout Randomization

• Data Execution Prevention

• Service Hardening

Oh, and of course:

• Not installing Adobe Flash Player

The above leaves my system in a pretty secure state. If I do come across any serious malware related problems, it's either because I have done something completely idiotic, I have generally been very unlucky or I have done something to someone in a past life and they now want revenge.

 

[AMG]

it depends how good the root kit was, best way to combat rootkits is via rootkit which I know is in a few security software. I believe Kis is one