Now my pc has gotten infected by Trojan-PSW.Win32.LdPinch.axb via Firefox,and the antivirus F-Secure can't get rid of it. I use Firefox because I thought that it would be safer than Explorer, but that's seemingly not always the case.
Any advices on how to get rid of this virus? It's in C:\SYSTEM VOLUME INFORMATION\_RESTORE{619781AC-CF96-4B2F-8E58-2353903809FC}\RP283\A0083442.EXE.
Virus: Trojan-PSW.Win32.LdPinch.axb
I can't even open SYSTEM VOLUME INFORMATION to try to delete this by hand.
Anders
Firefox paw bite by trojan
Moderator: Wiz Feinberg
-
Anders Brundell
- Posts: 636
- Joined: 2 Nov 1999 1:01 am
- Location: Falun, Sweden
-
Joseph Barcus
- Posts: 2372
- Joined: 4 Aug 1998 11:00 pm
- Location: Volga West Virginia
-
Bob Lawrence
- Posts: 1094
- Joined: 6 Oct 2001 12:01 am
- Location: Beaver Bank, Nova Scotia, Canada
If you go to the Computer Help section of my website there may be software that can help you. The Microsoft Antispyware is real good.
http://steelguitartech.ca/
http://steelguitartech.ca/
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
You have to turn off System Restore to get rid of the infected file in the hidden - system folder. No virus scanner can gain access to it.<SMALL>I can't even open SYSTEM VOLUME INFORMATION to try to delete this by hand</SMALL>
Right click on My Computer and choose Properties, then click on the System Restore tab and check the box to disable System Restore, click Apply and OK. Disinfect your computer thoroughly, reboot, scan again, then turn System Restore on again.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
<font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 13 September 2006 at 03:30 PM.]</p></FONT>
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
Bob recommended "The Microsoft Antispyware is real good"
Microsoft AntiSpyware is no more. If you have it on your computer you may as well uninstall it now (via Control Panel > Add/Remove Programs), because it is no longer actively protecting your computer. It has not been updated since July, 2006. It expired on July 31, 2006, and was officially withdrawn from the Microsoft Downloads site and replaced by Windows Defender on August 1, 2006. You must have a valid license for Windows XP to download and install this tool. It needs to be updated before scanning and it checks for updates every night.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
Microsoft AntiSpyware is no more. If you have it on your computer you may as well uninstall it now (via Control Panel > Add/Remove Programs), because it is no longer actively protecting your computer. It has not been updated since July, 2006. It expired on July 31, 2006, and was officially withdrawn from the Microsoft Downloads site and replaced by Windows Defender on August 1, 2006. You must have a valid license for Windows XP to download and install this tool. It needs to be updated before scanning and it checks for updates every night.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
-
Anders Brundell
- Posts: 636
- Joined: 2 Nov 1999 1:01 am
- Location: Falun, Sweden
Thanks everybody for all advices!
I tried Wiz' method of turning off the system restore and running the clean up programs twice with a reboot in between, and that seemes to have helped.
Windows defender didn't find this trojan, but F-Secure did but couldn't remove it. For a while I could display the System volume information map (that was nearly empty), but now access is denied again, and I don't understand why.
Anyhow; the pc is clean again and I'm gonna use Explorer and not Firefox. Firefox seemes to be more vulnerable - or is it?
Anders
I tried Wiz' method of turning off the system restore and running the clean up programs twice with a reboot in between, and that seemes to have helped.
Windows defender didn't find this trojan, but F-Secure did but couldn't remove it. For a while I could display the System volume information map (that was nearly empty), but now access is denied again, and I don't understand why.
Anyhow; the pc is clean again and I'm gonna use Explorer and not Firefox. Firefox seemes to be more vulnerable - or is it?
Anders
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
Anders;
Why do you think your virus came in through Firefox??? Internet Explorer is much less secure than Firefox. Is it possible that you have not installed all available critical Windows patches and updates that have been released this summer? Is it possible you have not updated Flash Player to the new version? There is a critical vulnerability in all versions of Flash Player prior to v 9.0.16.0. See this post for more information.
Another question is "are you using a firewall on that computer?"
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
Why do you think your virus came in through Firefox??? Internet Explorer is much less secure than Firefox. Is it possible that you have not installed all available critical Windows patches and updates that have been released this summer? Is it possible you have not updated Flash Player to the new version? There is a critical vulnerability in all versions of Flash Player prior to v 9.0.16.0. See this post for more information.
Another question is "are you using a firewall on that computer?"
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
-
Anders Brundell
- Posts: 636
- Joined: 2 Nov 1999 1:01 am
- Location: Falun, Sweden
Wiz;
I suspected Firefox 'cause that's the program I've surfed the web with for a long time now. I have a whole battery of defense programs on this pc - telia's Secure Surf package (updates itself automatically; uses F-Secure antivirus and several other protectives and is operator compulsory; every telia customer must have it) firewall (WLinks MB 400 S), Windows defender, Ad-Aware SE Plus, Ad-Watch SE Plus and SpyWare Blaster, and I'm a rabid up-dater!
I've now tried to install the latest Flash Player but the installation seemes to stop after a brief initial activity. Flash is listed amongst installed programs but lacks data on size and date of installation, and I guess that that means that it's not installed properly. I've tried several times and can't understand why the installation fails. The file install_flash_player.exe is downloaded (version9.0.16.0).
An old Flash Player might very well be the explanation of the virus attack - I haven't been aware of the necessity to update it and don't even know where to look for updates. I thought all my defense programs made it safe to surf. Maybe I need to be paranoid from now on and not just suspicious.
I check for Windows updates everytime I start the pc so I really am serious with all security matters that I know of.
Anders<font size="1" color="#8e236b"><p align="center">[This message was edited by Anders Brundell on 14 September 2006 at 03:23 AM.]</p></FONT><font size="1" color="#8e236b"><p align="center">[This message was edited by Anders Brundell on 14 September 2006 at 03:38 AM.]</p></FONT>
I suspected Firefox 'cause that's the program I've surfed the web with for a long time now. I have a whole battery of defense programs on this pc - telia's Secure Surf package (updates itself automatically; uses F-Secure antivirus and several other protectives and is operator compulsory; every telia customer must have it) firewall (WLinks MB 400 S), Windows defender, Ad-Aware SE Plus, Ad-Watch SE Plus and SpyWare Blaster, and I'm a rabid up-dater!
I've now tried to install the latest Flash Player but the installation seemes to stop after a brief initial activity. Flash is listed amongst installed programs but lacks data on size and date of installation, and I guess that that means that it's not installed properly. I've tried several times and can't understand why the installation fails. The file install_flash_player.exe is downloaded (version9.0.16.0).
An old Flash Player might very well be the explanation of the virus attack - I haven't been aware of the necessity to update it and don't even know where to look for updates. I thought all my defense programs made it safe to surf. Maybe I need to be paranoid from now on and not just suspicious.
I check for Windows updates everytime I start the pc so I really am serious with all security matters that I know of.
Anders<font size="1" color="#8e236b"><p align="center">[This message was edited by Anders Brundell on 14 September 2006 at 03:23 AM.]</p></FONT><font size="1" color="#8e236b"><p align="center">[This message was edited by Anders Brundell on 14 September 2006 at 03:38 AM.]</p></FONT>
-
Dave Potter
- Posts: 1565
- Joined: 15 Apr 2003 12:01 am
- Location: Texas
I had Flash8 something or other installed, and managed to get it uninstalled using the Windows Add/Remove Programs utility. I managed to get Flash9, the new version, installed and working, and I now note that it's not even listed in the Add/Remove Programs list. So, that's a significant change, IMO. Uninstalling it, if I wanted to, wouldn't be nearly as simple.
In the upgrade process, I ran across this page which may help with the issues you might be having. It refers to both a manual registry change and a Flash uninstaller application to help get rid of older Flash components, and maybe even damaged new components.
I wish Adobe would stick to Photoshop; they seem to have problems sometimes when they try to do other things.<font size="1" color="#8e236b"><p align="center">[This message was edited by Dave Potter on 14 September 2006 at 06:42 AM.]</p></FONT>
In the upgrade process, I ran across this page which may help with the issues you might be having. It refers to both a manual registry change and a Flash uninstaller application to help get rid of older Flash components, and maybe even damaged new components.
I wish Adobe would stick to Photoshop; they seem to have problems sometimes when they try to do other things.<font size="1" color="#8e236b"><p align="center">[This message was edited by Dave Potter on 14 September 2006 at 06:42 AM.]</p></FONT>
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
Anders;
You have done much to protect your computer from external threats, but there is one more step you need to take, to become fully protected against threats that exploit your applications (e.g. Flash, Quicktime, FF, Word, Publisher, etc). This is possibly the biggest baby step you will take, but believe me when I tell you that this is for your own good and is workable.
<strong>Stop operating as an Administrator!</strong>
To learn about how operating with reduced user privileges protects you from virtually all malware threats, and how to deal with the hassles involved with not being an Administrator, read my articles on using limited user privileges, here and here.
I operate in Power User mode, under Windows XP Professional, but have also successfully operated as a Limited User, which is the best option available to XP Home Edition users.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
<font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 14 September 2006 at 08:48 AM.]</p></FONT>
You have done much to protect your computer from external threats, but there is one more step you need to take, to become fully protected against threats that exploit your applications (e.g. Flash, Quicktime, FF, Word, Publisher, etc). This is possibly the biggest baby step you will take, but believe me when I tell you that this is for your own good and is workable.
<strong>Stop operating as an Administrator!</strong>
To learn about how operating with reduced user privileges protects you from virtually all malware threats, and how to deal with the hassles involved with not being an Administrator, read my articles on using limited user privileges, here and here.
I operate in Power User mode, under Windows XP Professional, but have also successfully operated as a Limited User, which is the best option available to XP Home Edition users.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
<font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 14 September 2006 at 08:48 AM.]</p></FONT>
-
Anders Brundell
- Posts: 636
- Joined: 2 Nov 1999 1:01 am
- Location: Falun, Sweden