New Here - Computer Idiot - Have Trojan - Cant get rid of - HELP, pleeze

Hi KathyL,

If they are quarantined, then that is as good as deleting them. So don't worry about them. Here is a link that instructs you how to take an image:

https://www.wilderssecurity.com/showthread.php?t=63957

It could be that Housecall has just detected the files that KAV has quarantined. I'm not sure yet, until you post the screen shots which inidicate the files in question and the directories in which they are stored.

Cya,
Rich

 

i use windows XP... if that makes a difference

 

Kathy,

You'll need a program to do it - an easy free one is MWSnap.

Download the executable file (.exe) at that link and install the program. Once installed, launch it. You should get a screen like the one below. Hit the tab labeled Snap if it didn't come up in that view already, and select Window/Menu as the kind of object you'll be snapping.

When you're ready to go, select "Snap window/menu", on a slow system there's a bit of a lag, but you'll see object become "highlighted" in a dashed box. Move the point around until it's over the object you want to snap and the dashed box confirms that, and then it's just a click of the mouse.

Once you do that, a snapshot should appear in the Picture region of the application. From here, save it in png or jpg format (png is generally smaller).

At that point, you're ready to post it here. For that, when you are composing a message, select the manage attachments button, and browse your system to locate the desired file, select it, and then press the upload button to transfer the file to here. Note, you won't see it on a preview of the message.

Blue

 

ok - i've got the program downloaded and i got the window you showed.

i'm confused at the 'point' - do you mean my cursor arrow?

so i've clicked 'snap window/menu', then i make sure the window i want to capture/snap is on top? do i need to be able to see the MWSnap window, too?

thanks so much, everyone, for your patience and working me thru this!!

 

uh oh - maybe i figured it out! trying...ok - i've put on the attachment, but i dont know how to see it, so just testing.....

 

weeeeell, ok! i did it! not how do i make it so you can see what you need to see

 

OK, when youclick on the "Snap Window/Menu" button (3rd arrow), the main MWSnap window minimizes and you are left with the full screen view minus MWSnap. You may have one or more windows open on it. Whenever you move the mouse cursor over any portion of a window, MWSnap gets prepped to take a snapshot of it. It attempts to indicate precisely what will be captured by placing a "highlighting" border around the region that will be captured. As soon as you click the mouse, the snapshot is taken, MWSnap maximizes and presents you with the snapshot in the "picture region". You'll need to save it as a file to use it elsewhere. This operation is the same as any other Windows program.

I found it best to play around with it briefly. You can't do any untoward things to you system taking snapshots.

One point - make sure that the window you wish to capture is one top of everything except MWSnap since when you go into active mode, you only have a single mouse click to spend.

If you need more detail or clarification, just follow-up.

Blue

 

ok, but see the slidey thingies in that window? not all the info is viewable... and i wasnt able to make those slidey thingies move while taking the snap-shot and i cant make that window any larger... do i have to take multiple snaps?

 

OK making progress. What we need to see is the listing of files that Kaspersky is indicating as infected. If the screen shot showing is that, one of the first things to do is flush the Temporary Internet Files folders (Tools>Internet Options, Delete Files, check box next to Delete all offline content, OK)

Blue

 

If that's what it takes, I guess so.

Blue

 

thanks, blue. i thought i'd cleaned those out fairly recently, but i guess not!

anyway, now i cant get snap to work! blah!

ok, i have snap on top. in the 'snap' window box, it still shows the last thing i snapped. i've reclicked the 'snap window' and then gone to the Kasper window, but i'm not getting the dashed line... what am i doing wrong?

ug! this is taking so long!!

thanks for being patient!!!

 

MWSnap can be a tad slow responding, take it slow. It depends on the complexity of the screen also. Heavy graphics = slower.

Blue

 

oh, for heaven's sake - i figured it out! i have to click 'snap window'!! when i said i clicked that, i actually meant that i'd clicked that i was choosing windows to snap... what a dope! ok, here it is... (but again, only as much window as i can see w/o moving those slidey things!)

 

That picture is fine.

How is the system behaving now? Is the KAV realtime monitor active at this point? If so, did it flag any infected processes?

Blue

 

well, i uninstalled AVG. THAT pgm was the one that kept popping up telling me i a virus had been detected, etc... since i've uninstalled it, i'm not getting that anymore...

when i go to a new webpage, i can see the little 'k' at the bottom doing something, so that's nice...

i've not seen any new flags come up...

so at this point, my question is this: HouseCall has found 9 infected files and is just in a holding situation. its asking me do i want to clean them or delete them? this is AFTER running KAV... i'll just snap a pic of the housecall page, since i'm so smart now and know how to do it, lol!!

(oh, rats... it took me 4 pgs to copy the whole HC window and i can only attach one page at a time, so get ready for 3 more posts...)

 

here is shot #2

 

snap #3

 

snap #4

 

Delete them. They're not cleanable since there's nothing to clean if you will, they are pure infection.

You should also follow the recommended action indicated by Kaspersky on the files it identified. It will typically be a simple delete. Remember, the objective here is to get the malware out.

The flashing little K is Kaspersky monitor webpages as you surf - that's where this stuff came from.

Blue

 

delete all those in KAV?

and yes, now i just have to find out who went where friday night.....

 

From what I see in the screen shot, yes.

As for seeing where they came from, that's a hard one. These can be driveby installs that happen while googling away.

The key is to implement a security system that blocks/deletes these things.

Blue

 

Hi KathyL Welcome !!!
These guys will definitly help you. I came here with similar problems, and they have brought me a long way !!!! I now know TONS of things I didn't have a clue about before ! Good Luck !

 

ok on the deleting. deleting now.

sooo, how do i set up this security system?

thanks soo much, BTW, to everyone! maybe i'm out of the woods here??

 

Let's not assume things are completely clean yet.

Redo a complete system scan with Kaspersky. If that comes up clean, you're probably alright.

You may have some registry entries that will need to be taken care of, they'll show up as programn can't be found (or a similar message) on boot up.

They're lots of discussions on what to do scattered around the forum, here is a recent one.

It's getting close to sign off for me tonight. If you run into problems, post to this thread. There are folks in all different time zones around the world who will pop up to answer questions.

Blue

 

thanks, blue. i've got to get to bed, too. 5 AM comes early, even on the west coast!

and, yes, when i was jumping back and forth between safe mode and standard, i did get that window saying it couldnt find something upon boot-up.

so i'll need to replace those? is the best thing for me to do is write that down (or now that i know how, 'snap' them)?

and i'm signing off. nite all and thanks again so much. i'll run the scan now.